Cindy.cicalese
Previous discussion was archived at User talk:Cindy.cicalese/Archive 1 on 2017-03-17.
Hello
I implement SSO on my MW using PluggableAuth en OpenID connect and i configure the group mapping with Azure AD
Now i would like to create a Local user accout on my MW and add it to this mapped group (the accout dont exist on Azure side it will be created only on MW side)
Does it feasible plesae ? Does this user will be able to connect localy using login/pwd and have the same rights of mapped group ?
Thanks
Yes, this should be working. If you "enable local login" in PluggableAuth, such a user can authenticate directly against the wiki, rather than against Azure AD. In case of a local authentication no group sync will be applied at all, so the manually assigned groups will not be lost.
Hi Cindy,
I hope you are doing well. I am trying to set up OpenIDConnect with PluggableAuth to use Azure AD. However, I'm facing an issue where, upon attempting to log in to Mediawiki, I am not directed to Azure for authentication. Instead, I receive the message "The supplied credentials could not be authenticated." I'm not sure what I am missing in this setup. I have already ensured that the tenant ID, Client Secret, and Client ID are all correctly set and Files that I configured:
"jumbojett/openid-connect-php": "^0.9.10"
<?php
error_reporting( E_ALL );
ini_set( 'display_errors', 1 );
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
$wgSitename = "My Website Name";
$wgMetaNamespace = "My_Website_Name";
$wgScriptPath = "/mediawikiNEW";
$wgServer = "";
$wgResourceBasePath = $wgScriptPath;
$wgLogos = [
'1x' => "$wgResourceBasePath/resources/assets/change-your-logo.svg",
'icon' => "$wgResourceBasePath/resources/assets/change-your-logo-icon.svg",
];
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "";
$wgPasswordSender = "";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "myDatabse";
$wgDBuser = "mediaUser";
$wgDBpassword = "Password";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
# Shared database table
# This has no effect unless $wgSharedDB is also set.
$wgSharedTables[] = "actor";
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
/* $wgMainCacheType = CACHE_ACCEL;
$wgSessionCacheType = CACHE_DB; */
$wgMemCachedServers = [];
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";
$wgUseInstantCommons = false;
$wgPingback = true;
$wgLanguageCode = "en";
# Time zone
$wgLocaltimezone = "America/New_York";
$wgSecretKey = "SercretKey";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgUpgradeKey = "UpgradeKey";
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
## Default skin: you can change the default skin. Use the internal symbolic
## names, e.g. 'vector' or 'monobook':
$wgDefaultSkin = "vector";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MinervaNeue' );
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# visual editor
wfLoadExtension( 'VisualEditor' );
$wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";
$wgHiddenPrefs[] = 'visualeditor-enable';
# create page
wfLoadExtension( 'CreatePageUw' );
$wgCreatePageUwUseVE = true;
### Azure directory extensions or config
$wgGroupPermissions['*']['createaccount'] = true;
$wgGroupPermissions['*']['autocreateaccount'] = true;
#PluggableAuth
wfLoadExtension( 'PluggableAuth' );
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = false; # if this set to true allows local login without azure auth
$wgPluggableAuth_EnableLocalProperties = false;
$wgPluggableAuth_EnableFastLogout =true;
$wgPluggableAuth_ButtonLabelMessage = 'Login';
$wgPluggableAuth_Class = 'OpenIDConnect';
# OpenIDConnect config
wfLoadExtension( 'OpenIDConnect' );
$wgPluggableAuth_Config[] = [
"My Login" => [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => '',
'clientID' => 'ID',
'clientsecret' => 'secret'
],
'scope' => [ 'openid', 'profile', 'email' ]
]
];
$wgOpenIDConnect_UseRealNameAsUserName = true;
# ShortURL Config
wfLoadExtension( 'ShortUrl' );
/* $wgShortUrlTemplate = '/mediawikiNEW/wiki/$1'; */
$wgArticlePath = "/mediawikiNEW/$1";
You should rename this file to composer.local.json
You should not edit this file. Adding the line above to composer.local.json shoudl be sufficient. Then, you would need to run "composer update" or "composer install" from the root MediaWiki directory.
Please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log.
Hello
@Cindy.cicalese first i woulk like to thank you very much for your support, finally i can implement SSO with AD Azure using OpenIDConnect and PluggableAuth_Config.
Now after login i have permission error
You do not have permission to read this page, for the following reason:
The action you have requested is limited to users in one of the groups: Administrators, app_wiki_usr
Acutally i have the groupe "app_wiki_usr" on my MW and it has a "READ" permission
$wgGroupPermissions['app_wiki_usr']['read'] = true;
1- should I create the same groupe on Azure AD and add users to IT ?
2- for mapping group do you confirm that I should add on $wgPluggableAuth_Config ONYLY this lines bellow ?
'groupsyncs' => [
[
'type' => 'mapped',
'map' => [
'app_wiki_usr' => [ 'groups' => 'app_wiki_usr' ],
]
]
];
Have a nice day
I'm so glad you've gotten it working. If there was anything that you had to do that was accurately represented in the instructions on the extension wiki page, please update it.
The answer to your question depends on where you want you system administrator to manage the user permissions: in the wiki or in Azure AD. Either would work. If you want to administer the permissions in the wiki, a user with bureaucrat permissions would do so on page Special:UserRights. If you want to administer the permissions in Azure AD, you would add the code you indicate above or similar. What I do not know is what attribute name the group information will be provided in by Azure AD. 'groups' is a popular choice. You will need to make sure whatever attribute name is provided in Azure AD matches what is in the config snippet above.
Hello @Cindy.cicalese
Yes i will update pages that need to be updated.
excuse me i have some confusion from what you said
for me permission will be administrated from Azure AD Side
the group created on Azure Ad by Ad administrator is named "DSI - Wiki - USER", it contains all user allowed to connect to MW
in MW we have a group named "app_wiki_usr"
$wgGroupPermissions['app_wiki_usr']['read'] = true;
1- what do you mean please by attribute name does it the Objecttype and how to get it ?
2- should i have the same name of group in MW and Azure AD ?
3-second configure the mapping , here what should i put at this line ?
' (which group AD or MW)' => [ 'attribute name of AD group "DSI - Wiki - USER"' => '(which group AD or MW)' ],
Thanks
1) When the groups are synchronized between Azure AD and MediaWiki, the MediaWiki code will request the attributes provided by Azure AD. What is in the response depends upon how Azure AD is configured. The group information will be in the structure that is returned as the response to that request. The attribute name that is used to index into the resulting data structure is what you will need. If you don't know what is in that structure, you could add some debugging to https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/PluggableAuth/+/refs/heads/master/includes/Group/GroupProcessorRunner.php#51 to show what is returned in pluginAttributes.
2) It does not matter whether those names are the same.
3) <name of MW group> => [ <name of AD attribute> => <name of AD group> ]
<name of MW group> is the name you want the group to have on the MW side
<name of AD attribute> is the attribute name referred to in 1) above
<name of AD group> is the name of the group in AD that you want to have mapped to the MW group
Hello
Both OpenID Connect and PluggableAuth are well configured on MW
I also correctly configure the Redirect URI and i don't have the problem of No reply address provided"
after i click on microsoft interface to login with my email i get message indicate "Erreur fatale durant l’authentification de l’utilisateur"
when i chek a log message i found a time out in curl commande
[OpenIDConnect] Jumbojett\OpenIDConnectClientException: Curl error: (28) Connection timed out after 60000 milliseconds in /MW-path-install/extensions/OpenIDConnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php:1495
what is the probleme exactly ? does it a problem of network flow between My server and azure AD ?
Thanks
Hello Cindy.cicalese
I need your help please !
i implement a SSO in my MW 1.39 against Azure AD
all thing work fine whene i click the login button i am redirect to microsoft interface to use email to authentificate, But whene i click on mail i get this message :
"Désolé, nous rencontrons des problèmes pour vous connecter.
