pitbulk / dokuwiki-saml Goto Github PK

The savedir parameter of dokuwiki is by default set to ./data. If you run Dokuwiki with this kind of configuration, when using the dokuwiki-saml plugin, the media breaks (i.e. pictures stop loading). Also, the media manager becomes unaccessible, because it thinks an admin is no longer an admin.

saml_user_file is set here using $conf['savedir']

saml_user_file is later referenced in different places, such as here:

However! Depending on where exactly where the code is called from, the current working directory can be different, resulting in that sometimes, when you use a relative path like this, it tries to look at the wrong path. This is true when trying to use media manager.

Workaround: Made sure that $conf['savedir'] is configured as an absolute path, i.e. /var/www/dokuwiki/data in my install. (This is what I've done in my install, rather than try to fix this bug.)

Hi! I've been trying to use your plugin on the latest version of DokuWiki (2020-07-29 "Hogfather"). I am able to install it from the plugins page, but the plugin does not show up as an auth option. This is fixed by manually installing the folder instead; after that it does show up. So perhaps there is an issue in the structure of the plugin. But admittedly, the install instructions also say to copy the folder, so this might be known.

However, then there are further issues. I have it setup as INTERNAL AUTH BACKEND + SAML, and am using 'use_internal_user_store' = true and 'force_saml_login' = false (but I have also tried the other permutations). I get a new shiny login button above the standard one on my login screen, and clicking it does redirect me to the simpleSAMLphp page of choice. But after signing in, I am returned to the login screen, without any error messages. Logging in using internal auth credentials has the exact same problem, you just return to the login page. Disabling the plugin restores normal login behaviour.

It looks like session cookies are not created correctly upon successful SAML authentication with this plugin. My account is a member of a group that is listed in $conf['manager'] and $conf['superuser']. It has admin privileges everywhere in dokuwiki, except in ACL management section and media manager.

Particularly, in ACL management section, when I choose any group from the dropdown list, I see "for admins only" error.

When I go to Upload tab in Media Manager, I see "Sorry, you don't have enough rights to upload files." error.

There are no such issues while using other authentication methods (e.g. authplain, authldap).

After setting the authentication with SimpleSAMLPHP and OpenAm, I first experienced problems with Session Lost, then I switch from PHPSESSID to memcached, but even so, my Dokuwiki doesn't map the user's groups and roles. I've created and gave permission for groups matching the OpenAm groups attribute via ACL manager, but nothing happens. I can loggin but I can't edit or even read.

I'm trying to get this plugin to work with latest version of DokuWiki (Frusterick Manners), but it doesn't work as expected.

Are there plans to update this plugin to support Frusterick Manners?

I had created a shib auth plugin for the old dokuwiki auth mechanism and there i create a "cache" file to store the mapping shib unique id -> display name. so that the "recent changes" etc. would display useful names instead of the crypted unique ID which doesn't contain the users name. Would be happy to see a similiar function in this plugin.

On a fresh install of 2018-04-22b "Greebo" running on up-to-date Ubuntu 18.04, I get the following when I enable authtype=authsaml:

DokuWiki Setup Error
Something unforseen has happened: Maximum action transitions reached

The wiki becomes completely inaccessible at this point. Reverting to authplain and the wiki comes back. No errors to be seen in the debug or apache logs.

PHP version is 7.2.10-0ubuntu0.18.04.1

Any ideas?

I can't get this plugin work.
If I set
$conf['authtype'] = 'authsaml'
then it won't update the users.saml.php file.

if $conf['authtype'] = 'authplain' then it updates the file correctly after login.
To get SAML work I need to set $conf['authtype'] = 'authsaml' and use the use the external saml_user_file

in authsaml\conf\default.php
'use_internal_user_store' => false,

Any help would be appreciated.

DokuWiki version: 2020-07-29 "Hogfather"

In lib/plugins/authsaml/conf/default.php: 'force_saml_login' => true,

In conf/local.php: $conf['authtype'] = 'authsaml';

Expected behaviour: plain authentication prompt is hidden, with only a link to idP present.

Actual behaviour: both a link to idP and plain authentication prompt are displayed.

DokuWiki version: 2020-07-29 "Hogfather"

Expected behaviour: upon successful authentication, idP redirects back to https://wiki.example.com/doku.php.

Actual behaviour: upon successful authentication, idP redirects to https://idp.example.com/module.php/core/frontpage_welcome.php and prompts to login as admin.

Then I have to go to https://wiki.example.com/doku.php?id=start&do=login&sectok= manually and refresh the page with no cache before the authenticated user is finally added to data/users/saml.php.

Warning: Declaration of action_plugin_authsaml::register(Doku_Event_Handler &$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /var/www/html/wiki/lib/plugins/authsaml/action.php on line 112

Warning: Declaration of auth_plugin_authsaml::trustExternal() should be compatible with DokuWiki_Auth_Plugin::trustExternal($user, $pass, $sticky = false) in /var/www/html/wiki/lib/plugins/authsaml/auth.php on line 20

Warning: Declaration of auth_plugin_authsaml::getUserData($user) should be compatible with DokuWiki_Auth_Plugin::getUserData($user, $requireGroups = true) in /var/www/html/wiki/lib/plugins/authsaml/auth.php on line 20

Can any changes be made to fix this?

This plugin seems to make use of one or more form related action events that will be removed in the next DokuWiki release. Please have a look at https://www.patreon.com/posts/better-forms-58551930 for details.

My apologies if this has already been addressed in your code. If you have any questions on how to implement the needed changes please let me know.

It appears that user's group membership is not updated when membership gets updated on the Idp side. Once user's first login is completed the group membership remain permanent regardless if it changed on the idp side unless that user is manually purged from the users.saml.php file.