Talk:Authentication

A suggestion to divide the Authentication article into the following sections: =Types of Authentication=

Self Service(default)
Mediawiki enables users to create and administer their own profiles for authentication

Embedded Authentication
Most commonly known as LDAP Authentication but includes any solution whereby Mediawiki gathers user's input then actively requests data from some external database of user information. However the user doesn't leave the Mediawiki User Interface. Such solutions include:
 * LDAP Authentication: by Ryan Lane
 * Web server Authentication, and PHP/Pear::Auth. that solves the problem with LDAP authentication because if your webserver can LDAP/PAM whatever : by Bill Clark

External Authentication (passive)
To access any Mediawiki page, the user has already been Authenticated, either by some Network Single Sign-on (SSO) technology or by Network Login such as Active Directory. Authenticated user data is available to mediawiki extensions, such as Apache Remote_User, SSO header variables or other session cookies (no datatable lookups). A common feature to passive external authentication is auto-creation of user profiles. Solutions include:


 * Apache Basic Auth for those looking to use an existing basic-auth in conjunction with MediaWiki.
 * Auto Login via REMOTE USER for transparent authentication using Apache's REMOTE_USER variable. (e.g. useful for pages protected by .htaccess) This has also been hacked to work with Windows IIS 6.0(non-Apache) to provide external authentication using Oracle Core ID (Netpoint Oblix) Single Sign-on.

External Authentication (active)
Anonymous (unauthenticated) user can view all (or most) Mediawiki pages. However the user must actively initiate external authentication. Initiation may be clicking 'Login' or choosing any page with the the word 'action' in the query string or some other trigger. Authenticated user data, such as Apache Remote_User, SSO header variables or other session cookies (no datatable lookups), is available to mediawiki extensions which login or create userprofiles.
 * http://wiki.case.edu/CaseWiki:External_Authentication. --IndyGreg 18:51, 29 July 2005
 * https://ow.feide.no/simplesamlphp:mediawiki explains how simpleSAMLphp can be integrated in order to provide SAML, Shibboleth, OpenID and other protocols. In this post on GoogleGroups you can find the community of early adopters.

=Authentication Roadmap for Mediawiki=

=Technical Discussion= My wiki is on an intranet and only available to school students who have already gained access to our windows network. (The wiki server is running Ubuntu). I can easily grab the student's windows login name and pass it as a parameter when they click the web URL to the wiki. What I'd like to do - it sounds easy ! - is to open the wiki with this login name, so that any edits etc done by the students reflect their windows login -- Chris Blake

Anti-Spam
OpenID, LDAP, and such I would like to see for 'authenticated' users, but there should also be some sort of challange system for anonymous users so that bots can't get in and scrub up the place -- like the picture thing when you sign up for an e-mail account.

Multi-Wiki sharing One Members Table
Anyone tried or have an idea how to implement a multi-wiki shared members table?

I have a few independent wikis that are at some point related to each other. I want to avoid the users from re-registering for every wiki. Is there a way to make all the other wikis use the main-wiki's members table? And with that, when they try to register from one wiki, they will be redirected to the main-wiki.

Thanks!

202.57.110.166 05:10, 25 January 2007 (UTC)JCuneta Laibeus@Laibcoms.com