Trying setup with LemonLDAP + Mediawiki

[olkitu]

Specs:

• Mediawiki 1.28.2
• PHP 7.0.18-0ubuntu0.16.04.1 (fpm-fcgi)
• MariaDB10.1.24-MariaDB-1~xenial
  --

Login working but when redirect back to mediawiki go this error:

[85d8b524998c6edf7b9f7901] /Special:OAuth2Client/callback?code=XXXd11ce3569b196b4c72ba030d30dd8df07634efb5c2da29ecaf0adecd3dXXX&state=6XpSpbnKd7zfTaVPhXsXOFXLMcnUdx0I&session_state=H7kJyMSGJ3Tm0X%2BzUsaZSgJFh%2F9VK8Vx1HwaY94mneY%3D.a0NPZVE1VVBNaHhBTmkyTThQZkcrbEhyNUd5QytDYXBQVWZQUnNpV2dkRT0&truongfi-authcda=d1e10b9950e8e42fd2f25f3ba65450c9c515439735c72d6c08f4466d5f27b9b2 MWException from line 150 of /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php: Could not create user with username:

Backtrace:

#0 /wiki/www/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(108): SpecialOAuth2Client->_userHandling(array)
#1 /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(65): SpecialOAuth2Client->_handleCallback()
#2 /wiki/includes/specialpage/SpecialPage.php(522): SpecialOAuth2Client->execute(string)
#3 /wiki/includes/specialpage/SpecialPageFactory.php(577): SpecialPage->run(string)
#4 /wiki/includes/MediaWiki.php(283): SpecialPageFactory::executePath(Title, RequestContext)
#5 /wiki/includes/MediaWiki.php(851): MediaWiki->performRequest()
#6 /wiki/includes/MediaWiki.php(512): MediaWiki->main()
#7 /wiki/index.php(43): MediaWiki->run()
#8 {main}

[Namesonic]

I was getting this error as well and just posted my findings about it in #3. The handler that returns the user info expects to see the data inside the "user" key. My SSO was returning only a JSON object of the user properties.

I was able to fix this by modifying my User Info endpoint at my SSO provider to also return the user data inside a "user" key.

Alternatively, I could only modify the required key by editing the _userHandling() function and removing the "user" key reference which won't survive a code update should another version be released.

From:

protected function _userHandling( $response ) {
		global $wgOAuth2Client, $wgAuth, $wgRequest;
		$username = $response['user'][$wgOAuth2Client['configuration']['username']];
		$email = $response['user'][$wgOAuth2Client['configuration']['email']];

To:

protected function _userHandling( $response ) {
		global $wgOAuth2Client, $wgAuth, $wgRequest;
		$username = $response[$wgOAuth2Client['configuration']['username']];
		$email = $response[$wgOAuth2Client['configuration']['email']];

[olkitu]

I edit this function on SpecialOauth2Client.php file but still get same error, also on PHP and seems variable empty...

PHP message: PHP Notice:  Undefined index: name in /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 145
PHP message: PHP Notice:  Undefined index: email in /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 146"

[Namesonic]

I guess that you should check that your endpoint is actually returning data. There may be more to the data structure than this function is expecting.

What SSO provider software are you using?

[olkitu]

I use LemonLDAP... I have Grafana where i have similar configuration.

[Namesonic]

I don't know how LemonLDAP works so I can't be of much help. Check how LemonLDAP sends the user info to be sure you're getting information first, then make sure this Oauth extension can read it.

[olkitu]

I now get username from User attribute (sub):

$wgOAuth2Client['configuration']['username'] = 'sub'; // JSON path to username

But continue working to also email address