SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists Backtrace:

[arinaslayer]

Mediawiki 1.32.2 Php: 7.3.28 

apache2handler Mariadb:10.2.33

Simplesamlphp extension: 1.35 (github)

Pluggableauth extension: 1.35(github) Simplesamlphp software:1.19.3

I’m trying to implement SSO in Azure AD for on prem

[acb3c984ef5311d0f7784f6f] /index.php/Special:PluggableAuthLogin PDOException from line 175 of E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists Backtrace:

0 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(175): PDO->exec(string) 1 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php(78): SimpleSAML\Store\SQL->initKVTable() 2 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store.php(52): SimpleSAML\Store\SQL->__construct() 3 E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\SessionHandler.php(138): SimpleSAML\Store::getInstance() … .”

Anyone familiar with this error? I have dropped the table but it still appear the error. I think it detecting me to attempt recreating the table again.

What I have tested: 

1. In PHP installation status page, 3 things are not available. We are not using LDAP extension and we did not setup for predis or memcache and it is optional.

2. E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists- this error only displayed when I change the datastore type from 'phpsession' to 'sql' in the config.php file. If I change back to phpsession, it will shows a different error to my wiki page" [57e819a89ff1f7965dc9f1f6] /index.php/Special:PluggableAuthLogin InvalidArgumentException from line 203 of E:\Apache24\htdocs\includes\session\SessionManager.php: Invalid session ID".

My configuration in config.php file are as below:

 'store.type' => 'sql',

'store.sql.dsn' => 'mysql:host=xxx;port=xxxxdbname=xxxx', 'store.sql.username' => 'xxx', 'store.sql.password' => 'xxxx',

3. I have tested the authentication for default-sp and it redirects me to IDP. After entering my credentials, I've been redirected back to the test page with list of attributes. But, in simplesatlphpinstallation page, it already shows SAML 2.0 IDP as green and checked.

4. As for PHP Sanity page, everything is green and no error display.

5. In the federation tab, it shows our SAML 2.0 SP metadata and SAML 2.0 IdP Metadata (Trusted). It looks fine and I exchange the Metadata to IDP(Azure) and it has reflected in this page.

6. When I declare the PluggableAuth and SimpleSAMLphp extensions in localsettings.php, it was able to update in special version page. But now, I've commented out the code below since the library itself not working by showing E:\Apache24\htdocs\simplesamlphplib\lib\SimpleSAML\Store\SQL.php: SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'SimpleSAMLphp_kvstore' already exists

1. PluggableAuth
2. wfLoadExtension( 'PluggableAuth' );
3. $wgPluggableAuth_EnableAutoLogin = false;
4. $wgPluggableAuth_EnableLocalLogin = false;
5. $wgPluggableAuth_EnableLocalProperties = false;
6. $wgPluggableAuth_ButtonLabelMessage = "Login";
7. $wgPluggableAuth_Class = 'SimpleSAMLphp';
8. $wgGroupPermissions['*']['createaccount'] = true;
9. $wgGroupPermissions['*']['autocreateaccount'] = true;

1. SimpleSAMLphp
2. wfLoadExtension( 'SimpleSAMLphp' );
3. $wgSimpleSAMLphp_InstallDir = "E:\Apache24\htdocs\simplesamlphplib";
4. $wgSimpleSAMLphp_AuthSourceId = "default-sp";
5. $wgSimpleSAMLphp_RealNameAttribute = [ 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];
6. $wgSimpleSAMLphp_EmailAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
7. $wgSimpleSAMLphp_UsernameAttribute = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid';

I'm not sure what else could be the misconfiguration in the simplesamlphp library that can cause the table to recreate. ..:(

Anyone please help...

[Peter Schober]

* arinaslayer <arinasha...@gmail.com> [2021-11-21 08:01]:

> 3. I have tested the authentication for default-sp and it redirects
> me to IDP. After entering my credentials, I've been redirected back
> to the test page with list of attributes.

That means SimpleSAMLphp itself is working fine.
The rest is up to the external code you're using (the Mediawiki
extension).

> But, in simplesatlphpinstallation page, it already shows SAML 2.0
> IDP as green and checked.

You said "Azure" is your SAML IDP so your SimpleSAMLphp instance
should not be configured as a SAML IDP.
(This has nothing to do with the problems you're having but should
still be fixed.)