AADSTS900971: No reply address provided."
i configure my redirect URI in Azure AD like this :
https://myserever/index.php/Special:PluggableAuthLogin
NB : NO SSL certificate installed on my MW server
the log show no error and it indicate that OpenIDConnect use Redirect URL
http://myserever/index.php?title=Sp%C3%A9cial:PluggableAuthLogin
[OpenIDConnect] Redirect URL: http://myserver/index.php?title=Sp%C3%A9cial:PluggableAuthLogin
[DBQuery] JobQueueDB::doGetSiblingQueuesWithJobs [0.001s] localhost: SELECT DISTINCT job_cmd FROM .....
which the right Redirect URI should i put ? does i miss configuration of a plugin in my MW OR in AZURE AD side ?
I need your help please thanks
I'm wondering whether the form of the redirect URL might be the problem. If you check the Known Issues, you can see:
https://example.org/w/index.php?title=Page_title (i.e. having the page title provided as a query parameter) will not be redirected correctly to complete the authentication flow. Instead, URLs must be of the form https://example.org/w/index.php/Page_title, which can be accomplished by using short URLs or by setting $wgArticlePath appropriately.HI @Cindy.cicalese
Thank you very much for reply
i tried to configure shot URL on MW but not succeed
i put this configuration in my virtualhost :
DocumentRoot /app/httpd/www/wiki-test/current
DirectoryIndex index.php
AllowOverride ALL
RewriteEngine On
RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]
RewriteRule ^/*$ %{DOCUMENT_ROOT}/index.php [L]
i put this configuration in LocalSettings.php
$wgScriptPath = "";
$wgScriptExtension = ".php";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
I see any change, my MW still show page in this format "http://myserer/ndex.php?title=Page_tile" on the navigator
but the log show that OpenIDConnect use ,now, Redirect URL
http://signxpapp006.srv.sigma.host/wiki/Sp%C3%A9cial:PluggableAuthLogin"
[OpenIDConnect] Redirect URL: http://signxpapp006.srv.sigma.host/wiki/Sp%C3%A9cial:PluggableAuthLogin
[session] SessionBackend.......
before (in my previous comment )it was
http://myserever/index.php?title=Sp%C3%A9cial:PluggableAuthLogin
but i still have the problème AADSTS900971: No reply address provided."
i update the the reply URl on Azure AD side by the new one but i have the same problem
whereis the problem please ?
Thanks very much
Hi Cindy,
I have a question about your code in PluggableAuth. I do not understand why you make the concatenation 'PluggableAuth' . $plugin in initConfig() in PluggableAuthFactory.php. Because if I add the name of the plugin with $wgPluggableAuth_Config, e.g. LDAPAuthentication2, then I would expect to search for LDAPAuthentication2 and not for PluggableAuthLDAPAuthentication2 in the config. What is the reason behind that? I stumbled about that because my setting where not working.
Cheers,
Martin
In your plugin, you need to set at attribute in extension.json to declare the plugin. It is named by both PluggableAuth as the top level key and then the name of the plugin as the second level key. For example, see https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OpenIDConnect/+/refs/heads/master/extension.json#60. The way the attribute code in MediaWiki works is that the two keys are concatenated to find the attribute value.
Thank you for the fast reply. Your answer helped me a lot but I have now the problem to figure out which version of LDAPAuthentication2 fits to which version of PluggableAuth. In LDAPAuthentication2, extension.json says that the extension PluggableAuth is required in version * which seems to be wrong and not helpful. Do you have a suggestion which versions work together?
Unfortunately, LDAPAuthentication2 is not yet compatible with PluggableAuth 6.0. Please see the compatibility matrix at Extension:PluggableAuth#Installation.
Thank you very much for creating the PluggableAuth and OIDC auth extensions :)
Aww, you're very welcome! And thank you for your message. It means a lot to me that the extensions that I develop and maintain are useful to people.
Greetings, thank you for your help earlier, and apologies for my ignorance.
Do you happen to know how with or without the LDAP stack to add a Logout button or link?
I have been searching for a few days and I feel like this is probably somewhere but I am just missing it or not understanding it if I have passed over it.
I basically want local or domain users to be able to logout on demand.
