Topic on Extension talk:OpenID Connect

oidc_subject is null

17 comments 13:16, 10 December 2019 4 years ago
17
Summary by BrunoPenso

After the heavy customization on the requestUserInfo method it worked.


I wil go to an issue on the jumbojett github site.


Thanks for all the help.

BrunoPenso (talkcontribs)

Hi guys,

I'm trying to configure my mediawiki docker image to run with our OpenIdConnect server and I'm getting the error below. Can anyone help?

[8e83b5ad531a9b2e63de4d90] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1587 of /var/www/html/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: INSERT INTO openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('14',NULL,'mylinkhere') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'mylinkhere' Function: OpenIDConnect::saveExtraAttributes Error: 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql)


On the composer file I'm using the version:

"jumbojett/openid-connect-php": "^0.8.0"

And i'm using the extensions:

  • OpenIDConnect-REL1_33-0467f7b.tar.gz
  • PluggableAuth-REL1_33-a69f626.tar.gz
21:33, 4 December 2019 4 years ago
BrunoPenso (talkcontribs)

I also tried to turn the debug but nothingget me attention; Here is the LocalSettings.php

$wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log"; $wgDebugComments = true; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['autocreateaccount'] = true;

wfLoadExtension( 'PluggableAuth' ); $wgPluggableAuth_EnableAutoLogin = true; $wgPluggableAuth_EnableLocalLogin = false; //The config below will not have effect since wgPluggableAuth_EnableLocalLogin is false $wgPluggableAuth_ButtonLabel = 'Entrar com o Login'; $wgPluggableAuth_Class = "OpenIDConnect"; wfLoadExtension( 'OpenIDConnect' ); $wgOpenIDConnect_Config['mylinkhere'] = [

   'clientID' => 'myclientid',
   'clientsecret' => 'meclientsecret',

'scope' => [ 'openid', 'profile','email'] ]; $wgOpenIDConnect_UseEmailNameAsUserName = true;

!$wgDebugDBTransactions = true; $wgShowExceptionDetails = true; $wgDebugToolbar = true; $wgDevelopmentWarnings = true; $wgShowExceptionDetails = true; $wgShowDBErrorBacktrace = true; $wgShowSQLErrors = true; $wgDebugToolbar = true;

$wgDBerrorLog = '/var/log/mediawiki/dberror.log'; $wgRateLimitLog = '/var/log/mediawiki/ratelimit.log'; $wgDebugLogGroups = array( 'resourceloader' => '/var/log/mediawiki/resourceloader.log', 'exception' => '/var/log/mediawiki/exception.log', 'error' => '/var/log/mediawiki/error.log', #'exception-json' => '/var/log/mediawiki/exception.json', // Extra log groups from your extension #'myextension' => '/var/log/mediawiki/myextension.log', #'somegroup' => '/var/log/mediawiki/somegroup.log', 'PluggableAuth' => '/var/log/mediawiki/pluggableAuth.log', 'OpenID Connect' => '/var/log/mediawiki/openIdConnect.log', 'OpenIDConnect' => '/var/log/mediawiki/openIdConnect.log', );

error_reporting( -1 ); ini_set( 'display_errors', 1 );

21:35, 4 December 2019 4 years ago
Cindy.cicalese (talkcontribs)

Please show all lines from the debug log that begin with [PluggableAuth] or [OpenID Connect] (with any private information removed).

03:58, 5 December 2019 4 years ago
BrunoPenso (talkcontribs)

Hi see the result of the debug log tab.

[PluggableAuth] Real name and email address did not change.

[PluggableAuth] Getting PluggableAuth singleton

[PluggableAuth] Class name: OpenIDConnect


No more logs. I also checked the /var/log and have no information

Edited 18:32, 5 December 2019 4 years ago
Cindy.cicalese (talkcontribs)

My first suggestion would be to use the "master" versions of both extensions rather than the release branch versions, since both extensions follow the "master" compatibility policy.

Regardless, you should be seeing the debug statement issued at https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OpenIDConnect/+/REL1_33/src/OpenIDConnect.php#167. There is currently no debugging in the saveExtraAttributes() function (https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OpenIDConnect/+/REL1_33/src/OpenIDConnect.php#253) where the error is occurring. But, I would expect the value of "subject" there to match the value in the earlier debug statement. The fact that you are not getting debugging statements from OpenID Connect and that those are the only debugging statements you are getting from PluggableAuth seems suspicious.

Ah, you mention the debug log tab. If you are using the debug toolbar, you will only see the debugging statements for the current web request. You need to file the log file that you point to with $wgDebugLogFile. That will have the statements for all web requests.


