Running into an issue where it seems like my configuration is not being pushed from OpenID Connect to Jumbojett\OpenIDConnectClient->authenticate()
This causes it never to try to redirect over to my IdP.
Debug:
- HTTP HEADERS: UPGRADE-INSECURE-REQUESTS: 1 CONNECTION: keep-alive DNT: 1 COOKIE: _ga=GA1.2.214285112.1516134706; mediawiki_mw_UserName=Admin; VEE=visualeditor; mediawiki_mw__session=k21i5dcg2m9nilgc01c1jc1rarhs3nog; cpPosTime=1522098488.3307 REFERER: http://{redacted}/wiki/Special:PluggableAuthLogin ACCEPT-ENCODING: gzip, deflate ACCEPT-LANGUAGE: en-US,en;q=0.5 ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 HOST: {redacted} CONTENT-LENGTH:
- [caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, session: SqlBagOStuff
- [caches] LocalisationCache: using store LCStoreDB
- [session] Session "k21i5dcg2m9nilgc01c1jc1rarhs3nog" requested without UserID cookie
- [DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info { "IPAddress": "{redacted}", "UserAgent": "Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko\/20100101 Firefox\/52.0", "ChronologyProtection": false }
- [DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
- [DBConnection] Connected to database 0 at '172.17.0.2'.
- [DBQuery] mediawiki SHOW /* Wikimedia\Rdbms\DatabaseMysqlBase::serverIsReadOnly */ GLOBAL VARIABLES LIKE 'read_only'
- [SQLBagOStuff] Connection 1297 will be used for SqlBagOStuff
- [DBQuery] mediawiki SELECT /* SqlBagOStuff::getMulti */ keyname,value,exptime FROM `mw_objectcache` WHERE keyname = 'mediawiki-mw_:MWSession:k21i5dcg2m9nilgc01c1jc1rarhs3nog'
- [smw] [mw.db] connection provider with {"read":-1,"write":-2}
- [DBConnection] Connected to database 0 at '172.17.0.2'.
- [DBQuery] mediawiki BEGIN /* Wikimedia\Rdbms\Database::query (LCStoreDB::get) */
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'deps' LIMIT 1
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'list' LIMIT 1
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'preload' LIMIT 1
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'preload' LIMIT 1
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'specialPageAliases' LIMIT 1
- [DBQuery] mediawiki SELECT /* LCStoreDB::get */ lc_value FROM `mw_l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'namespaceGenderAliases' LIMIT 1
- 0.1010 2.0M Jumbojett\OpenIDConnectClientException: The provider authorization_endpoint has not been set. Make sure your provider has a well known configuration available. in /var/www/w/extensions/OpenIDConnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php:376 Stack trace: #0 /var/www/w/extensions/OpenIDConnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(455): Jumbojett\OpenIDConnectClient->getProviderConfigValue('authorization_e...') #1 /var/www/w/extensions/OpenIDConnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(298): Jumbojett\OpenIDConnectClient->requestAuthorization() #2 /var/www/w/extensions/OpenIDConnect/OpenIDConnect.class.php(152): Jumbojett\OpenIDConnectClient->authenticate() #3 /var/www/w/extensions/PluggableAuth/PluggableAuthLogin.php(48): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL) #4 /var/www/w/includes/specialpage/SpecialPage.php(522): PluggableAuthLogin->execute(NULL) #5 /var/www/w/includes/specialpage/SpecialPageFactory.php(578): SpecialPage->run(NULL) #6 /var/www/w/includes/MediaWiki.php(287): SpecialPageFactory::executePath(Object(Title), Object(RequestContext)) #7 /var/www/w/includes/MediaWiki.php(851): MediaWiki->performRequest() #8 /var/www/w/includes/MediaWiki.php(523): MediaWiki->main() #9 /var/www/w/index.php(43): MediaWiki->run() #10 {main}
My config in LocalSettings.php looks like this:
#PluggableAuth
wfLoadExtension( 'PluggableAuth' );
#OpenID Connect
wfLoadExtension( 'OpenIDConnect' );
$wgOpenIDConnect_Config['http://{redacted}/auth/realms/fst/protocol/openid-connect/auth'] = [
'clientID' => 'aware',
'clientsecret' => '{redacted}'
];
########################
#
# DEBUG
#
########################
error_reporting(E_ALL | E_STRICT);
ini_set("display_errors", 1);
$wgDebugLogFile = "/tmp/wiki.log";
$wgShowExceptionDetails = true;
$wgShowSQLErrors = true;
$wgDebugComments = true;
$wgLogQueries = true;
$wgDebugDumpSql = true;
$wgDevelopmentWarnings = true;
$wgDebugProfiling = true;
$wgDebugTimestamps = true;
$wgResourceLoaderDebug = true;
$wgDebugToolbar = true;
Version Info:
MediaWiki 1.30.0
OpenID Connect 4.1 (c8e4d19) 23:41, 9 March 2018
PluggableAuth 5.2 (2528a75) 11:31, 20 August 2017
@Cindy.cicalese - Any thoughts would be greatly appreciated.