从WordPress到媒体Wiki的单一登录 [英] Single Sign On from WordPress to media wiki

问题描述

我正在尝试创建从Wordpress到MediaWiki的单一登录.我的WordPress(Wordpress插件)上运行了WPOauthServer.在我的Wiki上，我安装了 Extension:OAuth2客户端.我希望我的用户仅登录WordPress，然后从那里可以进入Wiki，而无需再次登录Wiki. WPOauthServer运行正常，我使用的是Grant类型Authorization Code.我已经通过使用curl进行了测试，并且能够获得授权码，并且使用授权码可以获取身份验证令牌.

I am trying to create Single sign-on from Wordpress to MediaWiki. I have WPOauthServer running on my WordPress (Wordpress plugin). And on my wiki I have Extension:OAuth2 Client installed. I want that my users only log in to WordPress and from there they can go to the wiki without logging to wiki again. The WPOauthServer is working fine, I am using the Grant type Authorization Code. I have tested by using curl and I am able to get the authorization code and using the authorization code I can acquire authentication token.

我的wordpress页面上有一个带有客户ID的按钮:

I have a button on my wordpress page with client id:

<a href="https://xxxxxx.de/oauth/authorize?response_type=code&client_id=XXXXXXXXX&state=123">Connect Your Account</a>

当我打开授权链接时，我将重定向到服务器端客户端设置中设置的以下redirect-URI:

When I open the authorization link, I am redirected to the following redirect-URI that was set in client settings at server side:

https://wiki.XXXXXXXXXXXXX.de/wiki/Special:OAuth2Client/callback?code=farkmm4ttuwxnne8a9firwtdikmite788hwpyhzg&state=123 

在这里我得到一个内部错误:

and here I get an internal error:

Fatal exception of type "GuzzleHttp\Exception\RequestException

在挖掘时，我发现此异常是由sendRequest函数中的扩展文件AbstractProvider.php引起的:

upon digging i found out that this exception is caused in the extension file AbstractProvider.php in the sendRequest function:

/**
 * Sends a request instance and returns a response instance.
 *
 * @param  RequestInterface $request
 * @return ResponseInterface
 */
protected function sendRequest(RequestInterface $request)
{
    try {
        var_dump($request);
        $response = $this->getHttpClient()->send($request);
        var_dump($response);
    } catch (BadResponseException $e) {
        $response = $e->getResponse();
    }
    return $response;
}

该异常是在$response = $this->getHttpClient()->send($request);

我认为我的请求可能有问题，按请求执行var_dump会显示以下内容:

I think maybe there is something wrong with my request, doing a var_dump on request reveals the following:

/var/www/mediawiki/w/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php:629:
object(GuzzleHttp\Psr7\Request)[278]
  private 'method' => string 'POST' (length=4)
  private 'requestTarget' => null
  private 'uri' => 
    object(GuzzleHttp\Psr7\Uri)[279]
      private 'scheme' => string 'https' (length=5)
      private 'userInfo' => string '' (length=0)
      private 'host' => string 'xxxxxxx.de' (length=13)
      private 'port' => null
      private 'path' => string '/oauth/token/' (length=13)
      private 'query' => string '' (length=0)
      private 'fragment' => string '' (length=0)
  private 'headers' => 
    array (size=2)
      'Host' => 
        array (size=1)
          0 => string 'xxxxxx.de' (length=13)
      'content-type' => 
        array (size=1)
          0 => string 'application/x-www-form-urlencoded' (length=33)
  private 'headerNames' => 
    array (size=2)
      'content-type' => string 'content-type' (length=12)
      'host' => string 'Host' (length=4)
  private 'protocol' => string '1.1' (length=3)
  private 'stream' => 
    object(GuzzleHttp\Psr7\Stream)[287]
      private 'stream' => resource(18, stream)
      private 'size' => null
      private 'seekable' => boolean true
      private 'readable' => boolean true
      private 'writable' => boolean true
      private 'uri' => string 'php://temp' (length=10)
      private 'customMetadata' => 
        array (size=0)
          empty

apache日志中的堆栈跟踪:

The stack trace from apache logs:

 Notice:  Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/
 Stack trace:, referer: https://XXXXXXerv.de/sso-test/
   1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/
   2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/
   3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/
   4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/
   5. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/MediaWiki.php:255, referer: https://XXXXXXerv.de/sso-test/
   6. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/
 Notice:  Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/
 Stack trace:, referer: https://XXXXXXerv.de/sso-test/
   1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/
   2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/
   3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/
   4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/
   5. SpecialPageFactory::executePath() /var/www/mediawiki/w/includes/MediaWiki.php:288, referer: https://XXXXXXerv.de/sso-test/
   6. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:513, referer: https://XXXXXXerv.de/sso-test/
   7. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/