19:24, 5 December 2019 4 years ago
BrunoPenso (talkcontribs)

Cindy,

There is no log file. Bellow is my LocalSettings.php. What do you think?

<?php

  1. This file was automatically generated by the MediaWiki 1.33.1
  2. installer. If you make manual changes, please keep track in case you
  3. need to recreate them later.
  5. See includes/DefaultSettings.php for all configurable settings
  6. and their default values, but don't forget to make changes in _this_
  7. file, not there.
  9. Further documentation for configuration settings may be found at:
  10. https://www.mediawiki.org/wiki/Manual:Configuration_settings
  1. Protect against web entry

if ( !defined( 'MEDIAWIKI' ) ) { exit; }


    1. Uncomment this to disable output compression
  2. $wgDisableOutputCompression = true;

$wgSitename = "TI"; $wgMetaNamespace = "TI";

    1. The URL base path to the directory containing the wiki;
    2. defaults for all runtime URL paths are based off of this.
    3. For more information on customizing the URLs
    4. (like /w/index.php/Page_title to /wiki/Page_title) please see:
    5. https://www.mediawiki.org/wiki/Manual:Short_URL

$wgScriptPath = "";

    1. The protocol and server name to use in fully-qualified URLs


    1. The URL path to static resources (images, scripts, etc.)

$wgResourceBasePath = $wgScriptPath;

    1. The URL path to the logo. Make sure you change this from the default,
    2. or else you'll overwrite your logo when you upgrade!

$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";

    1. UPO means: this is also a user preference option

$wgEnableEmail = true; $wgEnableUserEmail = false; # UPO

$wgEnotifUserTalk = false; # UPO $wgEnotifWatchlist = false; # UPO $wgEmailAuthentication = true;

  1. MySQL specific settings

$wgDBprefix = "";

  1. MySQL table options to use during installation or update

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

    1. Shared memory settings

$wgMainCacheType = CACHE_ACCEL; $wgMemCachedServers = [];

    1. To enable image uploads, make sure the 'images' directory
    2. is writable, then set this to true:

$wgEnableUploads = false; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert";

  1. InstantCommons allows wiki to use images from https://commons.wikimedia.org

$wgUseInstantCommons = false;

  1. Periodically send a pingback to https://www.mediawiki.org/ with basic data
  2. about this MediaWiki instance. The Wikimedia Foundation shares this data
  3. with MediaWiki developers to help guide future development efforts.

$wgPingback = true;

    1. If you use ImageMagick (or any other shell command) on a
    2. Linux server, this will need to be set to the name of an
    3. available UTF-8 locale

$wgShellLocale = "C.UTF-8";

    1. Set $wgCacheDirectory to a writable directory on the web server
    2. to make your wiki go slightly faster. The directory should not
    3. be publicly accessible from the web.
  2. $wgCacheDirectory = "$IP/cache";
  1. Site language code, should be one of the list in ./languages/data/Names.php

$wgLanguageCode = "en";

  1. Changing this will log out all existing sessions.

$wgAuthenticationTokenVersion = "1";

  1. Site upgrade key. Must be set to a string (default provided) to turn on the
  2. web installer while LocalSettings.php is in place

$wgUpgradeKey = "62667dda13e1db58";

    1. For attaching licensing metadata to pages, and displaying an
    2. appropriate copyright notice / icon. GNU Free Documentation
    3. License and Creative Commons licenses are supported so far.

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = ""; $wgRightsText = ""; $wgRightsIcon = "";

  1. Path to the GNU diff3 utility. Used for conflict resolution.

$wgDiff3 = "/usr/bin/diff3";

    1. Default skin: you can change the default skin. Use the internal symbolic
    2. names, ie 'vector', 'monobook':

$wgDefaultSkin = "vector";

  1. Enabled skins.
  2. The following skins were automatically enabled:

wfLoadSkin( 'MonoBook' ); wfLoadSkin( 'Timeless' ); wfLoadSkin( 'Vector' );


  1. Enabled extensions. Most of the extensions are enabled by adding
  2. wfLoadExtensions('ExtensionName');
  3. to LocalSettings.php. Check specific extension documentation for more details.
  4. The following extensions were automatically enabled:

wfLoadExtension( 'CodeEditor' ); wfLoadExtension( 'WikiEditor' );


  1. End of automatically generated settings.
  2. Add more configuration options below.

$wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log"; $wgDebugComments = true; $wgAllowHTMLEmail=true; $wgEnableEmail=true; $wgEnableUserEmail=false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['autocreateaccount'] = true;

wfLoadExtension( 'PluggableAuth' ); $wgPluggableAuth_EnableAutoLogin = true; $wgPluggableAuth_EnableLocalLogin = false; //The config below will not have effect since wgPluggableAuth_EnableLocalLogin is false $wgPluggableAuth_ButtonLabel = 'Entrar com o Login do XXX'; $wgPluggableAuth_Class = "OpenIDConnect"; wfLoadExtension( 'OpenIDConnect' ); $wgOpenIDConnect_Config['url'] = [

