Page MenuHomePhabricator
Create Task
Maniphest T337266

Fatal error authenticating user in response with simplesamlphp
Open, Stalled, Needs TriagePublicBUG REPORT
Actions

Assigned To
None
Authored By
Pooja2425
Mon, May 22, 7:34 PM
Tags
Referenced Files
Restricted File
Fri, May 26, 11:41 AM
F37070184: image.png
Fri, May 26, 11:25 AM
F37070181: image.png
Fri, May 26, 11:25 AM
Restricted File
Thu, May 25, 8:10 AM
Restricted File
Thu, May 25, 8:10 AM
Restricted File
Thu, May 25, 8:10 AM
F37033721: SimpleSAMLphp.log
Thu, May 25, 8:00 AM
F37033722: PluggableAuth.log
Thu, May 25, 8:00 AM
View All 9 Files
Subscribers
Aklapper
cicalese
Pooja2425

Description

HI

we are using MW version 1.39.3

PluggableAuth 6.2,

SimpleSAMLphp extension 5.0.1,

Simplesamlphp library 2.0.3

we have successfully implemented sso with azure AD but when response is coming back then its redirects us to

https://wiki.com/index.php/Special:PluggableAuthLogin
showinh error message "Fatal error authenticating user" . But when we click on login or main_page sso is working .our username is displaying & app working properly. we are getting full user details in saml response too.

Not getting why issue on Special:PluggableAuthLogin , even i have tried to add relysate also inconfig/authsource.php

What happens?:
After Authentication by Azure AD saml sending us on Special:PluggableAuthLogin, in which page Fatal error authenticating user error is displayed.
even sso is working ina app , as we click on main page sso is working, no issue on an otherpage of page, only issue came on Special:PluggableAuthLogin page.

What should have happened instead?:
It should return to the main page https://wiki.com/index.php/Main_Page

Other information (browser name/version, screenshots, etc.):
checked in crome, edge, incongnito modes

Event Timeline

Pooja2425 created this task.Mon, May 22, 7:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMon, May 22, 7:34 PM
Aklapper changed the task status from Open to Stalled.Tue, May 23, 1:25 PM

@Pooja2425: Hi, please use the template and fill in all fields instead of ignoring them, and use the preview below. You can edit the task description by clicking Edit Task. Thanks.

Pooja2425 updated the task description. (Show Details)Wed, May 24, 6:39 AM

@Aklapper updated the form too. I think this is redirection issue .please help

Aklapper added a comment.Wed, May 24, 9:38 AM

updated the form too.

Please also provide a clear list of steps to reproduce, step by step, click by click, as a list. Thanks.

Aklapper added a comment.Wed, May 24, 9:47 AM

I think this is redirection issue .please help

Also, to avoid wrong expectations: This is an issue tracker to track bug reports. If you are looking for help and support, please use support forums instead. Thanks.

cicalese added a subscriber: cicalese.Wed, May 24, 10:49 AM

Did you update the session store as indicated at https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp#Session_handler_collision_between_MediaWiki_and_SimpleSAML_Service_Provider? If so, please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log here.

Pooja2425 added a comment.EditedThu, May 25, 8:00 AM

Hi @cicalese

{F37033731}

{F37033730}

{F37033729}

Also we are using store.type = 'sql' as we are using mysql db , we have exactly same as described here
[[ URL | https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp#Session_handler_collision_between_MediaWiki_and_SimpleSAML_Service_Provider ]]

Also first time when visting on app then fatal error is coming , after then if we are clciking on mainpage or login then app working fine &
hitting the app url in next tab then app directly goes to main+page without any error.

fatal error is coming only on Special:PluggableAuthLogin page & first time when user trying to access app with sso then after after a successful redirect from the IdP it redirects to Special:PluggableAuthLogin page.

Not getting first time issue in session or what ?

