单点登录从WordPress到媒体维基
问题描述:
I am trying to create Single sign-on from WordPress to MediaWiki. I have WPOauthServer running on my WordPress (WordPress plugin). And on my wiki I have Extension:OAuth2 Client installed. I want that my users only log in to WordPress and from there they can go to the wiki without logging to wiki again. The WPOauthServer is working fine, I am using the Grant type Authorization Code. I have tested by using curl and I am able to get the authorization code and using the authorization code I can acquire authentication token.
I have a button on my wordpress page with client id:
|
1 2 |
<a href=\"https://xxxxxx.de/oauth/authorize?response_type=code&client_id=XXXXXXXXX&state=123\">Connect Your Account</a> |
When I open the authorization link, I am redirected to the following redirect-URI that was set in client settings at server side:
|
1 2 |
https://wiki.XXXXXXXXXXXXX.de/wiki/Special:OAuth2Client/callback?code=farkmm4ttuwxnne8a9firwtdikmite788hwpyhzg&state=123 |
and here I get an internal error:
Fatal exception of type \"GuzzleHttp\\Exception\\RequestException
upon digging i found out that this exception is caused in the extension file AbstractProvider.php in the sendRequest function:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
/** * Sends a request instance and returns a response instance. * * @param RequestInterface $request * @return ResponseInterface */ protected function sendRequest(RequestInterface $request) { try { var_dump($request); $response = $this->getHttpClient()->send($request); var_dump($response); } catch (BadResponseException $e) { $response = $e->getResponse(); } return $response; } |
the exception is caused in $response = $this->getHttpClient()->send($request);
I think maybe there is something wrong with my request, doing a var_dump on request reveals the following:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
/var/www/mediawiki/w/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php:629: object(GuzzleHttp\\Psr7\\Request)[278] private \'method\' => string \'POST\' (length=4) private \'requestTarget\' => null private \'uri\' => object(GuzzleHttp\\Psr7\\Uri)[279] private \'scheme\' => string \'https\' (length=5) private \'userInfo\' => string \'\' (length=0) private \'host\' => string \'xxxxxxx.de\' (length=13) private \'port\' => null private \'path\' => string \'/oauth/token/\' (length=13) private \'query\' => string \'\' (length=0) private \'fragment\' => string \'\' (length=0) private \'headers\' => array (size=2) \'Host\' => array (size=1) 0 => string \'xxxxxx.de\' (length=13) \'content-type\' => array (size=1) 0 => string \'application/x-www-form-urlencoded\' (length=33) private \'headerNames\' => array (size=2) \'content-type\' => string \'content-type\' (length=12) \'host\' => string \'Host\' (length=4) private \'protocol\' => string \'1.1\' (length=3) private \'stream\' => object(GuzzleHttp\\Psr7\\Stream)[287] private \'stream\' => resource(18, stream) private \'size\' => null private \'seekable\' => boolean true private \'readable\' => boolean true private \'writable\' => boolean true private \'uri\' => string \'php://temp\' (length=10) private \'customMetadata\' => array (size=0) empty |
The stack trace from apache logs:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
Notice: Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/ Stack trace:, referer: https://XXXXXXerv.de/sso-test/ 1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/ 2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/ 3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/ 4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/ 5. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/MediaWiki.php:255, referer: https://XXXXXXerv.de/sso-test/ 6. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/ Notice: Undefined index: scopes in /var/www/mediawiki/w/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 54, referer: https://XXXXXXerv.de/sso-test/ Stack trace:, referer: https://XXXXXXerv.de/sso-test/ 1. {main}() /var/www/mediawiki/w/index.php:0, referer: https://XXXXXXerv.de/sso-test/ 2. MediaWiki->run() /var/www/mediawiki/w/index.php:42, referer: https://XXXXXXerv.de/sso-test/ 3. MediaWiki->main() /var/www/mediawiki/w/includes/MediaWiki.php:524, referer: https://XXXXXXerv.de/sso-test/ 4. MediaWiki->performRequest() /var/www/mediawiki/w/includes/MediaWiki.php:861, referer: https://XXXXXXerv.de/sso-test/ 5. SpecialPageFactory::executePath() /var/www/mediawiki/w/includes/MediaWiki.php:288, referer: https://XXXXXXerv.de/sso-test/ 6. SpecialPageFactory::getPage() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:513, referer: https://XXXXXXerv.de/sso-test/ 7. SpecialOAuth2Client->__construct() /var/www/mediawiki/w/includes/specialpage/SpecialPageFactory.php:382, referer: https://XXXXXXerv.de/sso-test/ |
EDIT:
From the stack trace, I realized that scope is not defined in the media wiki client settings in localsettings.php, so after setting the scope I don\'t get any errors in the apache logs but media wiki still shows internal error Fatal exception of type \"GuzzleHttp\\Exception\\RequestException
Upon more digging, I found out that I was getting a curl: (60) SSL certificate: unable to get local issuer certificate error which I solved by adding the CA Root to my trusted CA for more information see this post
After solving this issue I just needed to correct the following:
|
1 2 3 |
$wgOAuth2Client[\'configuration\'][\'username\'] = \'user_login\'; // JSON path to username $wgOAuth2Client[\'configuration\'][\'email\'] = \'user_email\'; // JSON path to email |
see the answer for implenting SSO from WordPress
网友观点:
I was able to setup SSO (Single sign-on) from WordPress to media wiki, by following these steps:
-
First you need an OAuth 2.0 server, you could implement it your self see details here Run your own OAuth 2.0 Server or the easiest way is to use the WordPress plugin WP Oauth 2.0 server you don\'t have to buy the pro, you can also implement SSO by using the Grant type
Authorization codeswhich comes free. -
You need OAuth 2.0 client extension installed on your media wiki, the extension can be found here, follow the installation instructions there.
