尝试使用Azure VM上托管的模块SimpleSAMLphp在MediaWiki站点上使用Azure AD实施SSO [英] Trying to implement SSO with Azure AD on a MediaWiki Site using the module, SimpleSAMLphp, hosted on a Azure VM

问题描述

所以我尝试使用Azure的Active Directory作为IdP设置SSO登录，并使用SimpleSAMLphp模块为Mediawiki实现它，但是我遇到了一个 

错误我完全不知道如何解决。




背景：



我已按照以下说明操作： https://medium.com/vivritiengineering/mediawiki-and-azure-single-sign-on-e3fbc13d1f46

但是，我在Azure服务器上托管的虚拟机不是托管在服务器上的服务器，而是在Azure上运行了一个价值
的虚拟机。



我正在为我的虚拟机使用此映像： https://bitnami.com/stack/mediawiki/cloud





导致问题的操作：



我登录mediawiki服务器，尝试登录，获取发送到一个&bbsp
login.microsoftonline.com页面。我尝试登录，然后将其发送回mediawiki / Special：UserLogin页面，将显示错误消息 

"用户无法进行身份验证"。< br $> b

$ b 日志：

$
'/ opt / bitnami / apache2 / logs / error_log'：

So I'm trying to set up SSO login using Azure's Active Directory as an IdP and 
using the simpleSAMLphp module for Mediawiki to implement it, but I run into a 
error I have absolutely no idea how to solve.


Context:

I've followed these instructions: https://medium.com/vivritiengineering/mediawiki-and-azure-single-sign-on-e3fbc13d1f46
But instead of a server hosted on AWS servers, I have a virtual machine running
on Azure.

I'm using this image for my VM: https://bitnami.com/stack/mediawiki/cloud


Actions that lead to problem:

I sign onto the mediawiki server, attempt to login, get send to a 
login.microsoftonline.com page. I try and login, and then get sent back 
to a mediawiki /Special:UserLogin page will an error message of 
"User cannot be authenticated".


Logs:

Found within '/opt/bitnami/apache2/logs/error_log':

[Tue Jan 29 04:07:04.007768 2019] [proxy_fcgi:error] [pid 32390:tid 139796580050688] [client my.ip.addr.45:63407]

AH01071：收到错误'PHP消息：PHP通知：

AH01071: Got error 'PHP message: PHP Notice:

&NBSP;未定义的变量：属性在/opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php线47\\\

  Undefined variable: attributes in /opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php on line 47\n

PHP消息：PHP警告：&NBSP; array_key_exists（）预计参数2为阵列，在/opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php空给定线47\\\
'

PHP message: PHP Warning:  array_key_exists() expects parameter 2 to be array, null given in /opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php on line 47\n'

，引荐： https://login.microsoftonline.com/kmsi

, referer: https://login.microsoftonline.com/kmsi

在'/ opt / bitnami / apache2 / logs / access_log中找到'：

Found within '/opt/bitnami/apache2/logs/access_log':

my.ip.addr.45 - - [29/Jan/2019:04:07:03 +0000] "POST /simplesaml/module.php/saml/sp/saml2-acs.php/default-sp HTTP/1.1" 303 850my.ip.addr.45 - - [29/Jan/2019:04:07:03 +0000] "GET /Special:PluggableAuthLogin HTTP/1.1" 302 -
my.ip.addr.45 - - [29/Jan/2019:04:07:04 +0000] "GET /index.php?title=Special:UserLogin/return&wpLoginToken=87d0ee94955902b61de847138e89d4ff5c4fd146%2B%5C HTTP/1.1" 302 -
my.ip.addr.45 - - [29/Jan/2019:04:07:04 +0000] "GET /Special:UserLogin HTTP/1.1" 200 5472
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /resources/assets/poweredby_mediawiki_88x31.png HTTP/1.1" 304 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=mediawiki.htmlform.styles%7Cmediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cmediawiki.special.userlogin.common.styles%7Cmediawiki.special.userlogin.login.styles%7Cmediawiki.ui%7Cmediawiki.ui.button%2Ccheckbox%2Cinput%2Cradio%7Cskins.vector.styles&only=styles&skin=vector HTTP/1.1" 200 13492
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /resources/assets/wiki.png?de8c8 HTTP/1.1" 304 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=startup&only=scripts&safemode=1&skin=vector HTTP/1.1" 200 38569
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /load.php?debug=false&lang=en&modules=jquery%7Cjquery.lengthLimit%7Cmediawiki.htmlform&skin=vector&version=0g0bm48 HTTP/1.1" 200 163379
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "POST /mod_pagespeed_beacon?url=https%3A%2F%2Fcompany-wiki.region.cloudapp.azure.com%2FSpecial%3AUserLogin HTTP/1.1" 204 -
my.ip.addr.45 - - [29/Jan/2019:04:07:05 +0000] "GET /favicon.ico HTTP/1.1" 200 3076

评论：



以下是我认为的相关代码  ; '/opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php' 在error_logs引用。

Comments:

Here is what I think the relevant code of  '/opt/bitnami/apps/mediawiki/htdocs/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php' referenced in the error_logs.

```的PHP

```

基本上，$ attributes没有被填充，我不知道如何解决这个问题。 

最值得赞赏的是任何形式的指导或指示。

Basically, $attributes is not being filled and I have no idea how to fix this. 
Any sort of guidance or direction will be most appreciated.

推荐答案

是否只返回null？ 

Is it just returning null? 

您是否能够以任何其他方式查询用户名以测试它是否可以访问？ 

Are you able to query the username in any other way to test that it is reachable? 

我不确定您使用的是哪种类型的身份验证，但如果您使用的是ADFS，则可以尝试通过多个步骤来诊断此错误，这些错误在此

文章。您应该确保它不是帐户锁定或禁用。 

I'm not sure what type of authentication you are using but if you are using ADFS there are a number of steps you can try to diagnose that error that are highlighted in this article. You should make sure that it's not an account lockout or disablement. 

如果您使用传递，则需要执行一系列不同的步骤。 

If you are using pass-through there is a different set of steps to follow. 

仅了解部分环境后，很难确定是代码问题还是后端问题。 

From only knowing about part of your environment it's hard to diagnose whether it's a code issue or an issue with your backend. 

这篇关于尝试使用Azure VM上托管的模块SimpleSAMLphp在MediaWiki站点上使用Azure AD实施SSO的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！