Extension:MultiAuthPlugin

Introduction
At the Regional Computing Centre Erlangen (RRZE) we use MediaWiki in many projects for documentation and publication purposes.

With the development of a Single Sign On infrastructure based on SimpleSAMLphp and Shibboleth we needed to make MediaWiki SSO capable in a flexible and easily configurable way. We are aware that there are already extensions out there providing simple SSO capabilities, but we wanted more.

So we started developing the MediaWiki MultiAuthPlugin with the goal to provide a single plugin to manage all possible authentication scenarios with one single extension -- for example local authentication via original MediaWiki login dialog (as fallback), SSO via Shibboleth, SSO via SimpleSAMLphp, and so on (to be extended).

Features
The MultiAuthPlugin hacks into MW's UserLoadFromSession Hook and replaces the global $wgAuth authentication instance to take complete control of the user authentication.

In addition the extension also installs two new special pages to replace the original login/logout special pages. This way the user can choose how he would like to authenticate from the configured methods.

The plugin allows you to
 * configure multiple authentication methods in parallel currently: Shibboleth, SimpleSAMLphp, local, OpenID (in development)
 * selectively activate/deactivate each method without loosing the configuration
 * auto-create local user accounts if authenticated externally, if you like
 * send e-mail notification (e.g. about auto-created users) to a specified e-mail address
 * completely forbid local authentication, if you like
 * configure a redirect to a corporate logout page after MW logout

If you make the log/ directory writeable the extension also provides a debug.log file to help you identify possible errors.

Usage
The 'MultiAuthPlugin/' folder should be placed under the 'wiki/extensions/' directory.

The plugin can be activated by putting the following lines at the _end_ of the 'wiki/LocalSettings.php'

To activate the debug log capability you have to make the 'log/' directory writeable by the web server and create a 'log/debug.log' file - also writeable by the web server.

Download instructions
Download is available via the MultiAuth project page hosted at BerliOS.

Installation
To install this extension, add the following to LocalSettings.php:

Configuration parameters
The config.php file holds all confguration parameters and is well-documented.