Steps to replicate the issue (include links if applicable):
I'm setting a OpenID Connect with mediawiki, especially with mediawiki official docker image
I'm having trouble with setting this image with docker compose.
This is my settings.
- Run this script to set up
CONTAINER_NAME=$(docker run --rm -d mediawiki)
docker cp ${CONTAINER_NAME}:/var/www/html /data/wiki/html
docker stop ${CONTAINER_NAME}- Install MobileFrontend, PluggableAuth, and OpenIDConnect.
- Run update script and install dependencies
- Fill **REDACTED** Fileds with appropriate Settings
- Set up Keycloak and set up well
- Clients > Advanced > Fine grain OpenID Connect configuration
Set Access token signature algorithm and ID token signature algorithm to RSA256 since OpenID Connect Extension does not support ES signatures
- Clients > Advanced > Fine grain OpenID Connect configuration
docker-compose.yml
version: "3.8"
services:
database:
image: mariadb:latest
environment:
- MARIADB_DATABASE=wiki
- MARIADB_USER=wiki
- MARIADB_PASSWORD=${DATABASE_PASSWORD}
- MARIADB_RANDOM_ROOT_PASSWORD=yes
- TZ=Asia/Seoul
restart: unless-stopped
ports:
- 3306:3306
volumes:
- /data/wiki/database:/var/lib/mysql
memcached:
image: memcached:1.6-alpine
restart: always
command: ["-m", "128"]
mediawiki:
image: mediawiki:stable
restart: always
ports:
- 127.0.0.1:3100:80
volumes:
- /data/wiki/html:/var/www/html
- ./config/LocalSettings.php:/var/www/html/LocalSettings.php
- ./config/000-default.conf:/etc/apache2/sites-available/000-default.confconfig/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
AllowEncodedSlashes NoDecode
RewriteEngine On
RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
</VirtualHost>config/LocalSettings.php
<?php # This file was automatically generated by the MediaWiki 1.38.2 # installer. If you make manual changes, please keep track in case you # need to recreate them later. # # See docs/Configuration.md for all configurable settings # and their default values, but don't forget to make changes in _this_ # file, not there. # # Further documentation for configuration settings may be found at: # https://www.mediawiki.org/wiki/Manual:Configuration_settings # Protect against web entry if ( !defined( 'MEDIAWIKI' ) ) { exit; } ## Uncomment this to disable output compression # $wgDisableOutputCompression = true; $wgSitename = "YCC 위키"; $wgMetaNamespace = "YCC_Wiki"; ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs ## (like /w/index.php/Page_title to /wiki/Page_title) please see: ## https://www.mediawiki.org/wiki/Manual:Short_URL $wgScriptPath = ""; ## The protocol and server name to use in fully-qualified URLs $wgServer = "https://wiki.ycc.club"; ## The URL path to static resources (images, scripts, etc.) $wgResourceBasePath = $wgScriptPath; ## The URL paths to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! $wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/ycc_circleblue.png", 'icon' => "$wgResourceBasePath/resources/assets/ycc_circleblue.png", ]; ## UPO means: this is also a user preference option $wgEnableEmail = false; $wgEnableUserEmail = true; # UPO $wgEmergencyContact = "admin@ycc.club"; $wgPasswordSender = "admin@ycc.club"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; ## Database settings $wgDBtype = "mysql"; $wgDBserver = "database"; $wgDBname = "wiki"; $wgDBuser = "wiki"; $wgDBpassword = "**REDACTED**"; # MySQL specific settings $wgDBprefix = "wiki"; # MySQL table options to use during installation or update $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; # Shared database table # This has no effect unless $wgSharedDB is also set. $wgSharedTables[] = "actor"; ## Shared memory settings $wgMainCacheType = CACHE_MEMCACHED; $wgMemCachedServers = [ 'memcached:11211' ]; ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: $wgEnableUploads = true; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert"; # InstantCommons allows wiki to use images from https://commons.wikimedia.org $wgUseInstantCommons = true; # Periodically send a pingback to