   'clientID' => 'id',
   'clientsecret' => 'secret',

'scope' => [ 'openid', 'profile','email'] ]; $wgOpenIDConnect_UseEmailNameAsUserName = true;

!$wgDebugDBTransactions = true; $wgShowExceptionDetails = true; $wgDebugToolbar = true; $wgDevelopmentWarnings = true; $wgShowExceptionDetails = true; $wgShowDBErrorBacktrace = true; $wgShowSQLErrors = true; $wgDebugToolbar = true;

$wgDBerrorLog = '/var/log/mediawiki/dberror.log'; $wgRateLimitLog = '/var/log/mediawiki/ratelimit.log'; $wgDebugLogGroups = array( 'resourceloader' => '/var/log/mediawiki/resourceloader.log', 'exception' => '/var/log/mediawiki/exception.log', 'error' => '/var/log/mediawiki/error.log', #'exception-json' => '/var/log/mediawiki/exception.json', // Extra log groups from your extension #'myextension' => '/var/log/mediawiki/myextension.log', #'somegroup' => '/var/log/mediawiki/somegroup.log', 'PluggableAuth' => '/var/log/mediawiki/pluggableAuth.log', 'OpenID Connect' => '/var/log/mediawiki/openIdConnect.log', 'OpenIDConnect' => '/var/log/mediawiki/openIdConnect.log', );

error_reporting( -1 ); ini_set( 'display_errors', 1 );

Edited 12:50, 6 December 2019 4 years ago
Cindy.cicalese (talkcontribs)

Does /var/log/mediawiki exist and is it writable by your web server? It is difficult for me to read the above with the formatting like that, but I don't see anything obvious wrong (except potentially an extra ! at the beginning of $wgDebugDBTransactions, but maybe that is a cut and paste error). You do not need separate logs for all of the logging types (i.e. $wgDebugLogGroups), and, in fact, it would be better to see the authentication errors in the combined log with the web requests to see the sequencing. But, since you cannot find any logs, that is moot.

22:36, 5 December 2019 4 years ago
BrunoPenso (talkcontribs)

HI,

I'm finally manage to see the log files! \o/

Thanks for the tips above. Now I have 3 logs files and I configured the wgDebugLogGroups to point to the same file.

About the "master" versions, I got the extensions from the link below, so I understand that this is the current available version. Am I right?

- https://www.mediawiki.org/wiki/Special:ExtensionDistributor/PluggableAuth

- https://www.mediawiki.org/wiki/Special:ExtensionDistributor/OpenIDConnect


Here is the log result:

2019-12-06 11:49:26 5a08ee3618ad mywiki: In execute()

2019-12-06 11:49:26 5a08ee3618ad mywiki: Getting PluggableAuth singleton

2019-12-06 11:49:26 5a08ee3618ad mywiki: Class name: OpenIDConnect

2019-12-06 11:49:26 5a08ee3618ad mywiki: Redirect URL: http://localhost:8081/index.php/Special:PluggableAuthLogin

2019-12-06 11:49:26 5a08ee3618ad mywiki: In execute() 2019-12-06 11:49:26 5a08ee3618ad mywiki: Getting PluggableAuth singleton 2019-12-06 11:49:26 5a08ee3618ad mywiki: Class name: OpenIDConnect 2019-12-06 11:49:26 5a08ee3618ad mywiki: Redirect URL: http://localhost:8081/index.php/Special:PluggableAuthLogin

