From MediaWiki.org

[edit] Problem (MW 1.13) - How can I disable automatic user account creation?

I've disabled account creation except by sysops using the setting:

$wgGroupPermissions['*']['createaccount'] = false;

Using the ShibAuthPlugin though, anyone logging in using this feature automatically gets a local account created. Is there any way to get the plugin to adhere to the $wgGroupPermissions['*']['createaccount'] = false setting? Or is there any other way to stop the shibauthplugin from automatically creating the account?

Matt - October 8, 2008

Hi Matt,

I see 2 possible (altough both untested) options:

make the autoCreate function return false
Take a look at the if-construction below 'Is the user already in the database?'. Add an else case that returns false.

--Stevel 09:27, 10 November 2008 (UTC)

[edit] MW 1.3: Add user->setupsession()

I too had the session problem...wish I would have read the discussion page first. Adding

 $user->setupSession();

Fixes the problem

[edit] Problems with MW 1.13

I have problems after upgrading to MW 1.13

User.php requires a session_start() at line 2111, if session hasn't been started. (I'm not sure, what goes wrong there)
SpecialUserlogin.php has been moved to specials/ directory
LoginForm->initUser requires a second (boolean) parameter, that's just a warning.
On a new user login (which should result in automatic account creation) I get the following error: "1048: Column 'user_password' cannot be null". And indeed, User->mPassword is not set, nor are other fields (mNewpassword, mToken, etc). I can not circumvent that last one easily, so I'd appreciate your help.

--Bajnokk 12:20, 30 August 2008 (UTC)

I've made some changes to the extension to address the problems you described. Only about the session_start problem I don't know what's happening. --Stevel 14:19, 1 September 2008 (UTC)

Something is still wrong with automatic user creation. Now it tries to add the new user twice, the result is "Duplicate entry" (it seems that the users' session isn't started properly after creation and it tries to add him again)

About the first (session_start) problem: I still get a PHP fatal error after login (Notice: Undefined variable: _SESSION in includes/User.php on line 2111;Fatal error: Unsupported operand types in includes/User.php on line 2111) I can only get through if I add an if(!isset($_SESSION)) session_start; there, but it clearly isn't the solution. Session should be started before, or maybe I have wrong configuration? It might be the cause of other problems as well, don't know. Thanks!

Fix for "Duplicate entry" error: capitalize the first char of the username in LocalSettings.php:

 $shib_UN = ucfirst(strtolower($_SERVER['HTTP_EMAIL']));

The problem is that MW 1.13 does not capitalize that char automatically when saving the new user but when checking if user exists, sql query is made with capitalized first char and so MW tries to save new user with existing username.

[edit] Possible fix for the session error

Thanks for this wonderful extension. I don't use it, but I do make heavy use of the SSLAuthPlugin extension that's based on this one.

I recently updated the SSL auth extension for MW 1.13, using the 1.13-specific changes in the Shibboleth extension as a reference. I, too, was encountering the session problem described by Bajnokk in the SSL auth plugin. After debugging for awhile, I think I've found the problem. The new user path calls setupSession before calling setCookies, but the existing user path doesn't. You can fix this problem in the Shibboleth extension by adding the following line just before line 353:

$user->setupSession();

--Dhess 04:51, 18 September 2008 (UTC)

[edit] update for mediawiki 1.11

(code deleted because not needed anymore) "return true;" added in function SSOLinkAdd

[edit] Ammended patch file for MW 1.11.2

Thanks(!) for Peter Jacobs for the patch. However it did not work for me out of the box. So I fixed the patch (BringBackAA function really) and am including patch instructions below:

[edit] Install Patch

Create a file called ShibAuthPlugin.patch in your extensions folder.
Copy and paste the code below into it.
Make a backup of ShibAuthPlugin.php
Patch the extension

cd extensions
vi ShibAuthPlugin.patch \\ copy and paste code
cp ShibAuthPlugin.php ShibAuthPlugin.php.bak
patch ShibAuthPlugin.php ShibAuthPlugin.patch

If you need to reverse the patch, just type patch -R ShibAuthPlugin.php ShibAuthPlugin.patch

[edit] Patch

--- ShibAuthPlugin.php.orig	2008-03-06 15:02:25.000000000 -0500
+++ ShibAuthPlugin.php.new	2008-03-06 15:17:53.000000000 -0500
@@ -275,7 +275,7 @@ function SSOLinkAdd(&$personal_urls, $ti
        if (! isset($shib_Https))
                $shib_Https = false;
        $pageurl = $title->getLocalUrl();
- 
+
        if (!isset($shib_LoginHint))
                $shib_LoginHint = "Login via Single Sign-on";

@@ -285,6 +285,7 @@ function SSOLinkAdd(&$personal_urls, $ti
                        $shib_AssertionConsumerServiceURL . "/WAYF/" . $shib_WAYF .
                        '?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
                        '://' . $_SERVER['HTTP_HOST'] . $pageurl, );
+		return true;
}

/* Kill logout link */
@@ -301,6 +302,7 @@ function SSOActive(&$personal_urls, $tit

        if($shib_RN && $shib_map_info)
                $personal_urls['userpage']['text'] = $shib_RN;
+	return true;
}

/* Tries to be magical about when to log in users and when not to. */
@@ -329,7 +331,7 @@ function AutoAuth(&$user)
        if($user->isLoggedIn())
        {
                BringBackAA();
-                return;
+                return true;
        }

        //Is the user already in the database?
@@ -342,12 +344,11 @@ function AutoAuth(&$user)
                $shib_map_info = $smi;
                $user->SetupSession();
                $user->setCookies();
-                return;
+                return true;
        }

        //Place the hook back (Not strictly necessarily MW Ver >= 1.9)
-        BringBackAA();
- 
+        #BringBackAA();
        //Okay, kick this up a notch then...
        $user->setName($wgContLang->ucfirst($shib_UN));

@@ -382,8 +383,7 @@ function AutoAuth(&$user)
        $lf = new LoginForm($wgRequest);

        //Place the hook back (Not strictly necessarily MW Ver >= 1.9)
-        BringBackAA();
- 
+        #BringBackAA();
        //And now we clean up our hack
        if($wgLangUnset == true)
        {
@@ -397,7 +397,7 @@ function AutoAuth(&$user)

        //Now we _do_ the black magic
        $lf->mRemember = false;
-        $lf->initUser($user);
+        $lf->initUser($user,true);

        //Stop pretending now
        $shib_pretend = false;
@@ -418,5 +418,6 @@ function BringBackAA()
            if($value == 'BringBackAA')
                $wgHooks['AutoAuthenticate'][$key] = 'AutoAuth';
        }
+	return true;
}
?>

--Jonauman 20:59, 6 March 2008 (UTC)

Extension talk:Shibboleth Authentication

From MediaWiki.org

Contents

[edit] Problem (MW 1.13) - How can I disable automatic user account creation?

[edit] MW 1.3: Add user->setupsession()

[edit] Problems with MW 1.13

[edit] Possible fix for the session error

[edit] update for mediawiki 1.11

[edit] Ammended patch file for MW 1.11.2

[edit] Install Patch

[edit] Patch

Views

Personal tools

Site

Download

Search

Support

Development

Communication

Toolbox