Topic on User talk:Cindy.cicalese

Hi Cindy,

I hope you are doing well.

Below are the error message i’ve received in my wiki when i wanted to check on special version page whether simplesamlphp and pluggableauth extension already available or not. I’m using simplesamlphp 1.35 and pluggableauth 1.35 and my mediawiki ver is 1.32. I will connect with Azure AD for SSO but i haven’t sent anything to Azure admin yet on the metadata since i got this error below:

Warning: require_once(/htdocs/simplesamlphplib/lib/_autoload.php): failed to open stream: No such file or directory in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203

Fatal error: require_once(): Failed opening required '/htdocs/simplesamlphplib/lib/_autoload.php' (include_path='E:\Apache24\htdocs\vendor/pear/console_getopt;E:\Apache24\htdocs\vendor/pear/mail;E:\Apache24\htdocs\vendor/pear/mail_mime;E:\Apache24\htdocs\vendor/pear/net_smtp;E:\Apache24\htdocs\vendor/pear/net_socket;E:\Apache24\htdocs\vendor/pear/pear-core-minimal/src;E:\Apache24\htdocs\vendor/pear/pear_exception;.;C:\php\pear') in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203

Other than that, i also received error at simplesamlphp library. It says Configuration error. And the debug information shows as “SimpleSAML\Error\CriticalConfigurationError: The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.” Fyi, I put SimpleSamlPhp and pluggableauth extensions in extensions folder while the simplesamlphplib (from simplesamlphp.org), i put in htdocs folder.

I only added relevant code below in localsettings.php

1. PluggableAuth

wfLoadExtension( 'PluggableAuth' ); $wgPluggableAuth_EnableAutoLogin = true; $wgPluggableAuth_EnableLocalLogin = false; $wgPluggableAuth_EnableLocalProperties = false; //$wgPluggableAuth_ButtonLabelMessage = "PluggableAuth Login"; //$wgPluggableAuth_Class = 'SimpleSAMLphp'; $wgGroupPermissions['*']['createaccount'] = true; $wgGroupPermissions['*']['autocreateaccount'] = true;

1. SimpleSAMLphp

wfLoadExtension( 'SimpleSAMLphp' ); $wgSimpleSAMLphp_InstallDir = "/htdocs/simplesamlphplib"; $wgSimpleSAMLphp_AuthSourceId = "default-sp"; $wgSimpleSAMLphp_RealNameAttribute = "givenName"; $wgSimpleSAMLphp_EmailAttribute = "mail"; $wgSimpleSAMLphp_UsernameAttribute = "uid";

Appreciate your help.

I’ve changed from http to https://127.0.01/simplesamlphplib/www and it works. It says congratulations, you have successfully installed SimpleSamlphp. And now i shoud configure the baseurl and metadata accordingly. But at the top header it shows certificate error. Do i need to do something about it?

Also, i still get this warning error when I go to my mediawiki page. Do i need to exchange metadata to idp(azure) first and configure accordingly to be able to logon to the page or even check on special page? Is there anything that i should be concerned of based on error message below:

Warning: require_once(/htdocs/simplesamlphplib/lib/_autoload.php): failed to open stream: No such file or directory in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203

Fatal error: require_once(): Failed opening required '/htdocs/simplesamlphplib/lib/_autoload.php' (include_path='E:\Apache24\htdocs\vendor/pear/console_getopt;E:\Apache24\htdocs\vendor/pear/mail;E:\Apache24\htdocs\vendor/pear/mail_mime;E:\Apache24\htdocs\vendor/pear/net_smtp;E:\Apache24\htdocs\vendor/pear/net_socket;E:\Apache24\htdocs\vendor/pear/pear-core-minimal/src;E:\Apache24\htdocs\vendor/pear/pear_exception;.;C:\php\pear') in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203

It looks like the problem is:

$wgSimpleSAMLphp_InstallDir = "/htdocs/simplesamlphplib";

That should be the full file system path to where the library is installed. I notice that the extension is installed at E:\Apache24\htdocs\extensions\SimpleSAMLphp. Is E:\Apache24 missing from the path?

Yeah! I think i’ve solved that one. But now it shows different error: [81fadbf837770d39b2164025] 2021-11-11 02:43:20: Fatal exception of type "InvalidArgumentException"

Is it because i didn’t set up the idp on my end yet or it’s a different issue? Just so u know, i’m using php 7.3.28. Everything is fine from the simplesamplphp installation page on the sanity check and php installation. I only don’t have LDAP Extension, predis, And memcache extension.

