Nonce error "OpenID authentication failed: Nonce already used or out of range"

Sorry I don't know if it's the correct place to voice out questions - correct me if it's not.

I just did what you told me last night (29 Aug 2011). I was correctly redirected to the Google Apps login page, and also the subsequent "XXXXXXXX (my URL) wants to access the following information" (etc.). But then I was stopped at an error with only 1 line of output: "OpenID authentication failed: Nonce already used or out of range". Any clue on this?

Thanks! I love this great extension - simple, easy to use, just great. 219.79.162.89 14:37, 29 August 2011 (UTC)

Did you make sure the tmp folder is writable ? Do you see the nounce files being created ? BertrandGorge 15:00, 29 August 2011 (UTC)

One thing is that we found that the extension doesn't work too well on a Windows setup - for some reason it started to work with a linux box only... Maybe a lead for you ! BertrandGorge 15:03, 29 August 2011 (UTC)

Oh yeah problem solved.

1) I just noticed that the tmp folder that came with the OpenID library (as linked from the wiki page) was actually NOT empty. And so when I am setting the correct permissions to it, I need to recursively chmod-ing it. That is, " chmod -R 777 tmp " instead of " chmod 777 tmp ".

2) Once I have made the #1 change, I encountered another error of "undefined function: FileCache::singleton() on line 2726 of includes/GlobalFunctions.php", even when I used a new browser to browse the wiki. My mediawiki was an old one, 1.14 version. I didn't touch any configuration concerning FileCache (and it should default to "false" ?) The problem doesn't go away even I switch on or off FileCache in LocalSettings.php. My solution was to (dirtily) amend GlobalFunctions.php and comment out that if() block and use only the else block. (very dirty indeed!) 202.55.50.236 17:07, 29 August 2011 (UTC)

Unable to change user permissions of auto-created accounts

Those accounts comes with "@domain.com", and when I try to change their user rights with the special pages, I was given the error of "cannot edit uesr rights of other wiki".

Soon I found in the manual pages that I need to have the "userrights-interwiki" for my bureaucrat group, so I added that in my LocalSettings. Then I was given another error of "Database mydomain.com does not exist or is not local."

Any help~? I suggest not storing the username with the domain - since with this extension we are allowed to use google apps of only one domain - so with "@domain.com" doesn't really make much difference. 202.55.50.236 18:04, 29 August 2011 (UTC)

What you say makes sense - I didn't know that MediaWiki accounts did interpret the @ sign somehow - anyway, it is easy to fix - just change the line that says " $username = $googleAccount['email']; ", with something like " $username = preg_replace('/@.*/', , $googleAccount['email']); " or something similar.... BertrandGorge 06:46, 30 August 2011 (UTC)

Yes you're right. That's what I did too! Many thanks! Highly appreciate the quick response from you. Ewcy 07:10, 30 August 2011 (UTC)

I added the following to LocalSettings.php:

1. Allow @ in username (# as delimiter for database instead of @)

$wgUserrightsInterwikiDelimiter = '#'

This changes the interwiki delimiter to a # instead of an @, allowing you to have @ in your username without trouble. I doubt anybody uses interwiki rights management except the Wikimedia Foundation itself; I really wish they just had interwiki disabled by default. Oh well. 76.10.122.190 18:36, 14 February 2012 (UTC)

Class DOMDocument not found in google_discovery.php

I got a blank page after installing this extension, and the subject contains what was in the log. I installed php-xml and that fixed it so I decided to put this here in case anyone else has this problem. 208.90.215.181 02:49, 13 October 2011 (UTC)

Thank you this worked for me! 64.236.128.41 20:59, 21 June 2012 (UTC)

Redirecting to login page after login

I was having an issue where after logging in from the home page, mediawiki would bring you straight back to the login page with a username and password field.

So I modified this code:

// Return URL

$config['return_server'] = (isset($_SERVER["HTTPS"]) ? 'https://' : 'http://') .$_SERVER['SERVER_NAME'].":".$_SERVER['SERVER_PORT'];

$config['return_url'] = $config['return_server'].$_SERVER['REQUEST_URI'];

to

// Return URL

$config['return_server'] = (isset($_SERVER["HTTPS"]) ? 'https://' : 'http://') .$_SERVER['SERVER_NAME'].":".$_SERVER['SERVER_PORT'];

if ($_REQUEST["title"] == $lg->specialPage("Userlogin")) {

$config['return_url'] = $config['return_server'].$_SERVER['SCRIPT_NAME'];

}

else {

$config['return_url'] = $config['return_server'].$_SERVER['REQUEST_URI'];

}

This resolved my issue. 208.97.104.194 17:43, 16 December 2011 (UTC)

Thanks! Had the same issue. (MW1.19.1) However you missed one simple line.

Before the code above add:

$lg = Language::factory($wgLanguageCode);

Otherwise you get a blank page. (Or PHP-Error of unknown $lg, depending on your debug settings.)

