Topic on Project:Support desk

Mediawiki 1.32.2 Php: 7.3.28 apache2handler Mariadb:10.2.33

Simplesamlphp extension: 1.35 (github)

Pluggableauth extension: 1.35(github) Simplesamlphp software:1.19.3

I’n trying to implement SSO in Azure AD for on prem

[acb3c984ef5311d0f7784f6f] /index.php/Special:PluggableAuthLogin PDOException from line 175 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists Backtrace:

0 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(175): PDO->exec(string) 1 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(78): SimpleSAML\Store\SQL->initKVTable() 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store.php(52): SimpleSAML\Store\SQL->__construct() 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(138): SimpleSAML\Store::getInstance() … .”

Anyone familiar with this error? My user id has just received CREATE Command permmission to create the table and once the access has been granted it shows that the table has already existed. Do you think i should drop the table and re-run again? I will need to get approval before do any changes on our database. Is there anything i need to be cautious when setting this up.

Let me know if its a different case.

Thanks

The MediaWiki extension SimpleSAMLphp does not maintain itself a database, and according to the paths it it the library SimpleSAMLphp which triggers this error, so you should search in their documentation.

Make working the library is 80% of the work (they have a test to verify it is working independently of MediaWiki), then, when it works, the MediaWiki extension can be connected through the library.

MediaWiki 1.32.2 PHP 7.3.28 (apache2handler) MariaDB 10.2.33-MariaDB-log PluggableAuth= 1.35 SimpleSAMLPhp=1.35

Checking your PHP installation Yes Required PHP Version >= 7.1. You run: 7.3.28 Yes Required Date/Time Extension Yes Required Hashing function Yes Required ZLib Yes Required OpenSSL Yes Required XML DOM Yes Required RegEx support Yes Required JSON support Yes Required Standard PHP Library (SPL) Yes Required Multibyte String Extension Yes Optional cURL (required if automatic version checks are used, also by some modules. Yes Optional Session Extension (required if PHP sessions are used) Yes Optional PDO Extension (required if a database backend is used) no Optional LDAP Extension (required if an LDAP backend is used) no Optional predis/predis (required if the redis data store is used) no Optional Memcache or Memcached Extension (required if a Memcached backend is used) Yes Recommended technicalcontact_email option set Yes Required auth.adminpassword option set

What I have tested: 1. The table above shows only 3 things are not available when I'm checking my PHP installation. We are not using LDAP extension and we did not setup for predis or memcache and not sure whether we need to install either two.

2. E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists- this error only displayed when I change the datastore type from 'phpsession' to 'sql' in the config.php file. If I change back to phpsession, it will shows a different error to my wiki page" [57e819a89ff1f7965dc9f1f6] /index.php/Special:PluggableAuthLogin InvalidArgumentException from line 203 of E:\Apache24\htdocs\includes\session\SessionManager.php: Invalid session ID".

My configuration in config.php file are as below: 'store.type' => 'sql',

'store.sql.dsn' => 'mysql:host=xxx;port=xxxxdbname=xxxx', 'store.sql.username' => 'xxx', 'store.sql.password' => 'xxxx',

3. I have tested the authentication for default-sp and it redirects me to IDP. After entering my credentials, I've been redirected back to the test page with list of attributes. But, in simplesatlphpinstallation page, it already shows SAML 2.0 IDP as green and checked.

4. As for PHP Sanity page, everything is green and no error display.

5. In the federation tab, it shows our SAML 2.0 SP metadata and SAML 2.0 IdP Metadata (Trusted). It looks fine and I exchange the Metadata to IDP(Azure) and it has reflected in this page.

6. When I declare the PluggableAuth and SimpleSAMLphp extensions in localsettings.php, it was able to update in special version page. But now, I've commented out the code below since the library itself not working by showing E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists

1. PluggableAuth
2. wfLoadExtension( 'PluggableAuth' );
3. $wgPluggableAuth_EnableAutoLogin = false;
4. $wgPluggableAuth_EnableLocalLogin = false;
5. $wgPluggableAuth_EnableLocalProperties = false;
6. $wgPluggableAuth_ButtonLabelMessage = "Login";
7. $wgPluggableAuth_Class = 'SimpleSAMLphp';
8. $wgGroupPermissions['*']['createaccount'] = true;
9. $wgGroupPermissions['*']['autocreateaccount'] = true;

1. SimpleSAMLphp
2. wfLoadExtension( 'SimpleSAMLphp' );
3. $wgSimpleSAMLphp_InstallDir = "E:\Apache24\htdocs\simplesamlphplib";
4. $wgSimpleSAMLphp_AuthSourceId = "default-sp";
5. $wgSimpleSAMLphp_RealNameAttribute = [ 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];
6. $wgSimpleSAMLphp_EmailAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
7. $wgSimpleSAMLphp_UsernameAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid';

I'm not sure what else could be the misconfiguration in the simplesamlphp library that can cause the table to recreate. :(

User:Seb35

I’m sorry, I have no idea how to solve it. In my case I used SQLite, perhaps you can try, it’s quick and simple: in config.php: 'store.type' => 'sql','store.sql.dsn' => 'sqlite:/tmp/sessions.sqlite',. In any case, store.type=phpsession is reported as non-working.

EDIT: well, /tmp is on Linux, obviously you have to adapt it on Windows.