There is a an excellent tutorial on Medium.com called Mediawiki and Azure AD Single Sign On with step by step instructions how to set SSO for MediaWiki with Azure, but it’s a bit outdated.

One note is that the Reply URLs is now called “Redirect URIs” in Azure, in the Authentication tab. We also used both of these URI’s there:

https://wikisite.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
https://wikisite.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

as it wasn’t clear which one was working, but with both, it anyhow works. 🙂

Beyond that, the code for the username provided did not work for us, so we left the code and used this for the settings:

$wgSimpleSAMLphp_UsernameAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';

Aside from that, the basic directions there work. If you have any questions or need help, just contact us.

3 Comments

  • ana

    We have migrated MediaWiki from cloud to On-Premise. Is it possible to configure SSO via Azure AD for MediaWiki On-prem? Else, can you suggest any possible solution?

  • Roalt

    Thanks for posting this ‘change in Azure AD’ I was kinda looking where to change the Redirect URIs. So you confirmed my assumption.

    On the second issue you had on the UsernameAttribute. I think SimpleSAMLphp is not supporting arrays anymore by default. I did edit myself the extensions/SimpleSAMLphp/src/UserInfoProvider/Username.php and changed the getValue method so it supports an array with attribute references. The Method now looks like:

    public function getValue( $samlattributes ) {
    $usernameAttr = $this->config->get( ‘UsernameAttribute’ );
    $username = ”;

    if ( $usernameAttr === null ) {
    throw new Exception( ‘$wgSimpleSAMLphp_UsernameAttribute is not set’ );
    }
    // If no array given do normal behaviour
    if ( !is_array($usernameAttr) ) {

    if ( !isset( $samlattributes[$usernameAttr] ) ) {
    throw new Exception( ‘Could not find username attribute: ‘ . $usernameAttr );
    }

    $username = $this->normalizeUsername( $samlattributes[$usernameAttr][0] );
    } else {
    // when array given
    $username = “”;
    foreach( $usernameAttr as $arr_usernameAttr ) {
    if ( !isset( $samlattributes[$arr_usernameAttr] ) ) {
    throw new Exception( ‘Could not find username attribute: ‘ . $arr_usernameAttr );
    }
    $username .= $this->normalizeUsername( $samlattributes[$arr_usernameAttr][0] );
    }

    }
    $newTitle = Title::makeTitleSafe( NS_USER, $username );
    if ( $newTitle === null ) {
    throw new Exception( ‘Invalid username: ‘ . $username );
    }

    $username = $newTitle->getText();

    return $username;
    }

Leave a Reply

Your email address will not be published.