Topic on Project:Support desk

There seems to be a problem with your login session; This action has been canceled as a precaution against session hijacking. Please resubmit the form.

17 comments • 15:04, 7 January 2020 4 years ago
17
Guilherme bangemann (talkcontribs)

I'm getting this error when I try to Login in my account on my Wiki.

On my LocalSettings.php :

$wgMainCacheType = CACHE_ACCEL;

$wgMemCachedServers = [];

$wgSessionCacheType = CACHE_DB;


I want to bind with my LDAP. LDAP is set correclty. Works on anothers sites on my server.

I just need to use the Extension LDAP, and it doesn't works!


LocalSettings.php:

wfLoadExtensions( [
        'PluggableAuth',
        'Auth_remoteuser',
        'LDAPProvider',
        'LDAPAuthentication2',
        'LDAPAuthorization',
        'LDAPUserInfo'
] );

$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'solis';
$LDAPAuthentication2UsernameNormalizer = 'solis';
$LDAPAuthentication2AllowLocalLogin = true;
$wgAuthRemoteuserAllowUserSwitch = true;
$wgPluggableAuth_EnableLocalLogin = true;

 

$wgCookieSecure = false;

$wgShowExceptionDetails = true;



/var/www/wiki/extensions/LDAPProvider/docs/ldapprovider.json

{

        "solis": {

                "connection": {

                        "server": "ldapslave.solis.com.br",

                        "user": "cn=read-only-admin,dc=solis,dc=coop,dc=br",

                        "pass": "password",

                        "options": {

                                "LDAP_OPT_DEREF": 1

                        },

                        "basedn": "dc=solis,dc=coop,dc=br",

                        "groupbasedn": "dc=solis,dc=coop,dc=br",

                        "userbasedn": "dc=solis,dc=coop,dc=br",

                        "searchattribute": "uid",

                        "searchstring": "uid=guilherme_bangemann,dc=solis,dc=coop,dc=br",

                        "usernameattribute": "uid",

                        "realnameattribute": "cn",

                        "emailattribute": "mail"

                },

                "userinfo": {

                        "attributes-map": {

                                "email": "mail",

                                "realname": "cn",

"nickname": "uid",

                                "language": "preferredlanguage"

                        }

                },

                "groupsync": {

                        "mapping": {

                                "mathematicians": "ou=mathematicians,dc=solis,dc=coop,dc=br",

                                "scientists": "ou=scientists,dc=solis,dc=coop,dc=br"

                        }

                }

        }

}

Reply 18:22, 12 September 2019 4 years ago
MarkAHershberger (talkcontribs)
Reply 21:53, 12 September 2019 4 years ago
Osnard (talkcontribs)

What is 'solis'? This does not look like a valid value for $LDAPAuthorizationAutoAuthRemoteUserStringParser and $LDAPAuthentication2UsernameNormalizer.

Can you please post the output of $wgDebugLogFile?

Reply 06:32, 13 September 2019 4 years ago
Guilherme bangemann (talkcontribs)

I fortgot:

Extended content

Softwares

Produto Versão
MediaWiki 1.31.3
PHP 7.2.19-0ubuntu0.18.04.2 (apache2handler)
MySQL 5.7.27-0ubuntu0.18.04.1
ICU 60.2

URLs

Ponto de entrada URL
Caminho dos artigos /wiki/index.php/$1
Caminho dos scripts /wiki
index.php /wiki/index.php
api.php /wiki/api.php
load.php /wiki/load.php

Templates

Skin Versão Licença Descrição Autores
MonoBook GPL-2.0-or-later O tema clássico do MediaWiki desde 2004, assim chamado pela imagem preto e branco de um livro que é colocada no plano de fundo da página Gabriel Wicke e outros
Timeless 0.8.1 GPL-2.0-or-later Um tema timeless projetado após o protótipo Winter por Brandon Harris e vários estilos pela Fundação Wikimedia Isarra Yos
Vector GPL-2.0-or-later Versão moderna do MonoBook com um visual limpo e várias melhorias de usabilidade Trevor Parscal, Roan Kattouw e outros