Additionaly, after Login I get a dialog asking if I wanted to purge the cache of the mainpage. (Usually only NOT logged in users should get that.) Fixed it by changing:

$wgOut->redirect($url."?action=purge");

to

$wgOut->redirect($url."?action=view");

Have to wait and see if there are serious isuess with with not-current mainpages. 5.28.71.149 14:59, 13 August 2012 (UTC)

I am still working through some issues here, but two modifications are already apparent to the above.

1. You need to also specify the global variable, $wgLanguageCode, at the top of the getGoogleAccount function.
2. The "?action=view" is not the proper query string syntax. It needs to be an "&" instead of a "?".

That all being said, I am noticing issues with this implementation when it comes to logging in from pages that aren't the main page. I'll update this once I've worked through those issues. Dyspatch (talk) 18:30, 14 August 2014 (UTC)

when i open my wiki URL then by default it shows Main page Not shows Login page how to do this

Means When i open URL The login page should open first not Main page 45.116.117.148 (talk) 12:58, 5 December 2019 (UTC)

Local Accounts?

Is it possible to still allow local accounts while using this? The extension causes the wiki to automatically login with a GoogleApps account, but we have some third party individuals we'd still like to have access to our wiki without providing Google Apps accounts to. 76.10.122.190 18:41, 14 February 2012 (UTC)

Hello, no you can't - it should be easy to modify the extension in order to allow it, but when we made the extension, our need was to have a transparent connection, with as little as possible burden for the end user... BertrandGorge 21:33, 14 February 2012 (UTC)

Please explain further regarding the local account with the google apps login 203.84.138.238 11:23, 10 September 2012 (UTC)

403 Forbidden error upon return

I installed and set up the extension.
When I try to login, I'm redirected to the Google login page (first time to my domain login page, but on later test to the standard login... nevermind, that's not the problem now).
I'm then asken to authorize mi URL site. Everything looks good so far.
But when I'm supposed to return to the site I get this:

Forbidden
You don't have permission to access /wiki/Especial:Entrar on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</pre>
(the "Especial:Entrar" is because the site is in spanish)

or

Forbidden
You don't have permission to access /index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</pre>

Depending on the URL I use.

I set the 777 permission to the whole extension folder and its child files/folder. Just in case.

Any idea? 186.19.202.202 22:43, 24 May 2012 (UTC)
Hi, the 404 error looks like the wiki is not fully configured - htaccess issue or something similar. Maybe a URL is misconstructed somewhere (a media wiki setup should never give you a 404, it should create a page at the minimum)... Other than that I can't really tell, I haven't encountered this error myself...! BertrandGorge (talk) 07:12, 25 May 2012 (UTC)
For anyone who wants to know, I fixed the problem.
It was an issue with the Apache module mod_security. It prevents from urls to appear in the query string, so parameters like "http://..." cause an error.
More info:
http://drupal.org/node/576270
http://ericbae.com/2011/06/22/solving-openid-redirect-error/
In my case, I asked my hosting provider (I'm on a shared hosting) to add a rule and it started working just fine. 186.19.202.202 21:06, 28 May 2012 (UTC)
Hi,
I have been searching for hours about the problem. Thankfully I came across your answer. I asked my provider to disable the rules described as above, and hopefully they will fix this very soon.
One question: are there any side effects by disabling the offending rule.
Regards,
Sam 94.227.33.46 15:10, 8 November 2012 (UTC)

"Endlessly" persistant logins

Great plugin, it solves one of the missing pieces in our Google Apps login project.

With that said, it seems that while users can logout successfully, they can also log back in without being logged in to Google Apps.

Say I login to my MediaWiki install (whether or not I'm logged into Apps already) and I end up back at Main_Page. If I click log out, I'm logged out and everything is peachy keen. Now, if I'm also logged out of Apps at this point, I can log right back in just by clicking the log in link in the header. That is to say, I don't need to be logged into Apps again to actually authenticate to the wiki; it lets me right back in. I'm not sure what's going on here, I suspect it has to do with the temp files, but erasing them isn't solving the issue. On the off chance it was OS or browser specific, several have been tried (Safari, Chrome, Firefox, on Windows and OS X - all latest versions as of this writing). The (Apache on Debian) web server user has full r/w permissions to the tmp directory and subdirectories.

If you have any insight as to how to solve this "endlessly" persistent login problem, that would be greatly appreciated. We've come up empty handed thus far.

Thanks! Jme2390 (talk) 17:48, 28 May 2012 (UTC)
implement userlogout hook and remove the session variable 122.201.18.155 08:58, 24 June 2013 (UTC)
$wgHooks['UserLogout'] = array('fnUnsetLoggedInUser');
function fnUnsetLoggedInUser() {
        session_unset();
        return true;
}

this works if you're logged out of google Willcwf (talk) 22:25, 17 July 2013 (UTC)

Permission

I would like to know about the permission in the mediawiki, if I use this extension
let say: sysops,beaurecrat,.... 220.255.2.25 02:32, 6 July 2012 (UTC)

Are there any concerns with bots reading pages for emails?