2019-12-06 11:49:27 5a08ee3618ad mywiki: [ff73bc883cde9f196c80f5ad] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.YHefWEJ61wiPDTUhSoyUO9RsftU.RETE8r1UP3FwG-b_SwRhYNVHXPsldjOaHpn-OKClvPx_aC2N6CkkXdpFhHnb7kbtTNHKFLd9w1-DGvOUnxaWkM14IGMfykHHQohS9Glt0d-daBdYXP5gm6PKLG5gpu3pNWHXUcSLcYvy_wiP4uoXZAQ-3QC59CB-6EffsqVKBm9gn6fL6OJc5jLNId-dcKtDjL3PiX-CKlvHiN9X_HReas_HWBhCx1irYeHrDY2jZKtYYIdwMsz7xeFq0C7T-mcqRH0-3APVMZyWKTA4zHDjUayAJgp1P1lk3dHEUO72OUaGUnX5EtBZiBt3VHNt3ttTDymBM3VBGB9EF_iTGunGTg&state=f6ec5b0b7bcebc3689d1380f1d5cd4f5 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(165): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:27 5a08ee3618ad mywiki: [ff73bc883cde9f196c80f5ad] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.YHefWEJ61wiPDTUhSoyUO9RsftU.RETE8r1UP3FwG-b_SwRhYNVHXPsldjOaHpn-OKClvPx_aC2N6CkkXdpFhHnb7kbtTNHKFLd9w1-DGvOUnxaWkM14IGMfykHHQohS9Glt0d-daBdYXP5gm6PKLG5gpu3pNWHXUcSLcYvy_wiP4uoXZAQ-3QC59CB-6EffsqVKBm9gn6fL6OJc5jLNId-dcKtDjL3PiX-CKlvHiN9X_HReas_HWBhCx1irYeHrDY2jZKtYYIdwMsz7xeFq0C7T-mcqRH0-3APVMZyWKTA4zHDjUayAJgp1P1lk3dHEUO72OUaGUnX5EtBZiBt3VHNt3ttTDymBM3VBGB9EF_iTGunGTg&state=f6ec5b0b7bcebc3689d1380f1d5cd4f5 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(166): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:27 5a08ee3618ad mywiki: [ff73bc883cde9f196c80f5ad] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.YHefWEJ61wiPDTUhSoyUO9RsftU.RETE8r1UP3FwG-b_SwRhYNVHXPsldjOaHpn-OKClvPx_aC2N6CkkXdpFhHnb7kbtTNHKFLd9w1-DGvOUnxaWkM14IGMfykHHQohS9Glt0d-daBdYXP5gm6PKLG5gpu3pNWHXUcSLcYvy_wiP4uoXZAQ-3QC59CB-6EffsqVKBm9gn6fL6OJc5jLNId-dcKtDjL3PiX-CKlvHiN9X_HReas_HWBhCx1irYeHrDY2jZKtYYIdwMsz7xeFq0C7T-mcqRH0-3APVMZyWKTA4zHDjUayAJgp1P1lk3dHEUO72OUaGUnX5EtBZiBt3VHNt3ttTDymBM3VBGB9EF_iTGunGTg&state=f6ec5b0b7bcebc3689d1380f1d5cd4f5 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(168): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:27 5a08ee3618ad mywiki: Real name: , Email: , Subject: , Issuer: https://mylink/adfs 2019-12-06 11:49:27 5a08ee3618ad mywiki: No user found with matching subject and issuer. 2019-12-06 11:49:27 5a08ee3618ad mywiki: [ff73bc883cde9f196c80f5ad] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.YHefWEJ61wiPDTUhSoyUO9RsftU.RETE8r1UP3FwG-b_SwRhYNVHXPsldjOaHpn-OKClvPx_aC2N6CkkXdpFhHnb7kbtTNHKFLd9w1-DGvOUnxaWkM14IGMfykHHQohS9Glt0d-daBdYXP5gm6PKLG5gpu3pNWHXUcSLcYvy_wiP4uoXZAQ-3QC59CB-6EffsqVKBm9gn6fL6OJc5jLNId-dcKtDjL3PiX-CKlvHiN9X_HReas_HWBhCx1irYeHrDY2jZKtYYIdwMsz7xeFq0C7T-mcqRH0-3APVMZyWKTA4zHDjUayAJgp1P1lk3dHEUO72OUaGUnX5EtBZiBt3VHNt3ttTDymBM3VBGB9EF_iTGunGTg&state=f6ec5b0b7bcebc3689d1380f1d5cd4f5 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(327): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(199): OpenIDConnect::getPreferredUsername(array, Jumbojett\OpenIDConnectClient, NULL, NULL)
  5. 4 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  7. 6 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  8. 7 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  9. 8 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  10. 9 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  11. 10 /var/www/html/index.php(42): MediaWiki->run()
  12. 11 {main}

2019-12-06 11:49:27 5a08ee3618ad mywiki: Preferred username: 2019-12-06 11:49:27 5a08ee3618ad mywiki: Available username: User 2019-12-06 11:49:27 5a08ee3618ad mywiki: Authenticated new user: User 2019-12-06 11:49:27 5a08ee3618ad mywiki: User is authorized. 2019-12-06 11:49:28 5a08ee3618ad mywiki: Real name and email address did not change. 2019-12-06 11:49:28 5a08ee3618ad mywiki: Getting PluggableAuth singleton 2019-12-06 11:49:28 5a08ee3618ad mywiki: Class name: OpenIDConnect 2019-12-06 11:49:28 5a08ee3618ad mywiki: aaaa