The location would depend upon which skin you are using, but in general, the login link should be removed and a a logout link should be added once you have logged in. If you have autologin enabled, you will not see a login or a logout link. If you want to add a link in wikitext, you can add a link to the Special:UserLogout page.
I am using the Timeless theme because of its automatic support for mobile view.
I don't have autologin enabled, just the ability to login with either domain or local account,
I think that Special:UserLogout page will work, I just need to add a link to it. Thank you, I will try that. You are so helpful and I appreciate it.
For PluggableAuth and other extensions, it says configure as required, and shows a bunch of setting options. That's nice and all, but where do I put these settings? in LocalSettings? in another file? Forgive my ignorance but its not clear where to make these configuration changes.
Yes, in LocalSettings.php or a file in your environment that is included from LocalSettings.php. For example, some wiki farm environments have a hierarchy of settings files included for global settings and wiki instance settings. But, in a simple environment, that would just be LocalSettings.php.
Hi Cindy,
I hope you are doing well.
Below are the error message i’ve received in my wiki when i wanted to check on special version page whether simplesamlphp and pluggableauth extension already available or not. I’m using simplesamlphp 1.35 and pluggableauth 1.35 and my mediawiki ver is 1.32. I will connect with Azure AD for SSO but i haven’t sent anything to Azure admin yet on the metadata since i got this error below:
Warning: require_once(/htdocs/simplesamlphplib/lib/_autoload.php): failed to open stream: No such file or directory in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203
Fatal error: require_once(): Failed opening required '/htdocs/simplesamlphplib/lib/_autoload.php' (include_path='E:\Apache24\htdocs\vendor/pear/console_getopt;E:\Apache24\htdocs\vendor/pear/mail;E:\Apache24\htdocs\vendor/pear/mail_mime;E:\Apache24\htdocs\vendor/pear/net_smtp;E:\Apache24\htdocs\vendor/pear/net_socket;E:\Apache24\htdocs\vendor/pear/pear-core-minimal/src;E:\Apache24\htdocs\vendor/pear/pear_exception;.;C:\php\pear') in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203
Other than that, i also received error at simplesamlphp library. It says Configuration error. And the debug information shows as “SimpleSAML\Error\CriticalConfigurationError: The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.” Fyi, I put SimpleSamlPhp and pluggableauth extensions in extensions folder while the simplesamlphplib (from simplesamlphp.org), i put in htdocs folder.
I only added relevant code below in localsettings.php
wfLoadExtension( 'PluggableAuth' ); $wgPluggableAuth_EnableAutoLogin = true; $wgPluggableAuth_EnableLocalLogin = false; $wgPluggableAuth_EnableLocalProperties = false; //$wgPluggableAuth_ButtonLabelMessage = "PluggableAuth Login"; //$wgPluggableAuth_Class = 'SimpleSAMLphp'; $wgGroupPermissions['*']['createaccount'] = true; $wgGroupPermissions['*']['autocreateaccount'] = true;
wfLoadExtension( 'SimpleSAMLphp' ); $wgSimpleSAMLphp_InstallDir = "/htdocs/simplesamlphplib"; $wgSimpleSAMLphp_AuthSourceId = "default-sp"; $wgSimpleSAMLphp_RealNameAttribute = "givenName"; $wgSimpleSAMLphp_EmailAttribute = "mail"; $wgSimpleSAMLphp_UsernameAttribute = "uid";
Appreciate your help.
I’ve changed from http to https://127.0.01/simplesamlphplib/www and it works. It says congratulations, you have successfully installed SimpleSamlphp. And now i shoud configure the baseurl and metadata accordingly. But at the top header it shows certificate error. Do i need to do something about it?
