Extension talk:AutomaticREMOTE USER
From MediaWiki.org
If you have errors, please check http://meta.wikimedia.org/wiki/User_talk:Otheus/Auto_Login_via_REMOTE_USER for potential solution.
Mediawiki 1.9.3 would not automatically create users until I changed setPassword() and allowPasswordChange() to return true.
Sciurus 18:20, 27 April 2007 (UTC)
[edit] $_SERVER['REDIRECT_REMOTE_USER']
Seemed to work under 1.12pre, once I added near the top of Auth_remoteuser.php:
if (!isset($_SERVER['REMOTE_USER'])) $_SERVER['REMOTE_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
Jlerner 00:55, 11 December 2007 (UTC)
[edit] How does the extension know who to login?
I like this program and think it could be used very well with my website. We have a PHPBB forum and a localized login script for that on our site. What I would like is for users who login using the localized form to automatically be logged into PHPBB AND the wiki. However I am confused as to where the users login info fits into all of this? Any help will be appreciated. Thanks :P
[edit] Auto login locally?
Hi, I want to implement a Wiki internally at the company I work for and an auto-login function would be very welcome. We're using WinXP machines on DNS and would like a way to automatically pass across winodws credentials of users retrieving any details needed from AD. Is this possible and if so how would I go about doing it? Bear in mind that it is not public facing so convenience can come before security here.
- You're looking for "Single Signon" functionality. If your web server can provide this - then this extension will use the authentication info from the server to log you into the wiki. This extension would be part of your solution... but there may be other options available.
- Although i am using my own extension, this might be helpful. I am using LDAP to fill in the Real Name and Mail fields. Still if i want users to authenticate against NTLM (SSPI) i either have to save their password as their wiki password, to fill the user prefs or i need to have a dummy query user for calling LDAP. I am still not sure which solution is better. Passwords may change and a global user is a potential security risk.
[edit] Apache, Windows and mod_auth_sspi
If you are using this extension with Apache on Windows, and are using mod_auth_sspi to populate REMOTE_USER, make sure that you use 1.0.3 of the module and not 1.0.4. The later version strips POSTed information.
[edit] Cached Pages showing wrong user name
I had to turn off the server side cache to make this work properly with 1.9.3. Otherwise the user name shown at the top of the screen would sometimes be correct, and sometimes show the previous user's name, if the previous user had accessed the given page. This doesn't happen with normal user logout/login, so I assume it is to do with the AutomaticREMOTE_USER logout/login cycle. When I try to edit a page showing the wrong user name, (and the previous user hasn't tried to edit it also), the the correct user name shows on the edit page. Disabling the cache probably isn't the best solution. Any clues?
[edit] login problems with wrong REMOTE_USER
The plugin doesnt work on our system (IIS 6, Win2k3 AD, MW 1.13.2). It changed REMOTE_USER from foo_bar\username to foo bar\username. After removing foo_bar\ from username by substr($_SERVER['REMOTE_USER'],10) it works fine for us.
[edit] SunAM Authentication and authorization
I'm using the extension with Mediawiki 1.15.1 and Apache 2.2.11 with SunAM authentication.
[edit] Problems with name normalization and patch
For Mediawiki 0.13 (and above, I presume), I found I needed to do the following to allow users with underscores in their name to login:
--- remoteuser.php.orig 2009-09-14 11:41:25.000000000 -0400
+++ remoteuser.php 2009-09-14 11:39:21.000000000 -0400
@@ -229,7 +229,8 @@
return false;
return isset($_SERVER['REMOTE_USER']) &&
- (strtolower($username) == strtolower($_SERVER['REMOTE_USER']));
+ (strtolower($username) ==
+ strtolower(User::getCanonicalName($_SERVER['REMOTE_USER'])));
}
/**