Extensions

Editores
Extensão Versão Licença Descrição Autores
CodeEditor GPL-2.0-or-later AND BSD-3-Clause Edição de páginas JavaScript e CSS com realce de sintaxe, utilizando o editor Ace Brion Vibber, Derk-Jan Hartman e authors of Ace
WikiEditor 0.5.1 GPL-2.0-or-later Fornece uma interface avançada e extensível de edição de texto wiki Derk-Jan Hartman, Trevor Parscal, Roan Kattouw, Nimish Gautam e Adam Miller
Diversos
Extensão Versão Licença Descrição Autores
Auth_remoteuser 2.0.1 (c2a7dd8) 03h09min de 19 de julho de 2018 GPL-2.0-or-later Registra automaticamente os usuários logados que utilizam a variável de ambiente REMOTE_USER Otheus Shelling, Rusty Burchfield, James Kinsman, Daniel Thomas, Ian Ward Comfort, Mark A. Hershberger e Stefan Engelhardt
LDAPAuthentication2 1.0.0 (e170a82) 02h37min de 12 de agosto de 2019 GPL-2.0 Allows authentication against a LDAP resource Cindy Cicalese, Mark A. Hershberger e Robert Vogel
LDAPAuthorization 1.0.0 (2bfd752) 04h01min de 18 de julho de 2019 GPL-2.0 Restringir o acesso baseado nos valores LDAP especificados Cindy Cicalese, Mark A. Hershberger e Robert Vogel
LDAPProvider 1.0.1 (3d9d3a3) 09h46min de 4 de junho de 2019 GPL-2.0+ Provides a common infratructure to connect to a LDAP resource and run queries against it Cindy Cicalese, Mark A. Hershberger e Robert Vogel
LDAPUserInfo 1.0.0 (2824534) 15h18min de 17 de abril de 2019 GPL-2.0 Allows to synchronize user information and preferences with a LDAP resource Cindy Cicalese, Mark A. Hershberger e Robert Vogel
PluggableAuth 5.4 (300ac44) 02h28min de 14 de abril de 2018 Licença Fornece uma estrutura para autenticação e autorização modulares Cindy Cicalese
'solis' it's my company and I use it like my domain. So what'u should I put there? What's value for $LDAPAuthorizationAutoAuthRemoteUserStringParserand $LDAPAuthentication2UsernameNormalizer
/var/www/wiki/extensions/LDAPAuthorization/extension.json

"AutoAuthRemoteUserStringParser": {

                        "value": "domain-backslash-username"

                },

                "AutoAuthBypassWithCookieUsernameRemoteAddrs": {

/var/www/wiki/extensions/LDAPAuthentication2/extension.json

"LDAPAuthentication2UsernameNormalizer": {

                        "value": "",

                        "path": false,

                        "description": "Use this function for normalizing username for LDAP, for example 'strtolower'. Needed after migration from earlier Version.",

                        "public": true

                },

And what's the directory for LogFile??

#$wgDebugLogFile = "/var/log/wiki/debug-{$wg}.log";

What I need to put on ".../debug-{???}.log"; ????

Reply Edited by MarkAHershberger 18:41, 13 September 2019 4 years ago
Guilherme bangemann (talkcontribs)
LocalSettings.php 
<?php
if ( !defined( 'MEDIAWIKI' ) ) {
    exit;
}
# $wgDisableOutputCompression = true;
$wgSitename = "Wiki Test";
$wgMetaNamespace = "Wiki_Test";

#$wgScriptPath = "/wiki";
$wgScriptPath = "/wiki";
#$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;

$wgServer = "http://192.168.100.126";

$wgResourceBasePath = $wgScriptPath;

$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";

$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "apache@192.168.100.126";
$wgPasswordSender = "apache@192.168.100.126";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;

$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wiki";
$wgDBuser = "wkuser";
$wgDBpassword = "solis";

$wgDBprefix = "";

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

$wgMainCacheType = CACHE_ACCEL;
$wgMemCachedServers = [];
$wgSessionCacheType = CACHE_DB;

$wgEnableUploads = true;
#$wgUseImageMagick = true;
#$wgImageMagickConvertCommand = "/usr/bin/convert";

$wgUseInstantCommons = true;

$wgPingback = true;

$wgShellLocale = "C.UTF-8";

#$wgCacheDirectory = "$IP/cache";

$wgLanguageCode = "pt-br";
$wgSecretKey = "XX";

$wgAuthenticationTokenVersion = "1";

$wgUpgradeKey = "XX";

$wgRightsPage = ""; 

$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";

$wgDiff3 = "/usr/bin/diff3";

$wgDefaultSkin = "vector";

wfLoadSkin( 'Vector' );

wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'WikiEditor' );

