[15:11:08] Hello! I'm in a bit of a pickle. I've got several thousand users on an established wiki and about a dozen aren't able to authenticate using the SAML plugin for pluggable auth. I SUSPECT it's because the usernames have multiple capital letters. Is there any way to make usernames case insensitive? Or an easy way to change existing usernames to the [15:11:08] standard mediawiki case? [15:15:58] Or some other plausible reason why an authentication request would just not work for ~10 people out of thousands despite their accounts existing? [15:30:27] Ulfr: "Is there any way to make usernames case insensitive" => no. but as long as the MW username matches what SAML provides it really shouldn't matter [15:31:07] enable debug logging or work with the impacted users to capture the SAML data being passed to MW to see what might be happening; far better than guessing [15:33:59] moonmoon: That would be so nice. Unfortunately I'm not in a position where I can do that. The users experiencing the issue are primarily located on the opposite side of the world and don't really respond to questions. I suspect the problem is I'm getting data from a human, who is then submitting data for SAML authentication. [15:34:38] Like, I get a spreadsheet with users, and then they give that spreadsheet to their team. As far as I'm able to tell the usernames match. But it still says account not found. [15:38:48] see https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp#Debugging then; you'll want to enable debug logging, and that link gives you a string to grep for in the logs to find the specific issues (it's going to be a huge log file if you need to leave it enabled for a day) [15:40:43] once you know what the actual error is, it should be (hopefully) easier to solve :) [15:41:14] Would you believe me if I told you I tried that already and nobody who had the issue logged in? And they refuse to actually set a time for a call to help me figure it out :D [15:42:05] if [PluggableAuth] and [SimpleSAMLphp] are log groups, you can create logs only for that kind of messages https://www.mediawiki.org/wiki/Manual:How_to_debug#Creating_custom_log_groups . That would log only those lines, though, which may be inconvenient if useful debug info is on others [15:43:01] If your users don't care, why should you? :) [15:43:42] I really don't if I'm going to be honest, unfortunately management really does and I'm rather fond of being employed. [15:44:24] Tell management to tell the users? :P [15:45:03] You'd think that'd fix it! But it's a separate (much, MUCH larger company) who have listening issues with the little people like us [15:48:07] For the sake of my own sanity though, how likely is it that someone with an email like Testuser@domain.com would be able to get in just fine, while TEstuser@DOMAIN.COM wouldn't? [15:49:24] MW by default is username case sensitive [15:49:31] What random plugins do in the middle... [15:50:57] Yeahhhh, I know. Almost got fired for asking a user to reset their password so I could just get it fixed. [15:52:00] Sounds like a bad comperney to work for [15:52:43] It's just an EXTREMELY paranoid one with a chronic lawyer infestation. but you're also not wrong. Their idea of a small meeting has 30 people on the invite list [15:53:10] escalate to your own manager then? [15:53:27] "I dunno high speed, figure it out" :D [15:53:33] if they aren't terrible they should understand that this is something you need cooperation to solve [15:55:00] Yeah, I'll try again. Just was hoping there was a loosey goosey username toggle for troubleshooting. I'll figure it out though. Thanks very much for the advice [15:55:00] if they are terrible then get proficient at drafting CYA replies to people asking about the issue saying something like "it is impossible to diagnose or solve the issue without participation from the impacted users. Please let me know when they can be available for testing" [15:55:15] and then just ignore the issue until they come up for air :P [15:56:41] usernames in MW are case-sensitive except for the first character. there is no way to change that behavior in core. Your extension or upstream middleware could perform normalization before passing the username off to MW, but that's up to those components [15:59:48] Got it. Thank you. It's happy hour somewhere, right? [16:11:51] Thanks again! Have a good one.