从堆栈跟踪中，我意识到在localsettings.php的媒体Wiki客户端设置中未定义scope，因此在设置范围之后，apache日志中没有出现任何错误，但是媒体wiki仍然显示内部错误

From the stack trace, I realized that scope is not defined in the media wiki client settings in localsettings.php, so after setting the scope I don't get any errors in the apache logs but media wiki still shows internal error Fatal exception of type "GuzzleHttp\Exception\RequestException

在进一步挖掘时，我发现我遇到了curl: (60) SSL certificate: unable to get local issuer certificate错误，我通过将CA Root添加到受信任的CA中来解决此错误，以获取更多信息，请参见

Upon more digging, I found out that I was getting a curl: (60) SSL certificate: unable to get local issuer certificate error which I solved by adding the CA Root to my trusted CA for more information see this post

解决此问题后，我只需要更正以下内容:

After solving this issue I just needed to correct the following:

$wgOAuth2Client['configuration']['username'] = 'user_login'; // JSON path to username
$wgOAuth2Client['configuration']['email'] = 'user_email'; // JSON path to email

查看有关通过WordPress鼓励单点登录的答案

see the answer for implenting SSO from WordPress

推荐答案

我能够按照以下步骤设置从WordPress到媒体Wiki的SSO(单点登录):

I was able to setup SSO (Single sign-on) from WordPress to media wiki, by following these steps:

1. 首先，您需要一台OAuth 2.0服务器，您可以自行实现该服务器.请在此处查看详细信息运行自己的OAuth 2.0服务器，或者最简单的方法是使用WordPress插件

1. First you need an OAuth 2.0 server, you could implement it your self see details here Run your own OAuth 2.0 Server or the easiest way is to use the WordPress plugin WP Oauth 2.0 server you don't have to buy the pro, you can also implement SSO by using the Grant type Authorization codes which comes free.

您需要在媒体Wiki上安装OAuth 2.0客户端扩展，可以在在这里，按照那里的安装说明进行操作.

You need OAuth 2.0 client extension installed on your media wiki, the extension can be found here, follow the installation instructions there.

转到WordPress插件页面并激活OAuth服务器，然后导航至OAuth服务器并添加新客户端，给您的客户端命名，并在重定向URI中在媒体Wiki扩展页面上添加链接提及，即http://your.wiki.domain/path/to/wiki/Special:OAuth2Client/callback ，然后转到OAuth>客户端"页面，您可以在其中看到新创建的客户端，单击编辑"，然后在这里您可以看到clientID和Client secret在媒体Wiki的localSettings.php中添加此ID和密码.

Go to WordPress plugin page and activate OAuth server, then navigate to OAuth Server and add a new client, give your client a name and in Redirect URI add the link mention on the media wiki extension page i.e http://your.wiki.domain/path/to/wiki/Special:OAuth2Client/callback, then go to OAuth>clients page where you can see your newly created client, click edit and here you can see clientID and Client secret add this ID and secret in the localSettings.php of your media wiki.

在WordPress上创建一个页面，并在其中放入带有您的客户ID的以下按钮

Create a page on WordPress and put the following button with your client id in it

< a href="https://your-Domain-Where-OAuth-server-is-running.de/oauth/authorize?response_type=code&client_id=YOURCLIENTID&state=RANDOM-STRING&scope=basic"> go to wiki</a> 不要忘记输入scope，否则您将收到媒体Wiki内部错误.

< a href="https://your-Domain-Where-OAuth-server-is-running.de/oauth/authorize?response_type=code&client_id=YOURCLIENTID&state=RANDOM-STRING&scope=basic"> go to wiki</a> don't forget to put scope otherwise you will get a media wiki internal error.

如果一切正常，那么从WordPress单击此按钮后，您应该自动转到媒体Wiki主页.媒体Wiki将向您显示已登录.我花了一些时间弄清楚了，我希望这对任何来这里的人都有帮助.

If everything worked fine then you should automatically go to the media wiki main page after clicking this button from your WordPress. media wiki will show you as logged in. It took me some time to figure it out I hope this helps anyone who comes here.

这篇关于从WordPress到媒体Wiki的单一登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！