# Add more configuration options below.
################################################################################
#-----------------------------LDAP-----------------------------
wfLoadExtensions( [
    'PluggableAuth',
    'Auth_remoteuser',
    'LDAPProvider',
    'LDAPAuthentication2',
    'LDAPAuthorization',
    'LDAPUserInfo'
] );
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'solis';
$LDAPAuthentication2UsernameNormalizer = 'solis';
$LDAPAuthentication2AllowLocalLogin = true;
$wgAuthRemoteuserAllowUserSwitch = true;
$wgPluggableAuth_EnableLocalLogin = true;
$wgCookieSecure = false;
#$wgAuthRemoteuserUserName = function() {
#	$user = '';
#	if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
#		$user = strtolower( $_SERVER[ 'REMOTE_USER' ] );
#	}
#
#	return $user;
#};
#
#$LDAPProviderDomainConfigProvider = function() {
#	$config = [
#		'solis' => [
#			'connection' => [
#				"server" => "ldapslave.solis.com.br",
#				"options" => [
#					"LDAP_OPT_DEREF" => 1
#				],
#				"basedn" => "dc=solis,dc=coop,dc=br",
#				"groupbasedn" => "dc=solis,dc=coop,dc=br",
#				"userbasedn" => "dc=solis,dc=coop,dc=br",
#				"searchattribute" => "uid",
#				"usernameattribute" => "uid",
#				"realnameattribute" => "fullname",
#				"emailattribute" => "mail",
#				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
#			],
#			'authorization' => [
#				'rules' => [
#					'groups' => [
#						'required' => [
#							'ou=users,dc=solis,dc=coop,dc=br'
#						]
#					]
#				]
#			],
#			'userinfo' => [
#				'attributes-map' => [
#					'email' => 'mail',
#					'realname' => 'fullname'
#				]
#			]
#		]
#	];
#
#	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
#};
######################################3
## PLUGGABLE AUTH ##
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;
#$wgPluggableAuth_ButtonLabelMessage = "";
#$wgPluggableAuth_ButtonLabel = null;
#$wgPluggableAuth_ExtraLoginFields [];
#$wgPluggableAuth_Class

##require_once ('extensions/LdapAuthentication/LdapAuthentication.php');
##require_once ('includes/AuthPlugin.php');
##$wgAuth = new LDAPAuthentication2Plugin();

#$wgLDAPDomainNames = array('solis');
#$wgLDAPServerNames = array('solis' => 'ldapslave.solis.com.br');
#$wgLDAPUseLocal = true;
#$wgLDAPEncryptionType = array('solis' => 'clear');
#$wgLDAPPort = array('solis' => 389);
#$wgLDAPProxyAgent = array('solis' => 'ou=users,dc=solis,dc=coop,dc=br');
#$wgLDAPProxyAgentPassword = array('solis' => 'royroy23');
#$wgLDAPSearchAttributes = array('solis' => 'uid');
#$wgLDAPBaseDNs = array('solis' => 'ou=users,dc=solis,dc=coop,dc=br');
### To pull e-mail address from LDAP
#$wgLDAPPreferences = array('solis' => array('email' => 'mail', 'realname'=>'cn' , 'nickname'=>'uid'));
#$wgLDAPLowerCaseUsername = array('solis' => true);

## LOGS
#$wgDebugLogFile = "/var/log/wiki/debug-{$wg}.log";
#$wgLDAPDebug = 3;
#$wgDebugLogGroups['LDAPUserInfo'] = "/tmp/LDAPUserInfo.log";
#$wgDebugLogGroups['LDAPGroups'] = "/tmp/LDAPGroups.log";
#$wgDebugLogGroups["ldap"] = "/tmp/ldap.log";
#$wgLDAPPreferences = array(
#  'solis' => array( 'email' => 'mail')
#);
# Group based restriction
#$wgLDAPGroupUseFullDN = array( "openldap_example_com"=>false );
#$wgLDAPGroupObjectclass = array( "openldap_example_com"=>"posixgroup" );
#$wgLDAPGroupAttribute = array( "openldap_example_com"=>"memberuid" );
#$wgLDAPGroupSearchNestedGroups = array( "openldap_example_com"=>false );
#$wgLDAPGroupNameAttribute = array( "openldap_example_com"=>"cn" );
#$wgLDAPRequiredGroups = array( "openldap_example_com"=>array("cn=ldapwiki,ou=groups,dc=example,dc=com"));
#$wgLDAPLowerCaseUsername = array(
#  'openldap_example_com' => true,
#);
$wgShowExceptionDetails = true;
################################################################################
Reply Edited by MarkAHershberger 18:46, 13 September 2019 4 years ago
Guilherme bangemann (talkcontribs)

