Page MenuHomePhabricator
Create Task
Maniphest T239794

Authentication with Azure AD fails
Closed, InvalidPublic
Actions

Description

I set up a wiki to connect to Azure Active Directory using OpenId connect. Installation went seemingly fine, but when I try to actually log-in, I get directed to the Azure installation, log in successfully there, and then redirected back to the wiki, where I get "Fatal error authenticating user. "

Turning on logging, I see the following error in the logs:

[OpenID Connect] Jumbojett\OpenIDConnectClientException: Unable to find a key for (algorithm, kid):RS256, R23ciW2cfZ50VtxOnk_xvJ68bcs) in /srv/www/wiki.driveu.auto/internal/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php:738
Stack trace:
#0 /srv/www/wiki.driveu.auto/internal/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(825): Jumbojett\OpenIDConnectClient->get_key_for_header(Array, Object(stdClass))
#1 /srv/www/wiki.driveu.auto/internal/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(279): Jumbojett\OpenIDConnectClient->verifyJWTsignature('eyJ0eXAiOiJKV1Q...')
#2 /srv/www/wiki.driveu.auto/internal/extensions/OpenIDConnect/src/OpenIDConnect.php(161): Jumbojett\OpenIDConnectClient->authenticate()
#3 /srv/www/wiki.driveu.auto/internal/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)
#4 /srv/www/wiki.driveu.auto/internal/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)
#5 /srv/www/wiki.driveu.auto/internal/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)
#6 /srv/www/wiki.driveu.auto/internal/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Object(Title), Object(RequestContext))
#7 /srv/www/wiki.driveu.auto/internal/includes/MediaWiki.php(865): MediaWiki->performRequest()
#8 /srv/www/wiki.driveu.auto/internal/includes/MediaWiki.php(515): MediaWiki->main()
#9 /srv/www/wiki.driveu.auto/internal/index.php(42): MediaWiki->run()
#10 {main}

Adding a log line before that line, it seems that it is looking for the key "RS256" in the json it tries to get from https://login.microsoftonline.com/e55be731-abdc-4bff-a054-abd200632cc4/discovery/v2.0/keys, but no such json key exists there.

Event Timeline

Shachar created this task.Dec 4 2019, 10:27 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 4 2019, 10:27 AM
cicalese closed this task as Invalid.Dec 11 2019, 2:59 AM
cicalese subscribed.

This sounds like an issue with the configuration of the server or the underlying OpenID Connect library (https://github.com/jumbojett/OpenID-Connect-PHP). You might try filing an issue at https://github.com/jumbojett/OpenID-Connect-PHP/issues to see if anybody else has encountered a similar problem. The OpenID Connect extension does not get involved in the algorithms used or the details of the OpenID Connect protocol.

cicalese moved this task from Backlog to Closed on the MediaWiki-extensions-OpenID-Connect board.Jun 3 2023, 2:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL