Extension:MultiAuthPlugin

From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manual
Crystal Clear action run.png
MultiAuth

Release status: unmaintained

Implementation User identity
Description single plugin to manage all possible authentication scenarios
Author(s) Florian Löffler, RRZE (unrza249talk)
Latest version 1.2.0
MediaWiki All, verified with v1.13.4, v1.15.1
License GPLv3
Download http://svn.berlios.de/svnroot/repos/multiauth
http://multiauth.berlios.de
Tags
authentication, sso, shibboleth, simplesamlphp
Hooks used
PersonalUrls

UserLoadFromSession
UserSetCookies
UserLogout
LanguageGetSpecialPageAliases

Translate the MultiAuthPlugin extension if it is available at translatewiki.net

Check usage and version matrix; code metrics

Introduction[edit | edit source]

At the Regional Computing Centre Erlangen (RRZE) we use MediaWiki in many projects for documentation and publication purposes.

With the development of a Single Sign On infrastructure based on SimpleSAMLphp and Shibboleth we needed to make MediaWiki SSO capable in a flexible and easily configurable way. We are aware that there are already extensions out there providing simple SSO capabilities, but we wanted more.

So we started developing the MediaWiki MultiAuthPlugin with the goal to provide a single plugin to manage all possible authentication scenarios with one single extension -- for example local authentication via original MediaWiki login dialog (as fallback), SSO via Shibboleth, SSO via SimpleSAMLphp, and so on (to be extended).

Features[edit | edit source]

The MultiAuthPlugin hacks into MW's UserLoadFromSession Hook and replaces the global $wgAuth authentication instance to take complete control of the user authentication.

In addition the extension also installs two new special pages to replace the original login/logout special pages. This way the user can choose how he would like to authenticate from the configured methods.

The plugin allows you to

  • configure multiple authentication methods in parallel
    currently: Shibboleth, SimpleSAMLphp, local, OpenID (in development)
  • selectively activate/deactivate each method without losing the configuration
  • auto-create local user accounts if authenticated externally, if you like
  • send e-mail notification (e.g. about auto-created users) to a specified e-mail address
  • completely forbid local authentication, if you like
  • configure a redirect to a corporate logout page after MW logout


If you make the log/ directory writeable the extension also provides a debug.log file to help you identify possible errors.

Download instructions[edit | edit source]

Download is available directly via our SVN repository at BerliOS using the following command

svn checkout http://svn.berlios.de/svnroot/repos/multiauth/trunk


Installation[edit | edit source]

The 'MultiAuthPlugin/' folder should be placed under the 'wiki/extensions/' directory.

The plugin can be activated by putting the following lines at the _end_ of the LocalSettings.php

if (!$wgCommandLineMode) {
    # extension includes
    require_once("extensions/MultiAuthPlugin/MultiAuthPlugin.php");
}

To activate the debug log capability you have to make the 'log/' directory writeable by the web server and create a 'log/debug.log' file - also writeable by the web server.


Configuration parameters[edit | edit source]

The config.php file holds all confguration parameters and is well-documented.

See also[edit | edit source]

MultiAuth project page

SimpleSAMLphp

Shibboleth