Extension talk:SSL authentication

&raquo; Archive (early 2011 and earlier)

hiding logout button slightly broken with MW-1.19
I've just installed mediawiki-1.19.0beta1 and added the 1.19 version of SSLAuthPlugin.php. End result: working well except that the logout button has been replaced with "AMPlt;0AMPgt;" (I replaced the ampersands with AMP as I don't know what would happen to them in this editor).

Must be a slight bug in something? Also, MW still asks to confirm the email address - can the code also take that into account? i.e. a cert with an email address should be treated as validated?

Thanks - this was VERY easy to get up and running!

Jason

--Paran7 (talk) 21:52, 23 March 2012 (UTC)
 * The logout link problem exists with 1.18 as well. The problem is that the logout url is set to null rather than being removed. The following patch fixed the problem for me:


 * Would be great if somebody else could test this. If it works then I guess I should just change the code in the main article.

how to map USER_PRINCIPAL_NAME under X509_EXTENSION with AD - UserPrincipalName attribute
I am able to implement this extension. After that, I need to map USER_PRINCIPAL_NAME to AD UserPrincipalName to get more data back from Active Directory. Do you have some example code I could reference?

I have been searched about this issues for a while
===== ==

only to find the PHP Bug #60388 about openssl_x509_parse extensions=>subjectAltName. If you are able to find any workaround, I would love to learn how..

Problems with SSLRequire apache configuration and email/realname import
Hi,

I´m new in mediawiki, and i´ve used this extension for client register/autentication but i found several problems in configuration:

_First, the line "SSLRequire  %{SSL_CLIENT_S_DN}  =~ m/.*serialNumber= $/" in apache config doesn´t work and i have replaced by tree lines "SSLVerifyClient require/SSLVerifyDepth 2/SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"" and works well, but i don´t understand why doesn´t work the first one and if this configuration is optimal for the extension.

_Second, when i login with my client certificate (which has my own CA), the user is created fine, but the email and the realname aren´t written to the user´s profile.SOLVED, i´ve set ssl_map_info=true

My version of mediawiki is 1.20 and i´ve used "SSLAuthPlugin.php (MW 1.20)"

Can anyone help me with this problems?

Thanks in advance,

Carlos

(apache config) SSLVerifyClient=optional and no user cert present causes (harmless) errors on viewed page
I've discovered that when a user certificate is not presented (when SSLVerifyClient=optional, otherwise SSLVerifyClient=off should never have this extension) then three errors are dumped to any viewed page corresponding to the certificate information extraction lines in LocalSettings.php.

I've added a test for each to determine if the value is not set before using the values.

Liamdennehy (talk) 17:17, 27 July 2014 (UTC)

Compatibility with MW 1.23
When trying to use version 1.1.6 under MediaWiki 1.23, I get the following error: PHP Fatal error: Cannot access protected property LoginForm::$mRemember in /usr/share/mediawiki123/extensions/SSLAuthPlugin.php on line 304 This is the line $lf->mRemember = false; just before calling $lf->initUser. The variable is marked as protected in MediaWiki 1.23. It seems to be the checkbos "Keep me logged in" on the login form. Just removing that line seems to work, and so far I haven't seen any ill issues from doing so.

--NscBellman (talk) 15:15, 17 August 2015 (UTC)