https://www.mediawiki.org/ with basic data # about this MediaWiki instance. The Wikimedia Foundation shares this data # with MediaWiki developers to help guide future development efforts. $wgPingback = true; # Site language code, should be one of the list in ./languages/data/Names.php $wgLanguageCode = "en"; # Time zone $wgLocaltimezone = "Asia/Seoul"; ## Set $wgCacheDirectory to a writable directory on the web server ## to make your wiki go slightly faster. The directory should not ## be publicly accessible from the web. #$wgCacheDirectory = "$IP/cache"; $wgSecretKey = "**REDACTED**"; # Changing this will log out all existing sessions. $wgAuthenticationTokenVersion = "1"; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place $wgUpgradeKey = "**REDACTED**"; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation ## License and Creative Commons licenses are supported so far. $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = "https://creativecommons.org/licenses/by/4.0/"; $wgRightsText = "크리에이티브 커먼즈 저작자표시"; $wgRightsIcon = "$wgResourceBasePath/resources/assets/licenses/cc-by.png"; # Path to the GNU diff3 utility. Used for conflict resolution. $wgDiff3 = ""; # The following permissions were set based on your choice in the installer $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['edit'] = false; ## Default skin: you can change the default skin. Use the internal symbolic ## names, e.g. 'vector' or 'monobook': $wgDefaultSkin = "vector-2022"; # Enabled skins. # The following skins were automatically enabled: wfLoadSkin( 'MinervaNeue' ); wfLoadSkin( 'MonoBook' ); wfLoadSkin( 'Timeless' ); wfLoadSkin( 'Vector' ); # Enabled extensions. Most of the extensions are enabled by adding # wfLoadExtension( 'ExtensionName' ); # to LocalSettings.php. Check specific extension documentation for more details. # The following extensions were automatically enabled: wfLoadExtension( 'AbuseFilter' ); wfLoadExtension( 'CategoryTree' ); wfLoadExtension( 'Cite' ); wfLoadExtension( 'CiteThisPage' ); wfLoadExtension( 'ConfirmEdit' ); wfLoadExtension( 'Gadgets' ); wfLoadExtension( 'ImageMap' ); wfLoadExtension( 'InputBox' ); wfLoadExtension( 'Interwiki' ); wfLoadExtension( 'LocalisationUpdate' ); wfLoadExtension( 'Math' ); wfLoadExtension( 'MultimediaViewer' ); wfLoadExtension( 'Nuke' ); wfLoadExtension( 'OATHAuth' ); wfLoadExtension( 'PageImages' ); wfLoadExtension( 'ParserFunctions' ); wfLoadExtension( 'PdfHandler' ); wfLoadExtension( 'Poem' ); wfLoadExtension( 'Renameuser' ); wfLoadExtension( 'ReplaceText' ); wfLoadExtension( 'Scribunto' ); wfLoadExtension( 'SecureLinkFixer' ); wfLoadExtension( 'SpamBlacklist' ); wfLoadExtension( 'SyntaxHighlight_GeSHi' ); wfLoadExtension( 'TemplateData' ); wfLoadExtension( 'TextExtracts' ); wfLoadExtension( 'TitleBlacklist' ); wfLoadExtension( 'VisualEditor' ); wfLoadExtension( 'WikiEditor' ); # End of automatically generated settings. # Add more configuration options below. wfLoadExtension( 'MobileFrontend' ); wfLoadExtension( 'PluggableAuth' ); wfLoadExtension( 'OpenIDConnect' ); $wgPluggableAuth_Config["YCC 부원 로그인"] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.ycc.club/realms/YCC', 'clientID' => 'ycc-wiki', 'clientsecret' => '**REDACTED**', 'verifyPeer' => false, 'preffered_username' => 'fullname' ] ]; $wgPluggableAuth_EnableLocalLogin=true; $wgGroupPermissions['*']['autocreateaccount'] = true; $wgScriptPath = ""; $wgArticlePath = "/wiki/$1"; $wgEnableUploads = true; $wgGenerateThumbnailOnParse = false; $wgDebugLogFile = "/tmp/debug.log"; $wgDebugLogGroups = array( 'PluggableAuth' => '/tmp/pluggableauth.log', 'DeferredUpdates' => '/tmp/DeferredUpdates.log', 'DBConnection' => '/tmp/DBConnection.log', 'DBQuery' => '/tmp/DBQuery.log', 'memcached' => '/tmp/memcached.log'cat );
What happens?:
The GET Request to https://DOMAIN/index.php?title=Special:UserLogin&returnto=Main+Page failes with 500 (Internal Server Error)
A GlobalTitleFail Error occurs.
[GlobalTitleFail] RequestContext::getTitle called with no title set.