$wgDebugLogFile @Osnard

debugLDAP.log 
IP: 192.168.100.126
Start request GET /wiki/index.php?title=Especial:Autenticar-se&returnto=Especial%3AP%C3%A1ginas+especiais
HTTP HEADERS:
HOST: 192.168.100.126
CONNECTION: keep-alive
UPGRADE-INSECURE-REQUESTS: 1
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
REFERER: http://192.168.100.126/wiki/index.php/Especial:P%C3%A1ginas_especiais
ACCEPT-ENCODING: gzip, deflate
ACCEPT-LANGUAGE: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
COOKIE: wiki_wkUserName=Admin; wikiUserName=Guilherme+bangemann
[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreDB
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.100.126",
    "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.132 Safari\/537.36",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0
}
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[session] Can't login remote user '' automatically. Given remote user name is not of type string or empty.
[CryptRand] 0 bytes of randomness leftover in the buffer.
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[SQLBagOStuff] Connection 480 will be used for SqlBagOStuff
[CryptRand] 0 bytes of randomness leftover in the buffer.
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" is unsaved, marking dirty in constructor
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" save: dataDirty=1 metaDirty=1 forcePersist=0
[cookie] already deleted setcookie: "wiki51a2e67c_session", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cUserID", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cToken", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1536856668", "/", "", "", "1"
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" force-persist due to persist()
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" save: dataDirty=0 metaDirty=1 forcePersist=1
[cookie] setcookie: "wiki51a2e67c_session", "2ak8qm2l6sbr7bacs7vo3crso0rk89i3", "0", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cRemoteToken", "", "1570984668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cUserID", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cToken", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1536856668", "/", "", "", "1"
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" Taking over PHP session
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" save: dataDirty=0 metaDirty=1 forcePersist=1
[cookie] already set setcookie: "wiki51a2e67c_session", "2ak8qm2l6sbr7bacs7vo3crso0rk89i3", "0", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cRemoteToken", "", "1570984668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cUserID", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "wiki51a2e67cToken", "", "1536856668", "/", "", "", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1536856668", "/", "", "", "1"
[DBPerformance] Expectation (writes <= 0) by MediaWiki::main not met (actual: 1):
query-m: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('X')
#0 /var/lib/wiki/includes/libs/rdbms/TransactionProfiler.php(219): Wikimedia\Rdbms\TransactionProfiler->reportExpectationViolated('writes', 'query-m: REPLAC...', 1)
#1 /var/lib/wiki/includes/libs/rdbms/database/Database.php(1256): Wikimedia\Rdbms\TransactionProfiler->recordQueryCompletion('query-m: REPLAC...', 1568392668.5418, true, 1)
#2 /var/lib/wiki/includes/libs/rdbms/database/Database.php(1151): Wikimedia\Rdbms\Database->doProfiledQuery('REPLACE INTO `o...', 'REPLACE /* SqlB...', true, 'SqlBagOStuff::s...')
#3 /var/lib/wiki/includes/libs/rdbms/database/Database.php(2741): Wikimedia\Rdbms\Database->query('REPLACE INTO `o...', 'SqlBagOStuff::s...')
#4 /var/lib/wiki/includes/libs/rdbms/database/DatabaseMysqlBase.php(516): Wikimedia\Rdbms\Database->nativeReplace('`objectcache`', Array, 'SqlBagOStuff::s...')
#5 /var/lib/wiki/includes/objectcache/SqlBagOStuff.php(361): Wikimedia\Rdbms\DatabaseMysqlBase->replace('objectcache', Array, Array, 'SqlBagOStuff::s...')
#6 /var/lib/wiki/includes/objectcache/SqlBagOStuff.php(376): SqlBagOStuff->setMulti(Array, 1568396268)
#7 /var/lib/wiki/includes/libs/objectcache/CachedBagOStuff.php(65): SqlBagOStuff->set('wiki:MWSession:...', Array, 1568396268, 1)
#8 /var/lib/wiki/includes/session/SessionBackend.php(738): CachedBagOStuff->set('wiki:MWSession:...', Array, 1568396268, 1)
#9 /var/lib/wiki/includes/session/SessionBackend.php(596): MediaWiki\Session\SessionBackend->save()
#10 [internal function]: MediaWiki\Session\SessionBackend->MediaWiki\Session\{closure}()
#11 /var/lib/wiki/vendor/wikimedia/scoped-callback/src/ScopedCallback.php(76): call_user_func_array(Object(Closure), Array)
#12 /var/lib/wiki/vendor/wikimedia/scoped-callback/src/ScopedCallback.php(56): Wikimedia\ScopedCallback->__destruct()
#13 /var/lib/wiki/includes/session/SessionManager.php(886): Wikimedia\ScopedCallback::consume(NULL)
#14 /var/lib/wiki/includes/session/SessionManager.php(214): MediaWiki\Session\SessionManager->getSessionFromInfo(Object(MediaWiki\Session\SessionInfo), Object(FauxRequest))
#15 /var/lib/wiki/includes/session/PHPSessionHandler.php(242): MediaWiki\Session\SessionManager->getSessionById('2ak8qm2l6sbr7ba...', false)
#16 [internal function]: MediaWiki\Session\PHPSessionHandler->read('2ak8qm2l6sbr7ba...')
#17 [internal function]: session_start()
#18 /var/lib/wiki/vendor/wikimedia/at-ease/src/Wikimedia/Functions.php(71): call_user_func_array('session_start', Array)
#19 /var/lib/wiki/includes/session/SessionBackend.php(767): Wikimedia\quietCall('session_start')
#20 /var/lib/wiki/includes/session/SessionBackend.php(690): MediaWiki\Session\SessionBackend->checkPHPSession()
#21 /var/lib/wiki/includes/session/SessionBackend.php(607): MediaWiki\Session\SessionBackend->save()
#22 /var/lib/wiki/includes/session/SessionBackend.php(291): MediaWiki\Session\SessionBackend->autosave()
#23 /var/lib/wiki/includes/session/Session.php(127): MediaWiki\Session\SessionBackend->persist()
#24 /var/lib/wiki/includes/specialpage/LoginSignupSpecialPage.php(231): MediaWiki\Session\Session->persist()
#25 /var/lib/wiki/includes/specialpage/SpecialPage.php(565): LoginSignupSpecialPage->execute(NULL)
#26 /var/lib/wiki/includes/specialpage/SpecialPageFactory.php(568): SpecialPage->run(NULL)
#27 /var/lib/wiki/includes/MediaWiki.php(288): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))
#28 /var/lib/wiki/includes/MediaWiki.php(861): MediaWiki->performRequest()