As for the warnings. It only shows core: frontpage: warnings_secretsalt.

That is not enough information to be able to figure out the source and cause of the error. You would need to look at the stack trace.

Internal error Jump to navigationJump to search [57e819a89ff1f7965dc9f1f6] /index.php/Special:PluggableAuthLogin InvalidArgumentException from line 203 of E:\Apache24\htdocs\includes\session\SessionManager.php: Invalid session ID Backtrace:

1. 0 E:\Apache24\htdocs\includes\session\PHPSessionHandler.php(215): MediaWiki\Session\SessionManager->getSessionById(string, boolean)
2. 1 [internal function]: MediaWiki\Session\PHPSessionHandler->read(string)
3. 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandlerPHP.php(392): session_start()
4. 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(172): SimpleSAML\SessionHandlerPHP->setCookie(string, string, array)
5. 4 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(299): SimpleSAML\Session->__construct()
6. 5 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Auth\Simple.php(53): SimpleSAML\Session::getSessionFromRequest()
7. 6 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(208): SimpleSAML\Auth\Simple->__construct(string)
8. 7 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(104): SimpleSAMLphp::getSAMLClient()
9. 8 E:\Apache24\htdocs\extensions\PluggableAuth\includes\PluggableAuthLogin.php(36): SimpleSAMLphp->authenticate(NULL, NULL, NULL, NULL, NULL)
10. 9 E:\Apache24\htdocs\includes\specialpage\SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
11. 10 E:\Apache24\htdocs\includes\specialpage\SpecialPageFactory.php(568): SpecialPage->run(NULL)
12. 11 E:\Apache24\htdocs\includes\MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
13. 12 E:\Apache24\htdocs\includes\MediaWiki.php(860): MediaWiki->performRequest()
14. 13 E:\Apache24\htdocs\includes\MediaWiki.php(517): MediaWiki->main()
15. 14 E:\Apache24\htdocs\index.php(42): MediaWiki->run()
16. 15 {main}

It is the same error as in this forum: https://www.mediawiki.org/wiki/Topic:Ux3y0zkubjm5zge5

Hence, I've tried your recommendation in the topic. See Extension:SimpleSAMLphp#Known_Bugs for a solution.

I only change 'store.type' => 'phpsession', to 'sql' as you can see from code below and then I received a different error which I will paste at the bottom of the code.

/****************************

    | DATA STORE CONFIGURATION |
    ****************************/

   /*
    * Configure the data store for SimpleSAMLphp.
    *
    * - 'phpsession': Limited datastore, which uses the PHP session.
    * - 'memcache': Key-value datastore, based on memcache.
    * - 'sql': SQL datastore, using PDO.
    * - 'redis': Key-value datastore, based on redis.
    *
    * The default datastore is 'phpsession'.
    */
   'store.type'                    => 'sql',
   /*
    * The DSN the sql datastore should connect to.
    *
    * See http://www.php.net/manual/en/pdo.drivers.php for the various
    * syntaxes.
    */
  'store.sql.dsn'                 => 'sqlite:/path/to/sqlitedatabase.sq3',

   /*
    * The username and password to use when connecting to the database.
    */
   'store.sql.username' => null,
   'store.sql.password' => null,

   /*
    * The prefix we should use on our tables.
    */
   'store.sql.prefix' => 'SimpleSAMLphp',

   /*
    * The hostname and port of the Redis datastore instance.
    */
   'store.redis.host' => 'localhost',
   'store.redis.port' => 6379,

   /*
    * The prefix we should use on our Redis datastore.
    */
   'store.redis.prefix' => 'SimpleSAMLphp',

];

[048838530ce5896198695c49] /index.php/Special:PluggableAuthLogin Exception from line 67 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: Database error: could not find driver Backtrace:

1. 0 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store.php(52): SimpleSAML\Store\SQL->__construct()
2. 1 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(138): SimpleSAML\Store::getInstance()
3. 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(43): SimpleSAML\SessionHandler::createSessionHandler()
4. 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(332): SimpleSAML\SessionHandler::getSessionHandler()
5. 4 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(263): SimpleSAML\Session::getSession()
6. 5 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Auth\Simple.php(53): SimpleSAML\Session::getSessionFromRequest()
7. 6 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(208): SimpleSAML\Auth\Simple->__construct(string)
8. 7 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(104): SimpleSAMLphp::getSAMLClient()
9. 8 E:\Apache24\htdocs\extensions\PluggableAuth\includes\PluggableAuthLogin.php(36): SimpleSAMLphp->authenticate(NULL, NULL, NULL, NULL, NULL)
10. 9 E:\Apache24\htdocs\includes\specialpage\SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
11. 10 E:\Apache24\htdocs\includes\specialpage\SpecialPageFactory.php(568): SpecialPage->run(NULL)
12. 11 E:\Apache24\htdocs\includes\MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
13. 12 E:\Apache24\htdocs\includes\MediaWiki.php(860): MediaWiki->performRequest()
14. 13 E:\Apache24\htdocs\includes\MediaWiki.php(517): MediaWiki->main()
15. 14 E:\Apache24\htdocs\index.php(42): MediaWiki->run()
16. 15 {main}