2019-12-06 11:49:28 5a08ee3618ad mywiki: [8fb10ca1191740ed32f3e795] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1587 of /var/www/html/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('79',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs' Function: OpenIDConnect::saveExtraAttributes Error: 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql)

  1. 0 /var/www/html/includes/libs/rdbms/database/Database.php(1556): Wikimedia\Rdbms\Database->getQueryExceptionAndLog(string, integer, string, string)
  2. 1 /var/www/html/includes/libs/rdbms/database/Database.php(1274): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean)
  3. 2 /var/www/html/includes/libs/rdbms/database/DatabaseMysqlBase.php(1380): Wikimedia\Rdbms\Database->query(string, string)
  4. 3 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(287): Wikimedia\Rdbms\DatabaseMysqlBase->upsert(string, array, array, array, string)
  5. 4 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthPrimaryAuthenticationProvider.php(125): OpenIDConnect->saveExtraAttributes(integer)
  6. 5 /var/www/html/includes/auth/AuthManager.php(2444): PluggableAuthPrimaryAuthenticationProvider->autoCreatedAccount(User, string)
  7. 6 /var/www/html/includes/auth/AuthManager.php(1743): MediaWiki\Auth\AuthManager->callMethodOnProviders(integer, string, array)
  8. 7 /var/www/html/includes/auth/AuthManager.php(622): MediaWiki\Auth\AuthManager->autoCreateUser(User, string, boolean)
  9. 8 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(355): MediaWiki\Auth\AuthManager->continueAuthentication(array)
  10. 9 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(482): AuthManagerSpecialPage->performAuthenticationStep(string, array)
  11. 10 /var/www/html/includes/htmlform/HTMLForm.php(660): AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)
  12. 11 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(416): HTMLForm->trySubmit()
  13. 12 /var/www/html/includes/specialpage/LoginSignupSpecialPage.php(313): AuthManagerSpecialPage->trySubmit()
  14. 13 /var/www/html/includes/specialpage/SpecialPage.php(569): LoginSignupSpecialPage->execute(NULL)
  15. 14 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  16. 15 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  17. 16 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  18. 17 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  19. 18 /var/www/html/index.php(42): MediaWiki->run()
  20. 19 {main}

2019-12-06 11:49:30 5a08ee3618ad mywiki: In execute() 2019-12-06 11:49:30 5a08ee3618ad mywiki: Getting PluggableAuth singleton 2019-12-06 11:49:30 5a08ee3618ad mywiki: Class name: OpenIDConnect 2019-12-06 11:49:30 5a08ee3618ad mywiki: Redirect URL: http://localhost:8081/index.php/Special:PluggableAuthLogin 2019-12-06 11:49:30 5a08ee3618ad mywiki: In execute() 2019-12-06 11:49:30 5a08ee3618ad mywiki: Getting PluggableAuth singleton 2019-12-06 11:49:30 5a08ee3618ad mywiki: Class name: OpenIDConnect 2019-12-06 11:49:30 5a08ee3618ad mywiki: Redirect URL: http://localhost:8081/index.php/Special:PluggableAuthLogin