#29 /var/lib/wiki/includes/MediaWiki.php(524): MediaWiki->main()
#30 /var/lib/wiki/index.php(42): MediaWiki->run()
#31 {main}
[MessageCache] MessageCache::load: Loading pt-br... local cache is empty, got from global cache
Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->transform
Parser: using preprocessor: Preprocessor_DOM
Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct
QuickTemplate::__construct was called with no Config instance passed to it
[CryptRand] 0 bytes of randomness leftover in the buffer.
[CryptRand] 0 bytes of randomness leftover in the buffer.
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" data dirty due to dirty(): LoginSignupSpecialPage->getFakeTemplate/SpecialUserLogin->getToken/MediaWiki\Session\Session->getToken/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
[session] SessionBackend "2ak8qm2l6sbr7bacs7vo3crso0rk89i3" save: dataDirty=1 metaDirty=0 forcePersist=0
[DBPerformance] Expectation (writes <= 0) by MediaWiki::main not met (actual: 2):
query-m: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('X')
#0 /var/lib/wiki/includes/libs/rdbms/TransactionProfiler.php(219): Wikimedia\Rdbms\TransactionProfiler->reportExpectationViolated('writes', 'query-m: REPLAC...', 2)
#1 /var/lib/wiki/includes/libs/rdbms/database/Database.php(1256): Wikimedia\Rdbms\TransactionProfiler->recordQueryCompletion('query-m: REPLAC...', 1568392668.5535, true, 2)
#2 /var/lib/wiki/includes/libs/rdbms/database/Database.php(1151): Wikimedia\Rdbms\Database->doProfiledQuery('REPLACE INTO `o...', 'REPLACE /* SqlB...', true, 'SqlBagOStuff::s...')
#3 /var/lib/wiki/includes/libs/rdbms/database/Database.php(2741): Wikimedia\Rdbms\Database->query('REPLACE INTO `o...', 'SqlBagOStuff::s...')
#4 /var/lib/wiki/includes/libs/rdbms/database/DatabaseMysqlBase.php(516): Wikimedia\Rdbms\Database->nativeReplace('`objectcache`', Array, 'SqlBagOStuff::s...')
#5 /var/lib/wiki/includes/objectcache/SqlBagOStuff.php(361): Wikimedia\Rdbms\DatabaseMysqlBase->replace('objectcache', Array, Array, 'SqlBagOStuff::s...')
#6 /var/lib/wiki/includes/objectcache/SqlBagOStuff.php(376): SqlBagOStuff->setMulti(Array, 1568396268)
#7 /var/lib/wiki/includes/libs/objectcache/CachedBagOStuff.php(65): SqlBagOStuff->set('wiki:MWSession:...', Array, 1568396268, 1)
#8 /var/lib/wiki/includes/session/SessionBackend.php(738): CachedBagOStuff->set('wiki:MWSession:...', Array, 1568396268, 1)
#9 /var/lib/wiki/includes/session/SessionBackend.php(596): MediaWiki\Session\SessionBackend->save()
#10 [internal function]: MediaWiki\Session\SessionBackend->MediaWiki\Session\{closure}()
#11 /var/lib/wiki/vendor/wikimedia/scoped-callback/src/ScopedCallback.php(76): call_user_func_array(Object(Closure), Array)
#12 /var/lib/wiki/vendor/wikimedia/scoped-callback/src/ScopedCallback.php(56): Wikimedia\ScopedCallback->__destruct()
#13 /var/lib/wiki/includes/session/SessionManager.php(886): Wikimedia\ScopedCallback::consume(NULL)
#14 /var/lib/wiki/includes/session/SessionManager.php(214): MediaWiki\Session\SessionManager->getSessionFromInfo(Object(MediaWiki\Session\SessionInfo), Object(WebRequest))
#15 /var/lib/wiki/includes/WebRequest.php(730): MediaWiki\Session\SessionManager->getSessionById('2ak8qm2l6sbr7ba...', true, Object(WebRequest))
#16 /var/lib/wiki/includes/specialpage/LoginSignupSpecialPage.php(909): WebRequest->getSession()
#17 /var/lib/wiki/includes/specialpage/LoginSignupSpecialPage.php(843): LoginSignupSpecialPage->getFieldDefinitions(Object(FakeAuthTemplate))
#18 /var/lib/wiki/includes/specialpage/AuthManagerSpecialPage.php(652): LoginSignupSpecialPage->onAuthChangeFormFields(Array, Array, Array, 'login')
#19 /var/lib/wiki/includes/specialpage/LoginSignupSpecialPage.php(667): AuthManagerSpecialPage->fieldInfoToFormDescriptor(Array, Array, 'login')
#20 /var/lib/wiki/includes/specialpage/AuthManagerSpecialPage.php(400): LoginSignupSpecialPage->getAuthForm(Array, 'login')
#21 /var/lib/wiki/includes/specialpage/LoginSignupSpecialPage.php(316): AuthManagerSpecialPage->trySubmit()
#22 /var/lib/wiki/includes/specialpage/SpecialPage.php(565): LoginSignupSpecialPage->execute(NULL)
#23 /var/lib/wiki/includes/specialpage/SpecialPageFactory.php(568): SpecialPage->run(NULL)
#24 /var/lib/wiki/includes/MediaWiki.php(288): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))
#25 /var/lib/wiki/includes/MediaWiki.php(861): MediaWiki->performRequest()
#26 /var/lib/wiki/includes/MediaWiki.php(524): MediaWiki->main()
#27 /var/lib/wiki/index.php(42): MediaWiki->run()
#28 {main}
User::getBlockedStatus: checking...
MediaWiki::preOutputCommit: primary transaction round committed
MediaWiki::preOutputCommit: pre-send deferred updates completed
MediaWiki::preOutputCommit: LBFactory shutdown completed
[MessageCache] MessageCache::load: Loading pt... local cache is empty, got from global cache
[MessageCache] MessageCache::load: Loading en... local cache is empty, got from global cache
OutputPage::sendCacheControl: private caching;  **
Request ended normally
[session] Saving all sessions on shutdown
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreDB
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.100.126",
    "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.132 Safari\/537.36",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0
}
[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[caches] LocalisationCache: using store LCStoreDB
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.100.126",
    "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.132 Safari\/537.36",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0
}
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[MessageCache] MessageCache::load: Loading pt-br... local cache is empty, got from global cache
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreDB
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.100.126",
    "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.132 Safari\/537.36",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0
}
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreDB
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.100.126",
    "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.132 Safari\/537.36",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0
}
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.
Reply Edited by MarkAHershberger 18:48, 13 September 2019 4 years ago
A1exP (talkcontribs)

Hello,


Getting the same with LDAP stack on MW 1.31.

Was there a solution found for this?


Thanks,

Alex

Reply 20:22, 8 December 2019 4 years ago
Osnard (talkcontribs)

Unfortunately the debug log file does not contain hints. Have you tried using $wgMainCacheType = CACHE_DB; ?

Reply 14:33, 11 December 2019 4 years ago
A1exP (talkcontribs)

Yes, I have the below set

$wgMainCacheType = CACHE_ACCEL;

$wgSessionCacheType = CACHE_DB;

$wgMemCachedServers = [];


and at the end of the LocalSettings.php file

$wgCookieSecure = false;


In the browser, in the Cookie request header I can find

my_wiki_test51a2e67c_session=i6c1i83p0usojiifinlsvenrgc8liq4p


Full value:

Cookie:

experimentation_subject_id=IjAyZGQ2NzllLTA2MDAtNDlkNS04MzRhLTA4NDZjZTdkNjJlYSI%3D--b5c89d226c39b439cbfa6e7dc145c14ae8a548a0; consent=1; RIDC=undefined; RIDFPF=undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined-undefined; RIDSCR=undefined; _ga=GA1.2.1907998560.1576060652; my_wiki_testUserName=Root; my_wiki_test51a2e67c_session=i6c1i83p0usojiifinlsvenrgc8liq4p; UseDC=master; UseCDNCache=false


While in the objectcache table I find the keyname column with value

my_wiki_test:MWSession:i6c1i83p0usojiifinlsvenrgc8liq4p


"my_wiki_test" is the DB name


Below is what I get in the log file for this session

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[SQLBagOStuff] Connection 40421 will be used for SqlBagOStuff

[CryptRand] 0 bytes of randomness leftover in the buffer.

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" is unsaved, marking dirty in constructor

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" save: dataDirty=1 metaDirty=1 forcePersist=0

[cookie] setcookie: "my_wiki_test51a2e67c_session", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cUserID", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cToken", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "forceHTTPS", "", "1544864578", "/", "", "", "1"

Unstubbing $wgParser on call of $wgParser::setHook from wfFileList

Parser: using preprocessor: Preprocessor_DOM

[MessageCache] MessageCache::load: Loading en... local cache is empty, got from global cache

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" force-persist due to persist()

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" save: dataDirty=0 metaDirty=1 forcePersist=1

[cookie] setcookie: "my_wiki_test51a2e67c_session", "i6c1i83p0usojiifinlsvenrgc8liq4p", "0", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cRemoteToken", "", "1578992578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cUserID", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cToken", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "forceHTTPS", "", "1544864578", "/", "", "", "1"

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" Taking over PHP session

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" save: dataDirty=0 metaDirty=1 forcePersist=1

[cookie] already set setcookie: "my_wiki_test51a2e67c_session", "i6c1i83p0usojiifinlsvenrgc8liq4p", "0", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cRemoteToken", "", "1578992578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cUserID", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "my_wiki_test51a2e67cToken", "", "1544864578", "/", "", "", "1"

[cookie] already deleted setcookie: "forceHTTPS", "", "1544864578", "/", "", "", "1"

Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct

QuickTemplate::__construct was called with no Config instance passed to it

[CryptRand] 0 bytes of randomness leftover in the buffer.

