Topic on Project:Support desk

Unknown error - trying SSO login with Azure AD using Mediawiki and SimpleSAMLphp module.

5
KeyBoardMonkey221 (talkcontribs)

So I'm trying to set up SSO login using Azure's Active Directory as an IdP and using the simpleSAMLphp module for Mediawiki to implement it, but I run into a error I have absolutely no idea how to solve.

Context:

I've followed these instructions: https://medium.com/vivritiengineering/mediawiki-and-azure-single-sign-on-e3fbc13d1f46

But instead of a server hosted on AWS servers, I have a virtual machine running on Azure.

I'm using this image for my VM: https://bitnami.com/stack/mediawiki/cloud

Actions that lead to problem:

I sign onto the mediawiki server, attempt to login, get send to a login.microsoftonline.com page. I try and login, and then get sent back to a mediawiki /Special:UserLogin page will an error message of "User cannot be authenticated".

Logs:

Found within '/opt/bitnami/apache2/logs/error_log':

[Tue Jan 29 04:07:04.007768 2019] [proxy_fcgi:error] [pid 32390:tid 139796580050688] [client my.ip.addr.45:63407] AH01071: Got error 'PHP message: PHP Notice:  Undefined variable: attributes in /opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php on line 47\nPHP message: PHP Warning:  array_key_exists() expects parameter 2 to be array, null given in /opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php on line 47\n', referer: https://login.microsoftonline.com/kmsi

Found within '/opt/bitnami/apache2/logs/access_log':

my.ip.addr.45 - - [29/Jan/2019:04:07:03 +0000] "POST /simplesaml/module.php/saml/sp/saml2-acs.php/default-sp HTTP/1.1" 303 850
my.ip.addr.45 - - [29/Jan/2019:04:07:03 +0000] "GET /Special:PluggableAuthLogin HTTP/1.1" 302 -
my.ip.addr.45 - - [29/Jan/2019:04:07:04 +0000] "GET /index.php?title=Special:UserLogin/return&wpLoginToken=87d0ee94955902b61de847138e89d4ff5c4fd146%2B%5C HTTP/1.1" 302 -
my.ip.addr.45 - - [29/Jan/2019:04:07:04 +0000] "GET /Special:UserLogin HTTP/1.1" 200 5472
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /resources/assets/poweredby_mediawiki_88x31.png HTTP/1.1" 304 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=mediawiki.htmlform.styles%7Cmediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cmediawiki.special.userlogin.common.styles%7Cmediawiki.special.userlogin.login.styles%7Cmediawiki.ui%7Cmediawiki.ui.button%2Ccheckbox%2Cinput%2Cradio%7Cskins.vector.styles&only=styles&skin=vector HTTP/1.1" 200 13492
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /resources/assets/wiki.png?de8c8 HTTP/1.1" 304 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=startup&only=scripts&safemode=1&skin=vector HTTP/1.1" 200 38569
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=jquery%7Cjquery.lengthLimit%7Cmediawiki.htmlform&skin=vector&version=0g0bm48 HTTP/1.1" 200 163379
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "POST /mod_pagespeed_beacon?url=https%3A%2F%2Fmycompany-wiki.myregion.cloudapp.azure.com%2FSpecial%3AUserLogin HTTP/1.1" 204 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /favicon.ico HTTP/1.1" 200 3076

Comments:

Some of what I think the relevant component of '/opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php' is found below:

class SimpleSAMLphp extends PluggableAuth {

        protected $attributes;

        /**
         * Get the user's username.  Override this if you need to change
         * the appearance from what SAML gives.
         *
         * @param string &$username going into this
         * @param int &$userId the user's id
         * @param string|null &$errorMessage if you want to return an error message.
         * @return bool|string false if there was a problem getting the username.
         *
         * @SuppressWarnings(PHPMD.Superglobals)
         */
        protected function getUsername( &$username = '', &$userId = 0, &$errorMessage = null ) {''
                if ( isset( $GLOBALS['wgSimpleSAMLphp_UsernameAttribute'] ) ) {
                        $userNameAttribute = $GLOBALS['wgSimpleSAMLphp_UsernameAttribute'];
                        if ( is_array( $userNameAttribute ) ) {
                                $username = "";
                                foreach ( $userNameAttribute as $attribute ) {
              Line 47 -------->        if ( array_key_exists( $attribute, $attributes ) ) {
                                                if ( $username != "" ) {
                                                        $username .= " ";
                                                }
                                                $username .= $attributes[$attribute][0];
                                        } else {
                                                wfDebug( 'SimpleSAMLphp: Could not find user name attribute ' .
                                                        $attribute );
                                                return false;
                                        }
                                }
                        } else {
                                if ( array_key_exists( $userNameAttribute, $attributes ) ) {
                                        $realname = $attributes[$userNameAttribute][0];
                                } else {
                                        wfDebug( 'SimpleSAMLphp: Could not find user name attribute ' .
                                                $attributes );
                                        return false;
                                }
                        }
                } else {
                        wfDebug( 'SimpleSAMLphp: $wgSimpleSAMLphp_UsernameAttribute is not set' );
                        return false;
                }
               return $username;
        }

Basically, $attributes is not being filled and I have no idea how to fix this.

Any sort of guidance or direction will be most appreciated.

This post was hidden by AhmadF.Cheema (history)
MarkAHershberger (talkcontribs)

The line you highlight is strange. Have you modified it? It should probably read

       if ( array_key_exists( $attribute, $this->attributes ) ) {
MarkAHershberger (talkcontribs)

Also, since it looks like you're using 1.32 of MW, you should download the SimpleSAMLphp extension from here to replace whatever bitnami has packaged.

Sergiorjuela940226 (talkcontribs)

Hi MarkAHershberger,


I hope you are well, I would like to know if you were able to solve this problem curiously it is happening to me.

Reply to "Unknown error - trying SSO login with Azure AD using Mediawiki and SimpleSAMLphp module."