Its not CGI support so much as if MW detects it can properly use $_SERVER['PATH_INFO']. Generally speaking, this is true provided your PHP sapi is not cgi, apache2filter, or isapi. Of course, if you have set $wgArticlePath yourself, then this auto-detection stuff is overridden.
-- Brian On Mon, Dec 19, 2016 at 7:04 PM, Cindy Cicalese <[email protected]> wrote: > Scott, > > I double checked the Short URL manual page [0], because you mentioned that > you planned to switch to short URLs due to this issue. We do not use short > URLs, so there must be something else going on. What struck me on the > manual page, was the following: > > MediaWiki's default page addresses looks like these examples: > http://example.org/w/index.php/Page_title *(recent versions of MediaWiki, > without CGI > <https://en.wikipedia.org/wiki/Common_Gateway_Interface> support)* > http://example.org/w/index.php?title=Page_title *(recent versions of > MediaWiki, with CGI support)* > > > Our URLs are consistent with the first case and yours are consistent with > the second. However, we do have CGI enabled. Maybe somebody on the list can > elaborate on why the format of the URLs might be different? > > Regardless, the best fix for this situation would be for the OpenID Connect > library used by the extension not to strip off the URL parameters. Yes, please > report the second bug you found in the OpenID Connect library directly on > the GitHub page for that library. While you are at it, you could also > report the bug/feature that strips the URL parameters off the redirect URL. In > the meantime, I will add some text to the OpenID Connect extension page > indicating the known bug. > > [0] https://www.mediawiki.org/wiki/Manual:Short_URL > > Cindy > > Date: Fri, 9 Dec 2016 14:48:01 -0600 >> From: Scott Koranda <[email protected]> >> To: [email protected] >> Subject: Re: [MediaWiki-l] OpenID Connect extension and redirect_uri >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=us-ascii >> >> > You are correct: the redirect_uri parameter should be pointing back to >> > Special:PluggableAuthLogin. From your example below, it should look >> > something like: >> > >> > redirect_uri=https%3A%2F%2Fmyserver.org%2Fw%2Findex.php >> > %2FSpecial%3APluggableAuthLogin >> > >> > The redirect_url is computed by the code at [0], which discards all query >> > parameters. As long as you are being redirected to OIDC from >> > https://myserver.org/w/index.php/Special:PluggableAuthLogin, you should >> be >> > fine. If you are being redirected from >> > https://myserver.org/w/index.php?title=Special:PluggableAuthLogin, >> however, >> > the title would be stripped off. >> > >> > PluggableAuth is redirected from Special:UserLogin to >> > Special:PluggableAuthLogin by creating the URL at [1] using >> > >> > Title::newFromText( 'Special:PluggableAuthLogin' )->getFullURL() >> > >> > and then being redirected to it. Could getFullURL() be generating the URL >> > in "?title=..." form on your server? Perhaps because of [2]? If so, >> please >> > let me know. There would have to be a fix to prevent the title query >> > parameter from being stripped. >> >> Thank you Cindy. That was the hint I needed. >> >> Although I have experience with OIDC I am new to MediaWiki and >> I had not yet configured "short URLs". After making the >> necessary changes in my Apache HTTP Server and MediaWiki >> configurations to support short URLs the extension then began >> to generate a correct redirect_uri value. >> >> Should the use of short URLs be mentioned as a requirement for >> the OpenID Connect extension, or is it the case that not using >> short URLs is so rare as to not warrant mentioning it >> explicitly? >> >> I now have the extension interoperating with my desired OP >> (not Google FWIW). I did, however, find a small bug. >> >> The OP returns an authorization code value that is a URI. As >> such it is URL-encoded in the POST body being sent back to the >> extension. The extension, however, does not URL-decode the >> value so when it later attempts to exchange the code for the >> ID token it correctly URL-encodes the code but now it is >> "double encoded" and rejected by the OP. >> >> It appears that this is really an issue in the OpenID Connect >> PHP library that the OpenID Connect extension includes. Should >> I open an issue directly with that project or as the extension >> author would you prefer to do that? Or should I just open an >> issue for the OpenID Connect extension? >> >> Thanks, >> >> Scott K >> >> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> MediaWiki-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> >> >> ------------------------------ >> >> End of MediaWiki-l Digest, Vol 159, Issue 7 >> ******************************************* >> > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
