Extension:MultiAuthPlugin
From MediaWiki.org
 Release status: stable |
|||
|---|---|---|---|
| Implementation | User identity | ||
| Description | single plugin to manage all possible authentication scenarios | ||
| Author(s) | Florian Löffler, RRZE (unrza249Talk) | ||
| Last Version | 1.2.0 | ||
| MediaWiki | All, verified with v1.13.4, v1.15.1 | ||
| License | GPLv3 | ||
| Download | http://svn.berlios.de/svnroot/repos/multiauth http://multiauth.berlios.de |
||
|
|||
|
|||
|
check usage (experimental) |
|||
Contents |
[edit] Introduction
At the Regional Computing Centre Erlangen (RRZE) we use MediaWiki in many projects for documentation and publication purposes.
With the development of a Single Sign On infrastructure based on SimpleSAMLphp and Shibboleth we needed to make MediaWiki SSO capable in a flexible and easily configurable way. We are aware that there are already extensions out there providing simple SSO capabilities, but we wanted more.
So we started developing the MediaWiki MultiAuthPlugin with the goal to provide a single plugin to manage all possible authentication scenarios with one single extension -- for example local authentication via original MediaWiki login dialog (as fallback), SSO via Shibboleth, SSO via SimpleSAMLphp, and so on (to be extended).
[edit] Features
The MultiAuthPlugin hacks into MW's UserLoadFromSession Hook and replaces the global $wgAuth authentication instance to take complete control of the user authentication.
In addition the extension also installs two new special pages to replace the original login/logout special pages. This way the user can choose how he would like to authenticate from the configured methods.
The plugin allows you to
- configure multiple authentication methods in parallel
currently: Shibboleth, SimpleSAMLphp, local, OpenID (in development) - selectively activate/deactivate each method without loosing the configuration
- auto-create local user accounts if authenticated externally, if you like
- send e-mail notification (e.g. about auto-created users) to a specified e-mail address
- completely forbid local authentication, if you like
- configure a redirect to a corporate logout page after MW logout
If you make the log/ directory writeable the extension also provides a debug.log file to help you identify possible errors.
[edit] Download instructions
Download is available directly via our SVN repository at BerliOS using the following command
svn checkout http://svn.berlios.de/svnroot/repos/multiauth/trunk
[edit] Installation
The 'MultiAuthPlugin/' folder should be placed under the 'wiki/extensions/' directory.
The plugin can be activated by putting the following lines at the _end_ of the LocalSettings.php
if (!$wgCommandLineMode) { # extension includes require_once("extensions/MultiAuthPlugin/MultiAuthPlugin.php"); }
To activate the debug log capability you have to make the 'log/' directory writeable by the web server and create a 'log/debug.log' file - also writeable by the web server.
[edit] Configuration parameters
The config.php file holds all confguration parameters and is well-documented.