#0 /var/www/html/skins/Vector/includes/ServiceWiring.php(142): RequestContext->getTitle()
#1 /var/www/html/vendor/wikimedia/services/src/ServiceContainer.php(447): Wikimedia\Services\ServiceContainer::{closure}(MediaWiki\MediaWikiServices)
#2 /var/www/html/vendor/wikimedia/services/src/ServiceContainer.php(416): Wikimedia\Services\ServiceContainer->createService(string)
#3 /var/www/html/includes/MediaWikiServices.php(294): Wikimedia\Services\ServiceContainer->getService(string)
#4 /var/www/html/skins/Vector/includes/VectorServices.php(26): MediaWiki\MediaWikiServices->getService(string)
#5 /var/www/html/skins/Vector/includes/SkinVector22.php(34): Vector\VectorServices::getFeatureManager()
#6 /var/www/html/skins/Vector/includes/SkinVector22.php(22): Vector\SkinVector22->isTableOfContentsVisibleInSidebar()
#7 /var/www/html/vendor/wikimedia/object-factory/src/ObjectFactory.php(247): Vector\SkinVector22->__construct(array)
#8 /var/www/html/vendor/wikimedia/object-factory/src/ObjectFactory.php(152): Wikimedia\ObjectFactory\ObjectFactory::getObjectFromSpec(array, array)
#9 /var/www/html/includes/skins/SkinFactory.php(139): Wikimedia\ObjectFactory\ObjectFactory->createObject(array, array)
#10 /var/www/html/includes/skins/SkinFactory.php(185): SkinFactory->makeSkin(string)
#11 /var/www/html/includes/skins/Skin.php(2657): SkinFactory->getSkinOptions(string)
#12 /var/www/html/includes/resourceloader/ResourceLoaderFileModule.php(1312): Skin::getPortletLinkOptions(ResourceLoaderContext, GlobalVarConfig, NULL)
#13 /var/www/html/includes/resourceloader/ResourceLoaderFileModule.php(635): ResourceLoaderFileModule->expandPackageFiles(ResourceLoaderContext)
#14 /var/www/html/includes/resourceloader/ResourceLoaderModule.php(908): ResourceLoaderFileModule->getDefinitionSummary(ResourceLoaderContext)
#15 /var/www/html/includes/resourceloader/ResourceLoaderStartUpModule.php(220): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
#16 /var/www/html/includes/resourceloader/ResourceLoaderStartUpModule.php(421): ResourceLoaderStartUpModule->getModuleRegistrations(ResourceLoaderContext)
#17 /var/www/html/includes/resourceloader/ResourceLoaderModule.php(796): ResourceLoaderStartUpModule->getScript(ResourceLoaderContext)
#18 /var/www/html/includes/resourceloader/ResourceLoaderModule.php(765): ResourceLoaderModule->buildContent(ResourceLoaderContext)
#19 /var/www/html/includes/resourceloader/ResourceLoaderModule.php(905): ResourceLoaderModule->getModuleContent(ResourceLoaderContext)
#20 /var/www/html/includes/resourceloader/ResourceLoader.php(718): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
#21 [internal function]: ResourceLoader->{closure}(string)
#22 /var/www/html/includes/resourceloader/ResourceLoader.php(732): array_map(Closure, array)
#23 /var/www/html/includes/resourceloader/ResourceLoader.php(821): ResourceLoader->getCombinedVersion(ResourceLoaderContext, array)
#24 /var/www/html/load.php(52): ResourceLoader->respond(ResourceLoaderContext)
#25 /var/www/html/load.php(38): wfLoadMain()
#26 {main}I think it is not a OpenID Connect Problem because it ends well based on the log
2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: In execute() 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: Getting PluggableAuth instance 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: Plugin name: OpenIDConnect 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: In execute() 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: Getting PluggableAuth instance 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: Plugin name: OpenIDConnect 2022-09-04 05:17:48 80bf3ca84d1f wiki-wiki: Authenticated new user: Maxswjeon 2022-09-04 05:17:49 80bf3ca84d1f wiki-wiki: User is authorized.
What should have happened instead?:
A successful login.
Software version (skip for WMF-hosted wikis like Wikipedia):
docker -v
Docker version 20.10.17, build 100c701
docker compose version
Docker Compose version v2.6.0
MediaWiki Version
MediaWiki 1.38.2 PHP 7.4.30 (apache2handler) MariaDB 10.9.2-MariaDB-1:10.9.2+maria~ubu2204 ICU 67.1 Lua 5.1.5 Pygments 2.11.2
Plugin Versions
PluggableAuth 6.1 (dde62fa) 17:30, 23 May 2022 OpenIDConnect 6.1 (126bad8) 14:08, 27 July 2022
Other information (browser name/version, screenshots, etc.):