Upgraded to MediaWiki 1.22.2 due to a critical flaw in Mediawiki; now I can't login anymore via VBSSO. It claims it logs in but it does not.

I successfully linked my wordpress with vbulletin but when I view the vbSSO settings, the vBulletin Usergroup and Wordpress usergroup are mapped but when I view a specific user, their usergroup is not correct. Any suggestions?

Not long after the blank screens appeared, they disappeared again.
But the mod still worked.

I've now upgraded to 4.2.2 (Even with plugins disabled, this mod caused me problems during the upgrade. I had to actually disable the mod as well).

Anyway due to the double posting issue in 4.2.2, I uninstalled VBSSO (and others plugins) in VB, and now I've reinstalled it I need to get to these screens to configure the platform for mediawiki.

I cannot access the above screens, or "Logging and Notification" or "Warnings".
I've read through a fair bit of this thread. Others have had similar issues, but no resolution has been posted.

I have made sure all VBSSO code is accessible, and I have disable all other plugins and it still doesn't work.

Anyone have any ideas how to resolve this?

After much trying. I had to set all VBSSO files to CHMOD 755.
Then i restarted apache a few times before it kicked in.
I now have access to all screens.

Works like a bought one.

30 days later and the bugs in this mod are still not resolved, or acknowledged by the developer. I would consider this mod "as-Is" "where-is" and "Unsupported"

Try contacting them again. A Developer may mark a mod as supported but simply forget to check in on it every so often or not at all, this depends solely on the developer respectfully.

Please note that when donating to a developer for a mod, you're doing just that and nothing more or less. This assumption some tend to have that you're entitled to "something" since you donated money is not accurate and is a false assumption - if you donate, then you donate out of the kindness of your heart, that is what a donation is meant to be and you will receive nothing in return unless the developer does so out of the kindness of their heart ;).

If this SSO "issue" is in fact a major security issue then please let us know and point out where/how you believe it to be so and we'll quarantine the mod and ask the developer to fix. Since there are many other variations of this mod meant to work with systems other than wordpress it will remain up and quite possibly another member may investigate and provide a fix before the developer does, that has happened in the past in other mod threads and will continue to happen :cool:.

Emailed them a few times, I will PM you the responses....

The issue is that the system allows you to register on either the vBulletin platform or the Wiki Media platform, bypassing normal registration channels and allows attackers to create user accounts. This is the entire point of the software, and it fails.

We have all normal registration paths disabled on our Wiki installs, funneling everything thru vBulletin/vBSSO, and we go thru and clear out 10 accounts a week on the Wiki that were never created within vBulletin. Add to that, as soon as an account is created on vBulletin, vBSSO creates the account on all other platforms, rather then waiting for the account to be approved.

We collect all the facts thrown here. MediaWiki changes their versions from time to time and there is a new bug https://bugzilla.wikimedia.org/show_bug.cgi?id=56269 impacted to the extension.

Single sign on between completely different platforms significantly depends on changes in that platforms, hosting configuration, .htaccess configuration, files permissions and a lot of other stuff.

Yes, of course it becomes more complex solution to support this and model is currently revised to publish out much better way to handle this.

You guys I meant that as an in-general statement regarding the Donate button here on most modification threads if the developer has entered in a paypal address in his/her settings it had nothing to do with the vbsso site at all... I see now that you meant their but ok so let's just agree to disagree here by reading the below :p.

I'm assuming that you must manually initiate an upgrade to mediawiki correct? If so then that means you cannot use a newer version with this mod or more specifically you cannot use a version higher than the one used before the bug was introduced until it is fixed (unless that bug has always existed). It's one of those scenarios we see on rare occasions where a mod has not been updated to run on a newer version of vBulletin or php for that matter and if it's someothing a site depends on heavily they tend to not upgrade until the mod is updated to work properly with vB/php version. What that bug states is what you're describing pmcpa and see the comment made on Feb 4th of this year per the link above, seems like a fix is planned for the next release of mediawiki.

xeagle thank you for the links and clarification ;).