Can we use an obsfuator to stop this even the user:pages@googleappaccount.com is the page name? 24.106.160.179 06:08, 19 July 2012 (UTC)

Suggestion / Has any : set this up for multipel domains

Has anyone tried to get multiple domains working for instance gmail.com and somegoogleappaccount.com?

I would think you could just loop through the domains somewhere but I am not sure where.  Anyone have an idea? 50.137.193.149 03:51, 23 July 2012 (UTC)
I tried to address this, but ran into some lack of mediawiki experience snags. Any upvotes or tips are appreciated: http://stackoverflow.com/questions/21121253/mediawiki-extensiongoogleappsauthentification-multiple-domains Jslootbeek (talk) 18:22, 22 January 2014 (UTC)

Error with auth request

Hi, i am getting this error: 

Auth request object error. Try again

Is this probably related to the variable in LocalSettings.php, 'GoogleAppsDomain'?? i've set it this way:

$wgDefaultUserOptions['GoogleAppsDomain'] = 'google.com/a/myDomain.com';

Thanks in advance! Daniel.SL 15:24, 30 October 2012 (UTC)
The variable 'GoogleAppsDomain' should have the domain you want to allow logins from.
e.g. I only want google accounts with domain example.com to login, such as mom@example.com or dad@example.com:
$wgDefaultUserOptions['GoogleAppsDomain'] = 'example.com';
This way, jimmy@gmail.com won't be authenticated. 205.251.160.140 16:08, 22 July 2014 (UTC)

Navigation bar visible before login

Hello,

The navigation bar is visible to users who are not yet logged in. Is there any way to hide the navigation bar until users have logged in?

Jack 203.217.56.50 02:58, 18 January 2013 (UTC)
This might be a bit late for a response to this, but there is another extension for that which works quite well when combined with this one:
http://www.mediawiki.org/wiki/Extension:HideSidebar 71.237.180.113 20:42, 29 May 2013 (UTC)

Sometimes can not sign in after Google's response

It is very convenient to have people log on a wiki with Google credential. Thanks for Bertrand Gorge and Emanuele Nanetti for the great work.

http://www.mediawiki.org/wiki/Extension:GoogleAppsAuthentification

An issue is that sometimes, even with Google return the right credential, mediawiki (19.2) does not get people log in correctly.

So far, I found the root cause was with SpecialUserlogin.php and patched it.  Detail is here. 

http://stackoverflow.com/questions/18536237/mediawiki-extension-googleappsauthentification-can-not-sign-in-after-googles-r Llin.mitbbs (talk) 15:21, 30 August 2013 (UTC)

GoogleAppsAuthentication MediaWiki 1.22.1

Is the extention still valid for MediaWiki 1.22.1? It looks like it doesn't work anymore. Igor 11:44, 24 February 2014 (UTC)

How do I make myself administrator?

Hi,

ok, now I'm logged in ... but how do I make myself an administrator or bureaucrat?

Best,
Karsten 79.218.125.106 07:23, 3 April 2014 (UTC)
There should be a non-Google-Apps default account that you setup when you initially installed MediaWiki. Jasper Deng (talk) 02:28, 4 April 2014 (UTC)
When using GoogleAppsAuthentification you cannot login with another user. There is no other login screen than the google-oAuth screen. 93.218.115.162 16:51, 4 April 2014 (UTC)
In that case, you can assign it through database access. See Manual:User rights. Jasper Deng (talk) 04:24, 5 April 2014 (UTC)
mysql -u root -pPassword databasename
select user_id, user_name from user; -- find user_id of user, let's say: 2
insert into user_groups values (2, 'sysop'), (2, 'bureaucrat');
\q Koemski (talk) 06:59, 5 April 2014 (UTC)

Redirect to login page after login

(The solution outlined in 2012 further down this page doesn't work with mw 1.22)

After login I get redirected to the mediawiki login page. How can I get redirected to the page I was before or maybe the main page?

thx,
Karsten
PS: I use mw1.22.5 Koemski (talk) 17:57, 23 April 2014 (UTC)
bounce 93.218.105.206 16:43, 20 May 2014 (UTC)

Blank page

After installation when I click to login, I get a blank page. Any idea? 206.108.165.248 19:38, 8 September 2014 (UTC)
Error log post.
[08-Sep-2014 21:23:55 America/Detroit] PHP Fatal error:  Call-time pass-by-reference has been removed in /home/leobaeck/public_html/wiki/extensions/GoogleAppsAuthentication/Auth/Yadis/Manager.php on line 416 206.108.165.249 14:11, 10 September 2014 (UTC)
Remove ampersand from that particular line. 206.71.236.138 (talk) 22:17, 22 September 2015 (UTC)

Fatal error: Call-time pass-by-reference has been removed

Set up to use this one, but as soon as I try to log in I get

Fatal error: Call-time pass-by-reference has been removed in ..wiki/extensions/GoogleAppsAuthentication/Auth/Yadis/Manager.php on line 416

This seems to be an issue that other people have had, but can't find any solution Vrghost1 (talk) 11:04, 16 September 2015 (UTC)
Remove ampersand from that line. 206.71.236.138 (talk) 22:18, 22 September 2015 (UTC)