Pooja2425 added a comment.EditedThu, May 25, 8:22 AM

In Localsettings.php we are only using these

$wgPluggableAuth_Config['Log in using my SAML'] = [
'plugin' => 'SimpleSAMLphp',
'data' => [

		'authSourceId' => 'default-sp',
		'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
		'realNameAttribute' => ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'],
		'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
	 ]

];

wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'SimpleSAMLphp' );

$wgPluggableAuth_EnableAutoLogin = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;

$wgPluggableAuth_ButtonLabelMessage = 'Login';
$wgPluggableAuth_Class = 'SimpleSAMLphp';
$wgSimpleSAMLphp_InstallDir = '/var/simplesamlphp/';

Do we need to create authentication plugin as described under Creating an authentication plugin

cicalese added a comment.Thu, May 25, 2:45 PM

Are you saying that the first time a new user logs into the wiki, the get the error message, but that they are still logged in successfully, and any future time that user logs in there is no error message? Or if the user logs out, do they get the error message again the next time they log in?

Please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log (any lines starting with [PluggableAuth] or [SimpleSAMLphp] with any private information redacted) here.

Pooja2425 added a comment.EditedFri, May 26, 11:25 AM

under PluggableAuth we are getting logs

2023-05-29 07:07:59 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:07:59 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:01 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:01 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:04 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:04 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:17 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:17 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:08:21 app-54c7c455f9-v66bb wikitemp3: In execute()
2023-05-29 07:08:21 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:21 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:08:22 app-54c7c455f9-v66bb wikitemp3: Instance already exists
2023-05-29 07:08:25 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:25 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:26 app-54c7c455f9-v66bb wikitemp3: In execute()
2023-05-29 07:08:26 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:27 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:28 app-54c7c455f9-v66bb wikitemp3: ERROR: return to URL is null or empty
2023-05-29 07:08:35 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:35 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:37 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:38 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:08:50 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:50 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:08:54 app-54c7c455f9-v66bb wikitemp3: In execute()
2023-05-29 07:08:54 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:08:54 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:08:54 app-54c7c455f9-v66bb wikitemp3: Instance already exists
2023-05-29 07:09:03 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:03 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:09:04 app-54c7c455f9-v66bb wikitemp3: In execute()
2023-05-29 07:09:04 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:04 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:09:05 app-54c7c455f9-v66bb wikitemp3: ERROR: return to URL is null or empty
2023-05-29 07:09:07 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:08 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:09:11 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:11 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.
2023-05-29 07:09:23 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:23 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:24 app-54c7c455f9-v66bb wikitemp3: In execute()
2023-05-29 07:09:24 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:24 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:25 app-54c7c455f9-v66bb wikitemp3: Instance already exists
2023-05-29 07:09:25 app-54c7c455f9-v66bb wikitemp3: Authenticated new user: bkami
2023-05-29 07:09:27 app-54c7c455f9-v66bb wikitemp3: User is authorized.
2023-05-29 07:09:30 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:30 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:35 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:35 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:40 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:41 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:41 app-54c7c455f9-v66bb wikitemp3: Instance already exists
2023-05-29 07:09:41 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:41 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:09:41 app-54c7c455f9-v66bb wikitemp3: Instance already exists
2023-05-29 07:09:53 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:09:54 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:11:05 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:11:05 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:11:05 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:11:05 app-54c7c455f9-v66bb wikitemp3: Plugin name: SimpleSAMLphp
2023-05-29 07:11:08 app-54c7c455f9-v66bb wikitemp3: Getting PluggableAuth instance
2023-05-29 07:11:08 app-54c7c455f9-v66bb wikitemp3: Could not get authentication plugin instance.

Also yes even we are successfully logged in, Every first time login we face 'fatal error authenticating user' on htttps://wiki.com/index.php/Special:PluggableAuthLogin. Step 1.

image.png (892×1 px, 81 KB)

After then if we click on main_page link or login link then our userid display on the screen & we can see we are actully logged in. step 2.

image.png (794×1 px, 121 KB)

even after that we again go to htttps://wiki.com/index.php/Special:PluggableAuthLogin. again error is on screen. error is coming only on the Special:PluggableAuthLogin page.

{F37070260}

After LogOut & login again same issue, it will redirect to htttps://wiki.com/index.php/Special:PluggableAuthLogin. again error is on screen.

Also this fatal error issue is faced by many users, but no solution fatal error authenticating user

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL