Topic on Extension talk:SimpleSAMLphp

Hello,

In examples I have seen to get this up and running, there is mention of authSourceId as default-sp (inside of $wgPluggableAuth_Config). Where is default-sp configured? There is also mention of a config.php file but I cannot find this in the installation folder for the simplesamlphp extension. Specifically, I am missing how to setup the SP metadata and also, ingest the IdP metadata into mediawiki for SAML authentication. Any help will be greatly appreciated, thank you.

This is where I am so far

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = true; //false

$wgPluggableAuth_EnableLocalProperties = false;

$wgGroupPermissions['*']['autocreateaccount'] = true;

# adding SimpleSAMLphp extension

wfLoadExtension( 'SimpleSAMLphp' );

# SimpleSAMLphp install directory. Required.

$wgSimpleSAMLphp_InstallDir = '/extensions/SimpleSAMLphp/src';

$wgPluggableAuth_Config['Log in using Banks SAML'] = [

    'plugin' =>   'SimpleSAMLphp',

    'data'   => [

'authSourceId'      => 'default-sp',

'usernameAttribute' => '...emailaddress',

'realNameAttribute' => '...name',

'emailAttribute'    => '...emailaddress'

                ]

];

@Cindy.cicalese

Really sorry for tagging you Cindy if I am not supposed to. I am doing so because I see you an author for SimpleSamlphp and really need help. Thank you.

Note: took out the preceding part of the user attributes cause my topic was being warned as having spam links

The SAML ServiceProvider must be set up with the independent application SimpleSAMLphp: https://simplesamlphp.org/

Learn more about how to configure the SP here: https://simplesamlphp.org/docs/stable/simplesamlphp-sp.html

Be aware that $wgSimpleSAMLphp_InstallDir is not supposed to point to the MediaWiki extension codebase but the standalone application.

See Extension:SimpleSAMLphp#Example_for_MW_1.39 for an example.

Thank you very much. I had no idea simplesamlphp (the mediawiki extension) is different from simplesamlphp (from simplesaml.org). Since then, I have installed SimpleSAMLphp in my application at /var/simplesamlphp (version 2.2.1). But I get an error when trying to hit the admin page of simplesamlphp. Logs show a 500 error when trying to GET /mediawiki/var/simplesamlphp/public/module.php. Any help will be appreciated.

I also get this error when I try to login with SAML

PHP Deprecated: Creation of dynamic property Less_Tree_Dimension::$parensInOp is deprecated in /mediawiki/vendor/wikimedia/less.php/lib/Less/Parser.php

Here are relevant contents of my LocalSettings.php file

# adding PluggableAuth extension

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = true; //false

$wgPluggableAuth_EnableLocalProperties = false;

$wgGroupPermissions['*']['autocreateaccount'] = true;

#adding SimpleSAMLphp extension

wfLoadExtension( 'SimpleSAMLphp' );

#SimpleSAMLphp install directory. Required.

$wgSimpleSAMLphp_InstallDir = 'var/simplesaml';

// SAML AuthENTICATION (Tell Mediawiki "WHO" the user "IS")

$wgPluggableAuth_Config['Log in using SAML'] = [

    'plugin' =>   'SimpleSAMLphp',

    'data'   => [

'authSourceId'      => 'default-sp',

'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',

'realNameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',

'emailAttribute'    => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'

                ]

];

You can ignore the PHP Deprecated: message. It does not do any harm.

Regarding your issue with the SimpleSAMLphp application: It there is an error 500, there should be an entry in the PHP error log as well, that provides additional information.

Also make sure to closely follow the instructions on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html

For further help on how to install and configure the SimpleSAMLphp application I recommend asking on their chat / mailing list: https://simplesamlphp.org/support/

Understood and thank you. I will try their support. Not sure if I should be looking else where but when I look in the logstream of the app service (Azure App service running php 8.x on linux) all I see is the 500 and no additional details. Please share any other place I should be looking. Not great with linux so I may be missing something very obvious.