Version MediaWiki 1.32.2 PHP 7.3.28 (apache2handler) MariaDB 10.2.33-MariaDB-log PluggableAuth= 1.35 SimpleSAMLPhp=1.35

Do I need to add the username and password to connect to the database? In our end, I believe we are not supposed to hardcoded the username/password since we have our own IT Privileged Access which requires a second factor authentication in order to provide additional security measures in the login process. But since we are on-premise, do let me know if there is a workaround. Hopefully this is not the case.

You need to fix the value of store.sql.dsn to point to your database.

Hi Cindy,

Thank you so much for your help!

I’ve fixed the value of store.sql.dsn to my database accordingly with username and password.

'store.type' => 'sql', 'store.sql.dsn' => 'mysql:host=xxxx;port=xxxx;dbname=xxxxx', 'store.sql.username' => '[username]', 'store.sql.password' => '[pass]',

Then I received a different error as below. FYI, the user permission below is only able to SELECT, INSERT, UPDATE and DELETE in wiki database. Normally for CREATE command can only be done by our database administrator team which use a different id that is more powerful. Based on my experience installing the useragreement extension last time, the current id that I'm using has been denied to create a TABLE and the workaround was to ask the database admin team to create a table for us. In this case, does it mean I need to get the database administrator team powerful id and password to be added here or is there any syntax error going on? Btw, I haven't configured the metadata yet because i’m waiting for the azure team to exchange the idp and I believe that’s one of the reason we still see all the authentication error below.

[08c4d38a43fb4c1b6990850d] /index.php/Special:PluggableAuthLogin PDOException from line 95 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42000]: Syntax error or access violation: 1142 CREATE command denied to user 'xxxxxxx'@'IP' for table 'SimpleSAMLphp_tableVersion' Backtrace:

1. 0 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(95): PDO->exec(string)
2. 1 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(77): SimpleSAML\Store\SQL->initTableVersionTable()
3. 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store.php(52): SimpleSAML\Store\SQL->__construct()
4. 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(138): SimpleSAML\Store::getInstance()
5. 4 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(43): SimpleSAML\SessionHandler::createSessionHandler()
6. 5 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(332): SimpleSAML\SessionHandler::getSessionHandler()
7. 6 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(263): SimpleSAML\Session::getSession()
8. 7 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Auth\Simple.php(53): SimpleSAML\Session::getSessionFromRequest()
9. 8 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(208): SimpleSAML\Auth\Simple->__construct(string)
10. 9 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(104): SimpleSAMLphp::getSAMLClient()
11. 10 E:\Apache24\htdocs\extensions\PluggableAuth\includes\PluggableAuthLogin.php(36): SimpleSAMLphp->authenticate(NULL, NULL, NULL, NULL, NULL)
12. 11 E:\Apache24\htdocs\includes\specialpage\SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
13. 12 E:\Apache24\htdocs\includes\specialpage\SpecialPageFactory.php(568): SpecialPage->run(NULL)
14. 13 E:\Apache24\htdocs\includes\MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
15. 14 E:\Apache24\htdocs\includes\MediaWiki.php(860): MediaWiki->performRequest()
16. 15 E:\Apache24\htdocs\includes\MediaWiki.php(517): MediaWiki->main()
17. 16 E:\Apache24\htdocs\index.php(42): MediaWiki->run()
18. 17 {main}

Thanks in advance!

Yes, they will need to create the table.

I've asked the database admin team to grant the user id a CREATE command ability temporary . Once they granted the permission, I re-run the code below. (Before that, I commented out the code so that it won't show any error in the wiki page.)

