search

TheNetworg / mediawiki-easyauth

Authentication plugin for MediaWiki to work with Azure App Service Authentication/Authorization feature.
MIT License
2 stars 2 forks source link

You are not allowed to access this site with account [ ]. Issuer was [ ]. #1

Open vaibhavmalushte opened 6 years ago

vaibhavmalushte commented 6 years ago

Hi,

I am getting below error.

You are not allowed to access this site with account [ ]. Issuer was [ ].

Kindly advise.

Thank you, Vaibhav

gotdibbs commented 6 years ago

I'm a .NET dev with limited PHP experience, but I also just received this error and was able to work around it. I by no means understand the inner workings of PHP or MediaWiki, but this is what I did:

  1. The variable $wgAuthRemoteuserIssuers in the AuthAzureEasyAuth.php should actually be $wgAuthAzureEasyAuthIssuers.
  2. I had no claim provided by Azure AD for UPN. I used the emailaddress claim instead as seen below.
private function getUpn()
{
    #return $this->getClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn");
    return $this->getClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
}

@vaibhavmalushte I think you may have even more issues thought as your issuer is coming across blank. Mine came through matching the value from LocalSettings.php.