2019-12-06 11:49:30 5a08ee3618ad mywiki: [ec80015cd1b0fd355991d57f] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.o6LDWkJ61wiQDbe7DL1On919RoY.xezr4l8MeXzCiuVDYnhi3Btfwi1WOg6joBL_eT-DA1esNOhvnlOWiGRz4BY0GDZqUgrxAF8r0cRR4WB_jl07nXdErD8iUtZsI7s2sQZO3hVmpwvEZrRwkx4ahV48u0hao_C9E7S-sUZ8Kvtg3ovg6lLs4c0u37Ai7RSYTzHK2ukZXptZjTvh3OI4EZDc87St_9RUYMdgYyJh4G76pDdWq6fym8LvPp8Kr8Bp37VDg9TE56N-Gbp6aD_ireN9n-rvEYVn2PUf2YWcKclGQXqYZSLSetUHFF2d5G1RX-Kp2wSyRf6WhjlhSpbSKGkyYrc8c2-t1P-oZR7UDs0-DB2vkg&state=5415de77c35827ebb1c8f716c6e10855 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(165): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:30 5a08ee3618ad mywiki: [ec80015cd1b0fd355991d57f] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.o6LDWkJ61wiQDbe7DL1On919RoY.xezr4l8MeXzCiuVDYnhi3Btfwi1WOg6joBL_eT-DA1esNOhvnlOWiGRz4BY0GDZqUgrxAF8r0cRR4WB_jl07nXdErD8iUtZsI7s2sQZO3hVmpwvEZrRwkx4ahV48u0hao_C9E7S-sUZ8Kvtg3ovg6lLs4c0u37Ai7RSYTzHK2ukZXptZjTvh3OI4EZDc87St_9RUYMdgYyJh4G76pDdWq6fym8LvPp8Kr8Bp37VDg9TE56N-Gbp6aD_ireN9n-rvEYVn2PUf2YWcKclGQXqYZSLSetUHFF2d5G1RX-Kp2wSyRf6WhjlhSpbSKGkyYrc8c2-t1P-oZR7UDs0-DB2vkg&state=5415de77c35827ebb1c8f716c6e10855 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(166): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:30 5a08ee3618ad mywiki: [ec80015cd1b0fd355991d57f] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.o6LDWkJ61wiQDbe7DL1On919RoY.xezr4l8MeXzCiuVDYnhi3Btfwi1WOg6joBL_eT-DA1esNOhvnlOWiGRz4BY0GDZqUgrxAF8r0cRR4WB_jl07nXdErD8iUtZsI7s2sQZO3hVmpwvEZrRwkx4ahV48u0hao_C9E7S-sUZ8Kvtg3ovg6lLs4c0u37Ai7RSYTzHK2ukZXptZjTvh3OI4EZDc87St_9RUYMdgYyJh4G76pDdWq6fym8LvPp8Kr8Bp37VDg9TE56N-Gbp6aD_ireN9n-rvEYVn2PUf2YWcKclGQXqYZSLSetUHFF2d5G1RX-Kp2wSyRf6WhjlhSpbSKGkyYrc8c2-t1P-oZR7UDs0-DB2vkg&state=5415de77c35827ebb1c8f716c6e10855 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(168): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  5. 4 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  7. 6 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  8. 7 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  9. 8 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  10. 9 /var/www/html/index.php(42): MediaWiki->run()
  11. 10 {main}

2019-12-06 11:49:30 5a08ee3618ad mywiki: Real name: , Email: , Subject: , Issuer: https://mylink/adfs 2019-12-06 11:49:30 5a08ee3618ad mywiki: No user found with matching subject and issuer.

2019-12-06 11:49:30 5a08ee3618ad mywiki: [ec80015cd1b0fd355991d57f] /index.php/Special:PluggableAuthLogin?code=W5B5UBqUtkCYcavTHrVz9w.o6LDWkJ61wiQDbe7DL1On919RoY.xezr4l8MeXzCiuVDYnhi3Btfwi1WOg6joBL_eT-DA1esNOhvnlOWiGRz4BY0GDZqUgrxAF8r0cRR4WB_jl07nXdErD8iUtZsI7s2sQZO3hVmpwvEZrRwkx4ahV48u0hao_C9E7S-sUZ8Kvtg3ovg6lLs4c0u37Ai7RSYTzHK2ukZXptZjTvh3OI4EZDc87St_9RUYMdgYyJh4G76pDdWq6fym8LvPp8Kr8Bp37VDg9TE56N-Gbp6aD_ireN9n-rvEYVn2PUf2YWcKclGQXqYZSLSetUHFF2d5G1RX-Kp2wSyRf6WhjlhSpbSKGkyYrc8c2-t1P-oZR7UDs0-DB2vkg&state=5415de77c35827ebb1c8f716c6e10855 ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given

  1. 0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
  2. 1 /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(973): array_key_exists(string, NULL)
  3. 2 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(327): Jumbojett\OpenIDConnectClient->requestUserInfo(string)
  4. 3 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(199): OpenIDConnect::getPreferredUsername(array, Jumbojett\OpenIDConnectClient, NULL, NULL)
  5. 4 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
  6. 5 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
  7. 6 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  8. 7 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  9. 8 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  10. 9 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  11. 10 /var/www/html/index.php(42): MediaWiki->run()
  12. 11 {main}

2019-12-06 11:49:30 5a08ee3618ad mywiki: Preferred username: 2019-12-06 11:49:30 5a08ee3618ad mywiki: Available username: User 2019-12-06 11:49:30 5a08ee3618ad mywiki: Authenticated new user: User 2019-12-06 11:49:31 5a08ee3618ad mywiki: User is authorized. 2019-12-06 11:49:32 5a08ee3618ad mywiki: Real name and email address did not change. 2019-12-06 11:49:32 5a08ee3618ad mywiki: Getting PluggableAuth singleton 2019-12-06 11:49:32 5a08ee3618ad mywiki: Class name: OpenIDConnect 2019-12-06 11:49:32 5a08ee3618ad mywiki: aaaa