'store.type' => 'sql', 'store.sql.dsn' => 'mysql:host=xxxx;port=xxxx;dbname=xxxxx', 'store.sql.username' => '[username]', 'store.sql.password' => '[pass]',

Once I re-run or resaved, I try to run the wiki page and the SimpleSAMLPhp page, it shows below error. I've communicated with the database admin team on the error below and they said the table has been created about 10-20 minutes ago, probably when they granted a CREATE table access to the user id that I used which might be the same time that I was trying to do something on the config.php file. Based on the forum that I have read here: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'users' already exists · Issue #1116 · spatie/laravel-medialibrary · GitHub there are people that suggested to DROP the table and re-run again. Do you think that would be the case? Is this supposed to be a one-time configuration where I shouldn't re-saved or re-run it multiple times. I really appreciate your thoughts and recommendation.

[acb3c984ef5311d0f7784f6f] /index.php/Special:PluggableAuthLogin PDOException from line 175 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists Backtrace:

1. 0 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(175): PDO->exec(string)
2. 1 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(78): SimpleSAML\Store\SQL->initKVTable()
3. 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store.php(52): SimpleSAML\Store\SQL->__construct()
4. 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(138): SimpleSAML\Store::getInstance()
5. 4 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(43): SimpleSAML\SessionHandler::createSessionHandler()
6. 5 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(332): SimpleSAML\SessionHandler::getSessionHandler()
7. 6 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Session.php(263): SimpleSAML\Session::getSession()
8. 7 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Auth\Simple.php(53): SimpleSAML\Session::getSessionFromRequest()
9. 8 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(208): SimpleSAML\Auth\Simple->__construct(string)
10. 9 E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php(104): SimpleSAMLphp::getSAMLClient()
11. 10 E:\Apache24\htdocs\extensions\PluggableAuth\includes\PluggableAuthLogin.php(36): SimpleSAMLphp->authenticate(NULL, NULL, NULL, NULL, NULL)
12. 11 E:\Apache24\htdocs\includes\specialpage\SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
13. 12 E:\Apache24\htdocs\includes\specialpage\SpecialPageFactory.php(568): SpecialPage->run(NULL)
14. 13 E:\Apache24\htdocs\includes\MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
15. 14 E:\Apache24\htdocs\includes\MediaWiki.php(860): MediaWiki->performRequest()
16. 15 E:\Apache24\htdocs\includes\MediaWiki.php(517): MediaWiki->main()
17. 16 E:\Apache24\htdocs\index.php(42): MediaWiki->run()
18. 17 {main}

Below are database settings in Localsettings.php in case it has something to do with the permission which is not a $wgDBadminuser and the database type is being set as "mysql" instead of "sql".

1. 1. Database settings

$wgDBtype = "mysql"; $wgDBserver = "xxxxxxx"; $wgDBname = "xxxxxx"; $wgDBuser = "xxxxxx"; $wgDBpassword = "xxxxxxxxx";

Hi Cindy,

Sorry for bothering you.

I have tried to drop the table and it still shows the same error since it’s recreating the table the moment i refresh the simplesaml site. Then i have revoked my Create command access since i thought it may detected my user id to attempt in creating a table and apparently it shows this error, the database team said that the table is already existed, i think it may be because something else like the syntax or such, do u have anything on your mind? :

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION Backtrace: 1 www\_include.php:17 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: PDOException: SQLSTATE[42000]: Syntax error or access violation: 1142 CREATE command denied to user 'user'@'IP' for table 'SimpleSAMLphp_kvstore' Backtrace: 10 lib\SimpleSAML\Store\SQL.php:175 (PDO::exec) 9 lib\SimpleSAML\Store\SQL.php:175 (SimpleSAML\Store\SQL::initKVTable) 8 lib\SimpleSAML\Store\SQL.php:78 (SimpleSAML\Store\SQL::__construct) 7 lib\SimpleSAML\Store.php:52 (SimpleSAML\Store::getInstance) 6 lib\SimpleSAML\SessionHandler.php:138 (SimpleSAML\SessionHandler::createSessionHandler) 5 lib\SimpleSAML\SessionHandler.php:43 (SimpleSAML\SessionHandler::getSessionHandler) 4 lib\SimpleSAML\Session.php:332 (SimpleSAML\Session::getSession) 3 lib\SimpleSAML\Session.php:263 (SimpleSAML\Session::getSessionFromRequest) 2 modules\core\www\frontpage_welcome.php:5 (require) 1 lib\SimpleSAML\Module.php:266 (SimpleSAML\Module::process) 0 www\module.php:10 (N/A)

That sounds like a problem with the configuration of the simplesaml library. You might try asking for help in their forum to find somebody with more experience with that library.