> 1. PluggableAuth
> 2. wfLoadExtension( 'PluggableAuth' );
> 3. $wgPluggableAuth_EnableAutoLogin = false;
> 4. $wgPluggableAuth_EnableLocalLogin = false;
> 5. $wgPluggableAuth_EnableLocalProperties = false;
> 6. $wgPluggableAuth_ButtonLabelMessage = "Login";
> 7. $wgPluggableAuth_Class = 'SimpleSAMLphp';
> 8. $wgGroupPermissions['*']['createaccount'] = true;
> 9. $wgGroupPermissions['*']['autocreateaccount'] = true;
>
> 1. SimpleSAMLphp
> 2. wfLoadExtension( 'SimpleSAMLphp' );
> 3. $wgSimpleSAMLphp_InstallDir = "E:\Apache24\htdocs\simplesamlphplib";
> 4. $wgSimpleSAMLphp_AuthSourceId = "default-sp";
> 5. $wgSimpleSAMLphp_RealNameAttribute = [ '

> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'
> ];

> 6. $wgSimpleSAMLphp_EmailAttribute = '
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
> 7. $wgSimpleSAMLphp_UsernameAttribute = '

> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid';
>
> I'm not sure what else could be the misconfiguration in the simplesamlphp
> library that can cause the table to recreate. ..:(

I haven't used Mediawiki in well over a decade and even then that was
without using SimpleSAMLphp for the SAML implementation, sorry.
(I.e., I have no personal experience with the external,
non-SimpleSAMLphp extension code you're trying to use there.)

The people having written the above pieces of code, esp the extension
to use SimpleSAMLphp from Mediawiki's PluggableAuth extension should
be able to provide that help. (It's their code, after all.)
I doubt they're providing that support on this list, though.

-peter

[arinaslayer]

Hi Peter, 

Thanks for your response and i did the changes on the SAML idp based on your suggestion.

Apparently, the issue came from the library from SQL.php file. There is something wrong with $table_updates query since it acts as a latest version. So i comment out the table updates class and replace the value as $latest_version and it bypass the error. 

Where can i contact the developer directly so that i can share my experience so that they can advise or change accordingly?

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:

https://simplesamlphp.org/support

Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.

Make sure to read the documentation:

https://simplesamlphp.org/docs/stable/

If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:

http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/mp9lNuC56Wo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/20211122002357.6qw5eqeza4nxe3o5%40aco.net.

[Peter Schober]

* arinaslayer <arinasha...@gmail.com> [2021-11-25 04:25]:

> Where can i contact the developer directly so that i can share my
> experience so that they can advise or change accordingly?

You mean the devlopers of the MediaWiki extension code?
Seems there are links to code and issue trackers right there:
https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp

-peter

[arinaslayer]

It came from the simplesamlphp library (the software) should i just report here on the bugs that i found? 

Also, How to hide SimpleSAMLphp Installation web page to our internal users? But just to let you know that the external users are not able to access the page. It seems like all of my users able to access this page. Example link:https://xxxxxxxxxx/simplesamlphplib/www/module.php/core/frontpage_welcome.php

I would like to restrict the admin only to be able to access the simplesamlphp installation page. I haven’t found the solution in this group. 

Appreciate your guidance in this matter!

Thanks in Advance!

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:

https://simplesamlphp.org/support

Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.

Make sure to read the documentation:

https://simplesamlphp.org/docs/stable/

If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:

http://catb.org/~esr/faqs/smart-questions.html
---

You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/20211125091712.lhl7b5eiwzz5j4fk%40aco.net.

[Peter Schober]

* arinaslayer <arinasha...@gmail.com> [2021-11-25 13:45]:

> It came from the simplesamlphp library (the software) should i just
> report here on the bugs that i found?

Sure. I doubt the bug is in SimpleSAMLphp itself but someone checking
your report can determine that better there.

> Also, How to hide SimpleSAMLphp Installation web page to our internal
> users? But just to let you know that the external users are not able to
> access the page. It seems like all of my users able to access this page.
> Example link:
> https://xxxxxxxxxx/simplesamlphplib/www/module.php/core/frontpage_welcome.php
>
> I would like to restrict the admin only to be able to access the
> simplesamlphp installation page. I haven’t found the solution in this
> group.

AFAIK current releases can disable the admin web UI completely but any
SimlpeSAMLphp release has always had the ability to keep people out of
your admin UI by setting these parameters in config.php:

/*
* This password must be kept secret, and modified from the default value 123.
* This password will give access to the installation page of SimpleSAMLphp with
* metadata listing and diagnostics pages.
* You can also put a hash here; run "bin/pwgen.php" to generate one.
*/
'auth.adminpassword' => '...',

/*
* Set this options to true if you want to require administrator password to access the web interface
* or the metadata pages, respectively.
*/
'admin.protectindexpage' => true,

Disabling the 'admin' itself in authsources.php was also a common
workaround, I think.

-peter