Extension:CentralAuth

MediaWiki extensions manual - list

CentralAuth Release status: stable
Implementation	User identity, Database, Special page, API
Description	Allows to merge accounts into global accounts
Author(s)	Brion Vibber
MediaWiki	1.11+
License	GPL
Download	Download snapshot Subversion [Help] Browse source code View code changes
Parameters $wgCentralAuthDatabase $wgCentralAuthAutoNew $wgCentralAuthAutoMigrate $wgCentralAuthStrict $wgCentralAuthDryRun $wgCentralAuthCookies $wgCentralAuthCookieDomain $wgCentralAuthCookiePrefix $wgCentralAuthAutoLoginWikis
Added rights centralauth-merge, centralauth-unmerge, centralauth-lock. centralauth-oversight, globalgrouppermissions, globalgroupmembership
Hooks used AuthPluginSetup AddNewAccount AbortNewAccount UserLoginComplete UserLoadFromSession UserLogout UserLogoutComplete GetCacheVaryCookies GetPreferences UserArrayFromResult UserGetEmail UserGetEmailAuthenticationTimestamp UserSetEmail UserSetEmailAuthenticationTimestamp UserGetRights UserSetCookies UserLoadDefaults getUserPermissionsErrorsExpensive MakeGlobalVariablesScript SpecialPasswordResetOnSubmit RenameUserWarning RenameUserPreRename RenameUserComplete
Check usage (experimental)

CentralAuth extension allows global/shared accounts between projects. This extension adds seven new special pages — Special:AutoLogin (unlisted special page), Special:CentralAuth, Special:GlobalGroupMembership, Special:GlobalGroupPermissions, Special:WikiSets, Special:GlobalUsers and Special:MergeAccount.

Warning: CentralAuth was designed specifically for Wikimedia projects which already had millions of accounts that needed to be merged into a global table. If you are starting a new wiki farm from scratch and have no need to merge existing accounts into a global table, it is much easier to set up global accounts using $wgSharedDB rather than using using CentralAuth. ^{[1] [2]} However, this provides no solution to the single-sign-on feature (sign-in on one wiki, like wikipedia.org, automatically makes the user signed-in to e.g. a shared repository under a different, shared domain, like commons.wikimedia.org).

CentralAuth development is closely tied to the MediaWiki core development trunk. Therefore, if you download the latest CentralAuth version, it may not work with older versions of MediaWiki.

[edit] Installation

See the setup section below for prerequisites to using CentralAuth. Then follow these instructions when you are ready to activate CentralAuth:

1. Download the latest snapshot and extract it to your extensions directory.
2. Select the database in which to want to CentralAuth's tables to be created (you may wish to create a new database named, for example, CentralAuth) and run central-auth.sql.
3. Add require_once ("$IP/extensions/CentralAuth/CentralAuth.php"); to LocalSettings.php for each of your wikis, or in another PHP file that is included in LocalSettings.php on each of your wikis.
4. The extension should be now active.

[edit] Setup

First, you'll need to configure your wiki family using $wgConf, or CentralAuth can't be used for your wiki family. This includes setting $wgLocalDatabases and assigning it to $wgConf->wikis, and $wgConf->settings (minimum is $wgCanonicalServer, $wgServer and $wgArticlePath). Follow the examples carefully. Make sure that you put the configuration code after the require_once ("$IP/extensions/CentralAuth/CentralAuth.php"); line in LocalSettings.php. If you are creating a new wiki family, bear in mind that it may be easier if the databases for the wikis in each group have the same suffix (e.g. hypothetical databases enwiki, dewiki, frwiki, etc., pertaining to wikis belonging to the same group, all have the suffix "wiki").

After installing the extension, you have to gather some data in the CentralAuth database. In order to retroactively set up global accounts, you will have to run the migratePass0.php and migratePass1.php scripts. The first one stores information about your wikis in the CentralAuth database, while the second one uses automatic migration heuristics to generate global accounts. A user can merge their accounts manually via Special:MergeAccount. Dry runs can be used for testing purposes.

There are various settings you may wish to modify (e.g. whether to provide single sign-on across a whole domain) listed in CentralAuth.php. In particular, you will want to override the default value of $wgCentralAuthDatabase if your CentralAuth database is named something other than 'centralauth'. Make sure you put such settings after the require_once line in LocalSettings.php, e.g.:

require_once ("$IP/extensions/CentralAuth/CentralAuth.php");
$wgCentralAuthDatabase = 'mycentralauthdatabase';

[edit] Cache issues

Setting up CentralAuth will require all your wikis to use the same cache server. If they all use memcached it shouldn't be a problem, however if they are configured with the default setting (CACHE_NONE) and use different databases (or prefixes) it won't work. Copy the objectcache table's structure to the CentralAuth database. This can be done by using a SQL command such as the following (which assumes your CentralAuth database is named centralauth and that your wiki is named enwiki):

CREATE TABLE centralauth.objectcache LIKE enwiki.objectcache

You also need to configure the following:

$wgSharedDB     = 'centralauth'; // or whatever database you use for central data
$wgSharedTables = array( 'objectcache' ); // remember to copy the table structure's to the central database first
$wgMainCacheType = CACHE_DB; // Tell mediawiki to use objectcache database instead of nothing

[edit] Use

Allows for a single-user login (SUL) system in place using MediaWiki's AuthPlugin system. User creation and login is done globally using one central user table across all wikis. Note that local user accounts are automatically created on account creation/login however.

[edit] Licensing and downloads

The extension is available under the GNU General Public License 2.0 or later, and can be downloaded from Subversion, or accessed via the web-based viewer.

The software is provided as-is. Updates will be made according to the needs of Wikimedia wikis; or where critical vulnerabilities are discovered.

[edit] Hooks

This extension adds one new hook:

• CentralAuthWikiList

[edit] References

1. ↑ [Mediawiki-l] CentralAuth problems: Help required
2. ↑ [Mediawiki-l] Need help with CentralAuth

[edit] See also

• m:Single login specifications
• m:Help:Unified login
• $wgSharedDB
• Global session threat assessment
• en:Wikipedia:Integrated watchlists

This extension is being used on one or more of Wikimedia's wikis. This means that the extension is stable and works well enough to be used by such high traffic websites. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page.