Jump to content
  • 0

Issues & Questions with Extension:GoogleLogin


Nicolas

Question

Hi,

We are new with MediaWiki and it seems to be the perfect solution to set up a private wiki for our company. All our users are managed with G-Suite with a specific domain name, so we are hoping to use the GoogleLogin extension to restrict user with email based on our domain.

I have set up a fresh install of MediaWiki on a subdomain of our server.
I have installed Extension:GoogleLogin by following the steps in the extension documentation.
I updated the settings in the LocalSettings.php file with the following:

$wgGLSecret = 'XXXXX';
$wgGLAppId = 'XXXX';
$wgGLAllowedDomainsDB = true;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['sysop']['managegooglelogindomains'] = true;
$wgWhitelistRead = array( 'Special:GoogleLoginReturn' );


Then I ran the update.php script

 

From there I have three questions:

1/ When I go to my special pages, I can now see the Manage GoogleLogin connections and Log in with Google pages, but can't find the Special:GoogleLoginAllowedDomains like described in the documentation. When I try to load this page, I am landing on the No such special page. So I can't access the settings to restrict the domain.... what did I miss or did wrong?


2/ Is that true that we need to ask each staff member to go activate their Google+ profile in order to use the Google Login Authentification on the wiki? What happen if they never configure their Google+ profile?
 

3/ I am currently the only user of the wiki. What's the best way to import all the G-Suite users into the Wiki User database to give them all access to it?

 

Thank you in advance for your support. :D

Link to comment
Share on other sites

6 answers to this question

Recommended Posts

  • 1

It looks like you have an outdated version of GoogleLogin, please download an updated version (the most recent one). There are no changes between 1.27 and recent mediawikis which should make it incompatible, and it appears there have been numerous bugfixes made since the version you have. The lack of special page showing up may be one of them. Go through the normal install instructions to update (including running `composer update --no-dev` and the update.php maintenance script).

For question 2, as I said before, I seriously doubt it requires a Google+ id. What you can do is test with your own account, a dummy/test account, a co-worker, or your supervisor to see if they can log in without having a Google+ profile.

For question 3, the user should click "Log in with Google" without filling in any of the other fields (username/password). If you still get this message even after doing that, and have updated to the latest version (as mentioned in the first paragraph), then something is screwy either with your setup or with the extension.

Link to comment
Share on other sites

  • 1

1. Make sure that those settings are underneath the require_once line for the extension. If you did that, re-run update.php just to be sure. After doing that, see if you can see "Administrate allowed domains for GoogleLogin" in your Special pages list (Special:SpecialPages). If not, we'll need to do some more investigation. What version of MediaWiki and what version of GoogleLogin did you install?

2. I would sincerely doubt that a Google+ profile is required for this extension to work, but I don't know for sure. The Google+ API mentioned in the documentation is how you set up the authentication against Google's servers, not a requirement that each of your users has to go through.

3. An account will be automatically created for them on-wiki the first time they log in using Google, there is no need to import users in bulk.

By the way, it wasn't asked but you can disable normal login (and therefore force Google login) with the following settings at the end of your LocalSettings.php:

$wgAuthManagerConfig = $wgAuthManagerAutoConfig;
// disable local password authentication
unset($wgAuthManagerConfig['MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider']);
// disable sign-ups on wiki
$wgGroupPermissions['*']['createaccount'] = false;
// but allow the auto-creation of accounts via GoogleLogin
$wgGroupPermissions['*']['autocreateaccount'] = true;

 

Link to comment
Share on other sites

  • 0

Thank you Skizzerz for your response.

1. I moved the settings underneath the require_once and re-ran the update.php but no changes, I can't find the "Administrate allowed domains for GoogleLogin" in the Special pages list.... I am running MediaWiki 1.29.2 and GoogleLogin 0.4.0-git (7958904). Here is a preview of the end of my LocalSettings.php:


/* GoogleLogin */
require_once "$IP/extensions/GoogleLogin/GoogleLogin.php";

$wgGLSecret = 'XXXX';
$wgGLAppId = 'XXXX';
$wgGLAllowedDomainsDB = true;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['sysop']['managegooglelogindomains'] = true;
$wgWhitelistRead = array( 'Special:GoogleLoginReturn' );

 

2.Well, it seems that GoogleLogin is storing the Google User ID and the only way to have a Google User ID seems to activate a Google+ profil for each user.

 

3. If a user without an account on the wiki tries to login using Google, they get the following message: "The supplied credentials are not associated with any user on this wiki."

5a0f1b573b261_ScreenShot2017-11-17at9_24_17AM.png.aa2e74ade3454167e6dac4fdc0988a5b.png

 

Thank you for the tip regarding disabling the normal login, I think I'll do that once we have the Google Login to work properly.

Link to comment
Share on other sites

  • 0

Ok so I have installed GoogleLogin 0.4.0-git (f594074) and I can now see the "Administrate allowed domains for GoogleLogin" special page. But when I try to add a domain, I am having an error message:

Quote

Internal error
[Wg9vCY8R3IkKQvESrdJs1AAAARU] 2017-11-17 23:21:45: Fatal exception of type "MWException"

 

Link to comment
Share on other sites

  • 0

I fixed my first issue by re-installing a clean install of MediaWiki 1.29 and GoogleLogin 0.4.0-git (f594074). That seems to work fine for now.

I tried your piece of code to disable normal login (and therefore force Google login) with the following settings at the end of LocalSettings.php and I end up with only the normal login....

$wgAuthManagerConfig = $wgAuthManagerAutoConfig;
// disable local password authentication
unset($wgAuthManagerConfig['MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider']);
// disable sign-ups on wiki
$wgGroupPermissions['*']['createaccount'] = false;
// but allow the auto-creation of accounts via GoogleLogin
$wgGroupPermissions['*']['autocreateaccount'] = true;

 

So I removed the first part and just left the autocreate setting but that doesn't seem to work. When I try to login through Google with a user account that is not register on the Wiki, I am having the following issue:

The supplied credentials are not associated with any user on this wiki.

 
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.