Also, i still get this warning error when I go to my mediawiki page. Do i need to exchange metadata to idp(azure) first and configure accordingly to be able to logon to the page or even check on special page? Is there anything that i should be concerned of based on error message below:
Warning: require_once(/htdocs/simplesamlphplib/lib/_autoload.php): failed to open stream: No such file or directory in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203
Fatal error: require_once(): Failed opening required '/htdocs/simplesamlphplib/lib/_autoload.php' (include_path='E:\Apache24\htdocs\vendor/pear/console_getopt;E:\Apache24\htdocs\vendor/pear/mail;E:\Apache24\htdocs\vendor/pear/mail_mime;E:\Apache24\htdocs\vendor/pear/net_smtp;E:\Apache24\htdocs\vendor/pear/net_socket;E:\Apache24\htdocs\vendor/pear/pear-core-minimal/src;E:\Apache24\htdocs\vendor/pear/pear_exception;.;C:\php\pear') in E:\Apache24\htdocs\extensions\SimpleSAMLphp\includes\SimpleSAMLphp.php on line 203
It looks like the problem is:
$wgSimpleSAMLphp_InstallDir = "/htdocs/simplesamlphplib";
That should be the full file system path to where the library is installed. I notice that the extension is installed at E:\Apache24\htdocs\extensions\SimpleSAMLphp. Is E:\Apache24 missing from the path?
Yeah! I think i’ve solved that one. But now it shows different error: [81fadbf837770d39b2164025] 2021-11-11 02:43:20: Fatal exception of type "InvalidArgumentException"
Is it because i didn’t set up the idp on my end yet or it’s a different issue? Just so u know, i’m using php 7.3.28. Everything is fine from the simplesamplphp installation page on the sanity check and php installation. I only don’t have LDAP Extension, predis, And memcache extension.
As for the warnings. It only shows core: frontpage: warnings_secretsalt.
That is not enough information to be able to figure out the source and cause of the error. You would need to look at the stack trace.
Internal error Jump to navigationJump to search [57e819a89ff1f7965dc9f1f6] /index.php/Special:PluggableAuthLogin InvalidArgumentException from line 203 of E:\Apache24\htdocs\includes\session\SessionManager.php: Invalid session ID Backtrace:
It is the same error as in this forum: https://www.mediawiki.org/wiki/Topic:Ux3y0zkubjm5zge5
Hence, I've tried your recommendation in the topic. See Extension:SimpleSAMLphp#Known_Bugs for a solution.
I only change 'store.type' => 'phpsession', to 'sql' as you can see from code below and then I received a different error which I will paste at the bottom of the code.
/****************************
| DATA STORE CONFIGURATION |
****************************/
/*
* Configure the data store for SimpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
* - 'redis': Key-value datastore, based on redis.
*
* The default datastore is 'phpsession'.
*/
'store.type' => 'sql',
/*
* The DSN the sql datastore should connect to.
*
* See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes.
*/
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
/*
* The username and password to use when connecting to the database.
*/
'store.sql.username' => null,
'store.sql.password' => null,
/*
* The prefix we should use on our tables.
*/
'store.sql.prefix' => 'SimpleSAMLphp',
/*
* The hostname and port of the Redis datastore instance.
*/
'store.redis.host' => 'localhost',
'store.redis.port' => 6379,
/*
* The prefix we should use on our Redis datastore.
*/
'store.redis.prefix' => 'SimpleSAMLphp',
];
[048838530ce5896198695c49] /index.php/Special:PluggableAuthLogin Exception from line 67 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: Database error: could not find driver
Backtrace:
Version
MediaWiki
1.32.2
PHP
7.3.28 (apache2handler)
MariaDB
10.2.33-MariaDB-log
PluggableAuth= 1.35
SimpleSAMLPhp=1.35
Do I need to add the username and password to connect to the database? In our end, I believe we are not supposed to hardcoded the username/password since we have our own IT Privileged Access which requires a second factor authentication in order to provide additional security measures in the login process. But since we are on-premise, do let me know if there is a workaround. Hopefully this is not the case.
Hi Cindy,
Thank you so much for your help!
I’ve fixed the value of store.sql.dsn to my database accordingly with username and password.
