Hi,
I tried installing this plugin (ver. 3.2.1 and 3.3.0.7) in a multijournal OJS installation (3.2.1.4 and 3.4.0.5) but when i click on the global plugin settings (for all journals) i get errors:
[php7:notice] PHP Notice: Trying to access array offset on value of type null in /var/www-data/ojs-3.2.1-4-test/plugins/generic/openid/forms/OpenIDPluginSettingsForm.inc.php on line 67, referer: https://xxx/ojs-test/index.php/index/admin/settings
[php7:error] PHP Fatal error: Uncaught Error: Call to a member function getPath() on null in /var/www-data/ojs-3.2.1-4-test/plugins/generic/openid/forms/OpenIDPluginSettingsForm.inc.php:126
Stack trace:
#0 /var/www-data/ojs-3.2.1-4-test/plugins/generic/openid/OpenIDPlugin.inc.php(184): OpenIDPluginSettingsForm->fetch()
#1 /var/www-data/ojs-3.2.1-4-test/lib/pkp/classes/controllers/grid/plugins/PluginGridHandler.inc.php(234): OpenIDPlugin->manage()
#2 /var/www-data/ojs-3.2.1-4-test/lib/pkp/classes/core/PKPRouter.inc.php(391): PluginGridHandler->manage()
#3 /var/www-data/ojs-3.2.1-4-test/lib/pkp/classes/core/PKPComponentRouter.inc.php(257): PKPRouter->_authorizeInitializeAndCallRequest()
#4 /var/www-data/ojs-3.2.1-4-test/lib/pkp/classes/core/Dispatcher.inc.php(143): PKPComponentRouter->route()
#5 /var/www-data/ojs-3.2.1-4-test/lib/pkp/classes/core/PKPApplication.inc.php(281): Dispatcher->dispatch()
#6 /var/www-data/ojs-3.2.1-4-test/index.php(68): PKPApplication->execute()
#7 {main}
thrown in /var/www-data/ojs-3.2.1-4-test/plugins/generic/openid/forms/OpenIDPluginSettingsForm.inc.php on line 126, referer: https://xxx/ojs-test/index.php/index/admin/settings
Settings are, however, working on a journal level. So, i guess this plugin doesn’t support multijournal OJS installation? Basically what i need is to be able to change authentication for all journals present in the multijournal installation and not per journal. Is there a way to do this?
Regards.
Hi @orcalator, thank you for using the plugin and reporting your issue.
First of all, we should keep an ojs installation/plugin version consistency. So for a v.3.4.X ojs we should use stable-3.4.0
branch.
If you can’t use github branches we can create a release for 3.4 asap.
Regarding the functionality you want to achieve: to use the plugin on the site level, you must enable it once from Administration -> Site Settings -> Plugins (tab) -> OpenID Authentication Plugin -> Enable
After that you can select Settings
and configure the plugin.
When all those are done, both the site level Login page and the Journal level login page should have the Authentication source that you have enabled, ready to be used.
Do you want to settle on an OJS version preferably >= 3.3.x and walk you through from there?
Hello Dimitris,
Thank you for help, i suppose you are a new developer working on this plugin. Nice to meet you I’d like to try stable-3.4.0 branch but i don’t see that branch in github. Is that a master branch? I only see master, stable-3.1.2 and stable-3.2.1 branch. Since i upgraded OJS to 3.4 i’d like to try openid stable-3.4.0. Can you provide me a link to the branch / zip ?
Regards,
Nino
Thanks @orcalator.
The repository that is actively maintained by PKP and should currently be used is https://github.com/pkp/openid
Thank you for info. I will try stable-3.4.0 and get back with info. Btw. your link is pointing to the wrong URL although the text link is fine
Regards,
Nino
1 Like
Hello @Dimitris_Efstathiou,
I just installed OJS 3.4 + openid plugin 3.4 from scratch and i can confirm it works fine. Now i have one question. I can’t get the plugin to sync. user data with my custom defined openid provider (https://aai.egi.eu/federation/egi/home). After successful authentication i’m redirected back to the OJS where i can choose to link account to the existing OJS account or register a new OJS account. In both cases data from openid provider is not transferred to the OJS, although i have “Enable OpenID provider user data synchronization” option checked in plugin settings. Data is also not synced when i do logout/login. Do you have an idea how this should work, maybe i’m missing something?
Regards.
Thanks @orcalator,
The feature should work on stable-3_4_0 branch.
Does the provider you are using expose the given_name
and family_name
claims from the profile
client scope?
Hi @Dimitris_Efstathiou,
The given_name and family_name claims are indeed available when the profile scope is requested. However, it’s important to clarify that these claims are provided from the UserInfo
endpoint, not from the ID token or the Access Token.
Regards.
1 Like
Hi @Dimitris_Efstathiou,
Any clues on this? I’m not sure i was clear in the last post - so my provider exposes given_name
and family_name
claims but i’m still not getting them inside OJS (no sync.).
Regards.
@orcalator yes the problem is what you are describing in your comment.
Right now the code is taking the claims from the ID token
directly, and it is not invoking the UserInfo endpoint
of the provider.
You can add an improvement request issue at the plugin’s repo regarding this.
A working approach for this could be following:
-
Use the already implemented UserInfo Endpoint Retrieval function: The profile
scope is already included in the OpenID Connect request. After calling validateAndExtractToken
, if the response lacks essential claims (given_name
, family_name
), fetch additional data from the UserInfo endpoint. Update updateUserDetails
to incorporate this fetched data.
-
Modify updateUserDetails
Logic: Update the function to check for claims in both validateAndExtractToken
and the UserInfo response, if available. This will ensure that all relevant user attributes are synchronized.