2019-12-06 11:49:32 5a08ee3618ad mywiki: [8da4766397b93b78864e9c76] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1587 of /var/www/html/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('80',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs' Function: OpenIDConnect::saveExtraAttributes Error: 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql)

  1. 0 /var/www/html/includes/libs/rdbms/database/Database.php(1556): Wikimedia\Rdbms\Database->getQueryExceptionAndLog(string, integer, string, string)
  2. 1 /var/www/html/includes/libs/rdbms/database/Database.php(1274): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean)
  3. 2 /var/www/html/includes/libs/rdbms/database/DatabaseMysqlBase.php(1380): Wikimedia\Rdbms\Database->query(string, string)
  4. 3 /var/www/html/extensions/OpenIDConnect/src/OpenIDConnect.php(287): Wikimedia\Rdbms\DatabaseMysqlBase->upsert(string, array, array, array, string)
  5. 4 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthPrimaryAuthenticationProvider.php(125): OpenIDConnect->saveExtraAttributes(integer)
  6. 5 /var/www/html/includes/auth/AuthManager.php(2444): PluggableAuthPrimaryAuthenticationProvider->autoCreatedAccount(User, string)
  7. 6 /var/www/html/includes/auth/AuthManager.php(1743): MediaWiki\Auth\AuthManager->callMethodOnProviders(integer, string, array)
  8. 7 /var/www/html/includes/auth/AuthManager.php(622): MediaWiki\Auth\AuthManager->autoCreateUser(User, string, boolean)
  9. 8 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(355): MediaWiki\Auth\AuthManager->continueAuthentication(array)
  10. 9 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(482): AuthManagerSpecialPage->performAuthenticationStep(string, array)
  11. 10 /var/www/html/includes/htmlform/HTMLForm.php(660): AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)
  12. 11 /var/www/html/includes/specialpage/AuthManagerSpecialPage.php(416): HTMLForm->trySubmit()
  13. 12 /var/www/html/includes/specialpage/LoginSignupSpecialPage.php(313): AuthManagerSpecialPage->trySubmit()
  14. 13 /var/www/html/includes/specialpage/SpecialPage.php(569): LoginSignupSpecialPage->execute(NULL)
  15. 14 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
  16. 15 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
  17. 16 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()
  18. 17 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()
  19. 18 /var/www/html/index.php(42): MediaWiki->run()
  20. 19 {main}

Edited 12:04, 6 December 2019 4 years ago
BrunoPenso (talkcontribs)

One thing I notice and I'm not sure if it is related to the problem is:

"Available username: User"

The extension is not reconizing me user from openid (email, realname, ...)

12:06, 6 December 2019 4 years ago
BrunoPenso (talkcontribs)

Some more erros:

Fri Dec 6 11:49:28 UTC 2019 5a08ee3618ad mywiki OpenIDConnect::saveExtraAttributes mediawiki-mysql 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql) INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('79',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs' Fri Dec 6 11:49:28 UTC 2019 5a08ee3618ad mywiki OpenIDConnect::saveExtraAttributes mediawiki-mysql 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql) INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('79',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs' Fri Dec 6 11:49:32 UTC 2019 5a08ee3618ad mywiki OpenIDConnect::saveExtraAttributes mediawiki-mysql 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql) INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('80',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs' Fri Dec 6 11:49:32 UTC 2019 5a08ee3618ad mywiki OpenIDConnect::saveExtraAttributes mediawiki-mysql 1048 Column 'oidc_subject' cannot be null (mediawiki-mysql) INSERT INTO `openid_connect` (oidc_user,oidc_subject,oidc_issuer) VALUES ('80',NULL,'https://mylink/adfs') ON DUPLICATE KEY UPDATE oidc_subject = NULL,oidc_issuer = 'https://mylink/adfs'


12:09, 6 December 2019 4 years ago
Cindy.cicalese (talkcontribs)

The root of the problem appears to be:


ErrorException from line 973 of /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php: PHP Warning: array_key_exists() expects parameter 2 to be array, null given


Looking at the code in the library, it appears to be having trouble getting the user information from the user information endpoint. It sounds like a configuration problem to me, but you could try adding some additional debugging in the reqeustUserInfo() function in /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php.

15:30, 6 December 2019 4 years ago
BrunoPenso (talkcontribs)

Hi,


I added some logs. Here is the code:

<code>

  public function requestUserInfo($attribute = null) {

wfDebugLog( 'PluggableAuth', 'attr '.$attribute);

$user_info_endpoint = $this->getProviderConfigValue("userinfo_endpoint");

wfDebugLog( 'PluggableAuth', 'endpoint '.$user_info_endpoint );

        $schema = 'openid';

        $user_info_endpoint .= "?schema=" . $schema;

wfDebugLog( 'PluggableAuth', 'endpoint1 '.$user_info_endpoint);

        //The accessToken has to be send in the Authorization header, so we create a new array with only this header.