[CryptRand] 0 bytes of randomness leftover in the buffer.

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" data dirty due to dirty(): LoginSignupSpecialPage->getFakeTemplate/SpecialUserLogin->getToken/MediaWiki\Session\Session->getToken/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty

[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.

[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.

[session] SessionBackend "i6c1i83p0usojiifinlsvenrgc8liq4p" save: dataDirty=1 metaDirty=0 forcePersist=0

User::getBlockedStatus: checking...

MediaWiki::preOutputCommit: primary transaction round committed

MediaWiki::preOutputCommit: pre-send deferred updates completed

[DBReplication] Wikimedia\Rdbms\ChronologyProtector::shutdownLB: DB 'localhost' touched

MediaWiki::preOutputCommit: LBFactory shutdown completed

[cookie] setcookie: "UseDC", "master", "1576400589", "/", "", "", "1"

[cookie] setcookie: "UseCDNCache", "false", "1576400589", "/", "", "", "1"

Parser: using preprocessor: Preprocessor_DOM

OutputPage::sendCacheControl: private caching;  **

[runJobs] smw.propertyStatisticsRebuild SMW\SQLStore\Installer rootJobIsSelf=1 rootJobSignature=db42ba0748fde875c7dd60ebc4ffd96d265c3390 rootJobTimestamp=20191214200302 waitOnCommandLine=5 requestId=51e637999976d512e0f49bae (id=43,timestamp=20191214200701) STARTING

[runJobs] smw.propertyStatisticsRebuild SMW\SQLStore\Installer rootJobIsSelf=1 rootJobSignature=db42ba0748fde875c7dd60ebc4ffd96d265c3390 rootJobTimestamp=20191214200302 waitOnCommandLine=6 requestId=51e637999976d512e0f49bae (id=43,timestamp=20191214200701) t=9 good

Request ended normally

[session] Saving all sessions on shutdown

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff

[caches] LocalisationCache: using store LCStoreDB

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

    "IPAddress": "10.166.11.1",

    "UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.79 Safari\/537.36",

    "ChronologyProtection": false,

    "ChronologyPositionIndex": 0

}

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff

[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff

[caches] LocalisationCache: using store LCStoreDB

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

[caches] LocalisationCache: using store LCStoreDB

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

    "IPAddress": "10.166.11.1",

    "UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.79 Safari\/537.36",

    "ChronologyProtection": false,

    "ChronologyPositionIndex": 0

}

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

    "IPAddress": "10.166.11.1",

    "UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.79 Safari\/537.36",

    "ChronologyProtection": false,

    "ChronologyPositionIndex": 0

}

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[MessageCache] MessageCache::load: Loading en... local cache is empty, got from global cache

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

[caches] cluster: APCBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: APCBagOStuff, session: SqlBagOStuff

[caches] LocalisationCache: using store LCStoreDB

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

    "IPAddress": "10.166.11.1",

    "UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.79 Safari\/537.36",

    "ChronologyProtection": false,

    "ChronologyPositionIndex": 0

}

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'localhost'.

[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'localhost'.

Reply Edited 12:36, 15 December 2019 4 years ago
Guilherme bangemann (talkcontribs)

@A1exP Try to see this situation:

https://www.mediawiki.org/w/index.php?title=Topic:V7i1eb6u4f779tpx&topic_showPostId=v7lpokzmvn7m2d2l&fromnotif=1#flow-post-v7lpokzmvn7m2d2l

https://www.mediawiki.org/w/index.php?title=Topic:V7fstm646jz6rjt5&topic_showPostId=v7lqcjha6pgxmymi&fromnotif=1#flow-post-v7lqcjha6pgxmymi


It worked for me.


Maybe try executing this code:

sudo php extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain (YOUR-DOMAIN) --username (YOUR-USER-TEST)

sudo php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain (YOUR-DOMAIN) --username (YOUR-USER-TEST)

sudo php extensions/LDAPProvider/maintenance/CheckLogin.php --domain (YOUR-DOMAIN) --username (YOUR-USER-TEST)


EXAMPLE:

sudo php extensions/LDAPProvider/maintenance/CheckLogin.php --domain solis --username guilherme_bangemann

Reply Edited 17:17, 16 December 2019 4 years ago
A1exP (talkcontribs)

Hello,


The authentication is working.