'store.type' => 'sql', 'store.sql.dsn' => 'mysql:host=xxxx;port=xxxx;dbname=xxxxx', 'store.sql.username' => '[username]', 'store.sql.password' => '[pass]',
Then I received a different error as below. FYI, the user permission below is only able to SELECT, INSERT, UPDATE and DELETE in wiki database. Normally for CREATE command can only be done by our database administrator team which use a different id that is more powerful. Based on my experience installing the useragreement extension last time, the current id that I'm using has been denied to create a TABLE and the workaround was to ask the database admin team to create a table for us. In this case, does it mean I need to get the database administrator team powerful id and password to be added here or is there any syntax error going on? Btw, I haven't configured the metadata yet because i’m waiting for the azure team to exchange the idp and I believe that’s one of the reason we still see all the authentication error below.
[08c4d38a43fb4c1b6990850d] /index.php/Special:PluggableAuthLogin PDOException from line 95 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42000]: Syntax error or access violation: 1142 CREATE command denied to user 'xxxxxxx'@'IP' for table 'SimpleSAMLphp_tableVersion'
Backtrace:
Thanks in advance!
I've asked the database admin team to grant the user id a CREATE command ability temporary . Once they granted the permission, I re-run the code below. (Before that, I commented out the code so that it won't show any error in the wiki page.)
'store.type' => 'sql', 'store.sql.dsn' => 'mysql:host=xxxx;port=xxxx;dbname=xxxxx', 'store.sql.username' => '[username]', 'store.sql.password' => '[pass]',
Once I re-run or resaved, I try to run the wiki page and the SimpleSAMLPhp page, it shows below error. I've communicated with the database admin team on the error below and they said the table has been created about 10-20 minutes ago, probably when they granted a CREATE table access to the user id that I used which might be the same time that I was trying to do something on the config.php file. Based on the forum that I have read here: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'users' already exists · Issue #1116 · spatie/laravel-medialibrary · GitHub there are people that suggested to DROP the table and re-run again. Do you think that would be the case? Is this supposed to be a one-time configuration where I shouldn't re-saved or re-run it multiple times. I really appreciate your thoughts and recommendation.
[acb3c984ef5311d0f7784f6f] /index.php/Special:PluggableAuthLogin PDOException from line 175 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists Backtrace:
Below are database settings in Localsettings.php in case it has something to do with the permission which is not a $wgDBadminuser and the database type is being set as "mysql" instead of "sql".
$wgDBtype = "mysql"; $wgDBserver = "xxxxxxx"; $wgDBname = "xxxxxx"; $wgDBuser = "xxxxxx"; $wgDBpassword = "xxxxxxxxx";
Hi Cindy,
Sorry for bothering you.
I have tried to drop the table and it still shows the same error since it’s recreating the table the moment i refresh the simplesaml site. Then i have revoked my Create command access since i thought it may detected my user id to attempt in creating a table and apparently it shows this error, the database team said that the table is already existed, i think it may be because something else like the syntax or such, do u have anything on your mind? :
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
1 www\_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: PDOException: SQLSTATE[42000]: Syntax error or access violation: 1142 CREATE command denied to user 'user'@'IP' for table 'SimpleSAMLphp_kvstore'
Backtrace:
10 lib\SimpleSAML\Store\SQL.php:175 (PDO::exec)
9 lib\SimpleSAML\Store\SQL.php:175 (SimpleSAML\Store\SQL::initKVTable)
8 lib\SimpleSAML\Store\SQL.php:78 (SimpleSAML\Store\SQL::__construct)
7 lib\SimpleSAML\Store.php:52 (SimpleSAML\Store::getInstance)
6 lib\SimpleSAML\SessionHandler.php:138 (SimpleSAML\SessionHandler::createSessionHandler)
5 lib\SimpleSAML\SessionHandler.php:43 (SimpleSAML\SessionHandler::getSessionHandler)
4 lib\SimpleSAML\Session.php:332 (SimpleSAML\Session::getSession)
3 lib\SimpleSAML\Session.php:263 (SimpleSAML\Session::getSessionFromRequest)
2 modules\core\www\frontpage_welcome.php:5 (require)
1 lib\SimpleSAML\Module.php:266 (SimpleSAML\Module::process)
0 www\module.php:10 (N/A)
That sounds like a problem with the configuration of the simplesaml library. You might try asking for help in their forum to find somebody with more experience with that library.