        $headers = array("Authorization: Bearer {$this->accessToken}");

wfDebugLog( 'PluggableAuth', 'access token '.$this->accessToken);

$jsonTemp = $this->fetchURL($user_info_endpoint, null, $headers);

$user_json = json_decode($jsonTemp);

#$user_json = json_decode($this->fetchURL($user_info_endpoint,null,$headers));

wfDebugLog( 'PluggableAuth', 'user json '.$jsonTemp);

        $this->userInfo = $user_json;

        if($attribute === null) {

            return $this->userInfo;

        } else if (array_key_exists($attribute, $this->userInfo)) {

            return $this->userInfo->$attribute;

        } else {

            return null;

        }

    }

</code>


Here is the logs:

<code>

2019-12-09 00:36:34 5a08ee3618ad mywiki: attr sub

2019-12-09 00:36:34 5a08ee3618ad mywiki: endpoint https://mylink/adfs/userinfo

2019-12-09 00:36:34 5a08ee3618ad mywiki: endpoint1 https://mylink/adfs/userinfo?schema=openid

2019-12-09 00:36:34 5a08ee3618ad mywiki: access token tokenValue

2019-12-09 00:36:34 5a08ee3618ad mywiki: user json

</code>


So What I understand is that nothing is returning from https://mylink/adfs/userinfo?schema=openid. But I didn't manage to understand what is the http response code yet.


Any ideia?

00:45, 9 December 2019 4 years ago
BrunoPenso (talkcontribs)

I manage to get that the http response code is 401. Do you know where the tokenValue is generated?

00:49, 9 December 2019 4 years ago
Cindy.cicalese (talkcontribs)
14:03, 9 December 2019 4 years ago
189.86.220.160 (talkcontribs)

Hi Cindy,


I finally understand the entire process. Please help me with the situation:

- IN the begging of the openid protocol the request were made to this url mylink/userinfo?schema=openid

- But the modern openid tools looks like (I'm not totally sure) that this userInfo path is not working, because on the access_token and id_token have all the necessary information. Just a matter of opening the JWT token and get the information.


Considering that I'm not sure what is the correct point to fix it, because the method requestUserInfo is called by the extension.


DO you have any ideia?

17:22, 9 December 2019 4 years ago
BrunoPenso (talkcontribs)

Hi, I finally manage to work, but with a heavy change. Look for the first 15 lines.


<code>

    public function requestUserInfo($attribute = null) {

   wfDebugLog( 'PluggableAuth', 'attr '.$attribute);

   if ($attribute == "preferred_username") {

   $attribute = "email";

   }

   if (($attribute == "name" || $attribute == "email") && $this->getAccessTokenPayload() <> '') {

   $v = $this->getAccessTokenPayload()->{$attribute};

   return $v;

   }

    if (($attribute == "sub") && $this->getIdTokenPayload() <> '') {

   $v = $this->getIdTokenPayload()->{$attribute};

   return $v;

   }

   

   $user_info_endpoint = $this->getProviderConfigValue("userinfo_endpoint");

       $schema = 'openid';

        $user_info_endpoint .= "?schema=" . $schema;

        //The accessToken has to be send in the Authorization header, so we create a new array with only this header.

        $headers = array("Authorization: Bearer {$this->accessToken}");

    $jsonTemp = $this->fetchURL($user_info_endpoint, null, $headers);

    $code = (int)$this->getResponseCode();

    if ($code >= 300 || $code <= 100) {

   throw new OpenIDConnectClientException('The communication to retrieve user data has failed with status code '.$code);

    }

$user_json = json_decode($jsonTemp);

#$user_json = json_decode($this->fetchURL($user_info_endpoint,null,$headers));

        $this->userInfo = $user_json;

        if($attribute === null) {

            return $this->userInfo;

        } else if (array_key_exists($attribute, $this->userInfo)) {

            return $this->userInfo->$attribute;

        } else {

            return null;

        }

    }

</code>

18:59, 9 December 2019 4 years ago
Cindy.cicalese (talkcontribs)

That is a relatively substantial change, but perhaps it is necessary. I feel bad suggesting this, since you started with an issue report on that site and I suggested that you move the conversation here, but this does sound like something that should be handled in the library rather than having the client need to know about the details of where the particular attributes should be fetched from. It seems that this should be abstracted away from the client code. You could open another issue there or reopen the one that you closed and point to this discussion here.

22:44, 9 December 2019 4 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vccf2nuebpe1ec5x"