[root@lnx-mediawiki kb-test.ipsosinteractive.com]# scl enable rh-php70 'php /opt/rh/httpd24/root/var/www/html/kb-test.ipsosinteractive.com/extensions/LDAPProvider/maintenance/CheckLogin.php --domain "*********" --username "*********"'

Password:*********

OK

[root@lnx-mediawiki kb-test.ipsosinteractive.com]#


My issue is that that portion of code doesn't seem to get executed due to the session error "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form."


Thanks,

Alex

Reply 15:55, 17 December 2019 4 years ago
Osnard (talkcontribs)

@A1exP So you are using "form based authentication" from Special:Login, right? You don't have Extension:Auth remoteuser or something similar installed, do you? From your Logs I can see, you are using SQLBagOfStuff to store the sessions. Have you tried increasing $wgObjectCacheSessionExpiry?

Reply 14:46, 18 December 2019 4 years ago
A1exP (talkcontribs)

Hello @Osnard,

I am using indeed Auth_remoteuser as part of the LDAP stack.

Tried increasing wgObjectCacheSessionExpiry to

$wgObjectCacheSessionExpiry = 86400;

But without any success


Below is what I have in LocalSettings.php


wfLoadExtensions([

        'PluggableAuth',

        'Auth_remoteuser',

        'LDAPProvider',

        'LDAPAuthentication2',

        'LDAPAuthorization',

        'LDAPUserInfo'

    ]);

$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'domain-backslash-username';

$LDAPAuthentication2UsernameNormalizer = 'strtolower';

$LDAPAuthentication2AllowLocalLogin = true;

$wgAuthRemoteuserAllowUserSwitch = true;

$wgPluggableAuth_EnableLocalLogin = true;

$wgAuthRemoteuserUserName = function () {

$user = '';

if (isset($_SERVER['REMOTE_USER'])) {

        $user = strtolower($_SERVER['REMOTE_USER']);

}

return $user;

};

$LDAPProviderDomainConfigProvider = function () {

$config = [

        'ipsosgroup' => [

        'connection' => [

                "server" => "*****",

                "user" => "*****",

                "pass" => ""*****",               

                "options" => [

                "LDAP_OPT_DEREF" => 1

                ],

                "basedn" => "*****",

                "groupbasedn" => "*****",

                "userbasedn" => "*****",

                //"searchstring" => "*****\\USER-NAME",

                "searchattribute" => "sAMAccountName",

                "usernameattribute" => "sAMAccountName",

                "realnameattribute" => "cn",

                "emailattribute" => "mail",

                "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"

        ],

        'authorization' => [

                'rules' => [

                'groups' => [

                        'required' => [

                        '*****'

                        ]

                ]

                ]

        ],

        'userinfo' => [

                'attributes-map' => [

                'email' => 'mail',

                'realname' => 'cn'

                ]

        ]

        ]

];

return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray($config);

};


and at the bottom


$wgMainCacheType = CACHE_ACCEL;

$wgSessionCacheType = CACHE_DB;

$wgCookieSecure = false;

$wgCookieHttpOnly = false;

$wgMemCachedServers = [];

$wgObjectCacheSessionExpiry = 86400;


Reply 08:22, 20 December 2019 4 years ago
A1exP (talkcontribs)

Can you let me know in what file this check regarding the session is made so I can debug on my end?

Reply 08:24, 20 December 2019 4 years ago
Osnard (talkcontribs)
Reply 12:40, 20 December 2019 4 years ago
A1exP (talkcontribs)

These are different indeed.

I get from the log:


[authentication] Alex P Session token 17d9174fe04b1a3c8ff1a502a6971e1e5e05a92b+\

[authentication] Alex P Request token 3ae70f1c7c9c93858bd052e2e33e41bd5e05a926+\

[authentication] Alex P authform-wrongtoken


In the post I see indeed the request token

wpName: *****

wpPassword: *****

domain: *****

pluggableauthlogin: Log in with PluggableAuth

wpEditToken: +\

title: Special:UserLogin

authAction: login

force:

wpLoginToken: 3ae70f1c7c9c93858bd052e2e33e41bd5e05a926+\


I tried to log something from the getToken function which is used to get the session token for comparison, but somehow it's not appearing

   protected function getToken() {

       LoggerFactory::getInstance( 'authentication' )->warning('Alex P getToken call');

       return $this->getRequest()->getSession()->getToken( 'AuthManagerSpecialPage:'

           . $this->getName() );

   }


Reply 06:57, 27 December 2019 4 years ago
Osnard (talkcontribs)

Instead of LoggerFactory::getInstance( 'authentication' )->warning('Alex P getToken call');

try error_log( 'Alex P getToken call' ); or wfDebug( 'Alex P getToken call' );


Reply 15:04, 7 January 2020 4 years ago
Reply to "There seems to be a problem with your login session; This action has been canceled as a precaution against session hijacking. Please resubmit the form."
Retrieved from "https://www.mediawiki.org/wiki/Topic:V778b66nyi5avqqp"