Topic on User talk:Cindy.cicalese

issue whene using SSO against Azure AD with PluggableAuth and OpenIDconnect

3 comments • 14:17, 16 June 2023 10 months ago
3
Raoufgui (talkcontribs)

Hello Cindy.cicalese

I need your help please !

i implement a SSO in my MW 1.39 against Azure AD

all thing work fine whene i click the login button i am redirect to microsoft interface to use email to authentificate, But whene i click on mail i get this message :


"Désolé, nous rencontrons des problèmes pour vous connecter.

AADSTS900971: No reply address provided."


i configure my redirect URI in Azure AD like this :

https://myserever/index.php/Special:PluggableAuthLogin

NB : NO SSL certificate installed on my MW server


the log show no error and it indicate that OpenIDConnect use Redirect URL


http://myserever/index.php?title=Sp%C3%A9cial:PluggableAuthLogin


[OpenIDConnect] Redirect URL: http://myserver/index.php?title=Sp%C3%A9cial:PluggableAuthLogin

[DBQuery] JobQueueDB::doGetSiblingQueuesWithJobs [0.001s] localhost: SELECT  DISTINCT job_cmd  FROM .....


which the right Redirect URI should i put  ? does i miss configuration of a plugin in my MW OR in AZURE AD side ?


I need your help please thanks

Reply Edited 21:45, 15 June 2023 10 months ago
Cindy.cicalese (talkcontribs)

I'm wondering whether the form of the redirect URL might be the problem. If you check the Known Issues, you can see:

  • Wikis that use URLs of the form https://example.org/w/index.php?title=Page_title (i.e. having the page title provided as a query parameter) will not be redirected correctly to complete the authentication flow. Instead, URLs must be of the form https://example.org/w/index.php/Page_title, which can be accomplished by using short URLs or by setting $wgArticlePath appropriately.
Reply 22:02, 15 June 2023 10 months ago
Raoufgui (talkcontribs)

HI @Cindy.cicalese

Thank you very much for reply

i tried to configure shot URL on MW but not succeed

i put this configuration in my virtualhost  :


DocumentRoot /app/httpd/www/wiki-test/current

DirectoryIndex index.php

AllowOverride ALL

RewriteEngine On

RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]

RewriteRule ^/*$ %{DOCUMENT_ROOT}/index.php [L]

i put this configuration in LocalSettings.php

$wgScriptPath = "";

$wgScriptExtension = ".php";

$wgArticlePath = "/wiki/$1";

$wgUsePathInfo = true;


I see any change, my MW still show page in this format "http://myserer/ndex.php?title=Page_tile" on the navigator

but the log show that OpenIDConnect use ,now, Redirect URL

http://signxpapp006.srv.sigma.host/wiki/Sp%C3%A9cial:PluggableAuthLogin"

[OpenIDConnect] Redirect URL: http://signxpapp006.srv.sigma.host/wiki/Sp%C3%A9cial:PluggableAuthLogin

[session] SessionBackend.......


before (in my previous comment )it was

http://myserever/index.php?title=Sp%C3%A9cial:PluggableAuthLogin


but i still have the problème AADSTS900971: No reply address provided."

i update the the reply URl on Azure AD side by the new one but i have the same problem


whereis the problem please ?


Thanks very much

Reply 14:17, 16 June 2023 10 months ago
Reply to "issue whene using SSO against Azure AD with PluggableAuth and OpenIDconnect"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Xk3tw35wwa0vqxhr"