-
Go to WordPress plugin page and activate OAuth server, then navigate to OAuth Server and add a new client, give your client a name and in Redirect URI add the link mention on the media wiki extension page i.e
http://your.wiki.domain/path/to/wiki/Special:OAuth2Client/callback, then go to OAuth>clients page where you can see your newly created client, click edit and here you can seeclientIDandClient secretadd this ID and secret in thelocalSettings.phpof your media wiki. -
Create a page on WordPress and put the following button with your client id in it
< a href=\\\"https://your-Domain-Where-OAuth-server-is-running.de/oauth/authorize?response_type=code&client_id=YOURCLIENTID&state=RANDOM-STRING&scope=basic\\\">
go to wiki</a>
don\'t forget to putscopeotherwise you will get a media wiki internal error. -
If everything worked fine then you should automatically go to the media wiki main page after clicking this button from your WordPress. media wiki will show you as logged in. It took me some time to figure it out I hope this helps anyone who comes here.
###
I followed Ahmad\'s answer above and got part way there. However I had to make a one line source code change and additionally configure the LocalSettings for media wiki as originally posted here: https://www.mediawiki.org/wiki/Topic:Ux1crr4vosyw0tjl
Repeated for convenience:
I finally got it working with these additional steps - editing my LocalSettings.php; xxxx is my website starting with https://
In addition to setting the secret and ID I had to fill in the the configuration parameters with these settings - these are from my site.
$wgOAuth2Client[\'configuration\'][\'authorize_endpoint\'] = \'xxxx/oauth/authorize\'; // Authorization URL
$wgOAuth2Client[\'configuration\'][\'access_token_endpoint\'] = \'xxxx/oauth/token\'; // Token URL
$wgOAuth2Client[\'configuration\'][\'api_endpoint\'] = \'xxxx/oauth/me?access_token=\'; // URL to fetch user JSON
$wgOAuth2Client[\'configuration\'][\'redirect_uri\'] = \'xxxx/mediawiki/index.php?title=Special:OAuth2Client/redirect&returnto=Special%3AUserLogin\';
$wgOAuth2Client[\'configuration\'][\'username\'] = \'user_login\'; // JSON path to username
$wgOAuth2Client[\'configuration\'][\'email\'] = \'user_email\'; // JSON path to email
$wgOAuth2Client[\'configuration\'][\'scopes\'] = \'openid email profile\'; //Permissions
$wgWhitelistRead = array(\\\"Special:OAuth2Client\\\");
Then I also had to make one code change in .../mediawiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php
protected function fetchResourceOwnerDetails(AccessToken $token)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
{ $url = $this->getResourceOwnerDetailsUrl($token); // Added this line so we can build the url request properly otherwise it didn\'t append the token to the api_endpoint $url = $url . $token; $request = $this->getAuthenticatedRequest(self::METHOD_GET, $url, $token); return $this->getResponse($request); } |
After that the plugin worked as expected.
Note on installation of the mediawiki extension I got these composer warnings - I believe they can be safely ignored...
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Package satooshi/php-coveralls is abandoned, you should avoid using it. Use php-coveralls/php-coveralls instead.
Also I found this link useful in understanding how to use the wordpress plugin: https://wp-oauth.com/docs/how-to/setup-wp-oauth-server-for-single-sign-on-with-wordpress/
And I found you can just add the OAUTH plugin to wordpress from your site\'s WP admin page - just click the Add Plugins button - or search for \\\"oath\\\" by WP Oauth Server There is no need to get it from their WP OATH website where you can only find the paid version.
1. 带 [亲测] 说明源码已经被站长亲测过!
2. 下载后的源码请在24小时内删除,仅供学习用途!
3. 分享目的仅供大家学习和交流,请不要用于商业用途!
4. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
5. 本站所有资源来源于站长上传和网络,如有侵权请邮件联系站长!
6. 没带 [亲测] 代表站长时间紧促,站长会保持每天更新 [亲测] 源码 !
7. 盗版ripro用户购买ripro美化无担保,若设置不成功/不生效我们不支持退款!
8. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解!
9. 如果你也有好源码或者教程,可以到审核区发布,分享有金币奖励和额外收入!
10.如果您购买了某个产品,而我们还没来得及更新,请联系站长或留言催更,谢谢理解 !
GG资源网 » 单点登录从WordPress到媒体维基
