Extension:Auth remoteuser

Automatically logs-in users if they are already authenticated by an arbitrary remote source. This allows integration with the web server's built-in authentication system (for example via the  environment variable, which is set through HTTP-Auth, LDAP, CAS, PAM, etc.) or any other type of external authentication (SSL auth, user accounts provided by different forum software, etc.). The extension maps the given remote user name to an existing user name in the local wiki database (or creates it first if it has the permissions to do so). The external source takes total responsibility in authenticating that user.

Compatibility
If you are using MediaWiki  or below, you need a version of Auth_remoteuser prior. See the legacy documentation in this case.

Configuration
Take account of MediaWikis global permissions for account creation ( or  ) inside your. At least one of them must be  for anonymous users to let this extension create accounts for users as of yet unknown to the wiki database. If you set this to, then automatic login works only for users who have a wiki account already.

Examples:



Parameters
Add some of the following global variables to your  to adjust the extensions behaviour to your specific needs. Default values for each global are marked with the " " comment in the examples section.

Provided hooks
When you need to process your remote user name before it can be used as an identifier into the wiki user list, for example to strip a Kerberos principal from the end, replacing invalid characters, or blacklisting some names, use the hook  provided by this extension. Just have a look at MediaWikis Hook documentation on how to register additional functions to this hook. It provides as first parameter the remote user name by reference to the hook function. If the function returns, the remote user name will be ignored for automatic login. (See parameters,   or   for predefined filters which utilizing this hook.)

Apache
Setup your web server's authentication system so that the username is put in the REMOTE_USER environment variable. How this is done will depend on what authentication system you are using. For HTTP authentication, you might setup an .htaccess file as follows (consult the Apache documentation for details):

You can also use mod_auth_ldap, mod_auth_cas, mod_auth_pam, or any other authentication system that works with REMOTE_USER. Once you have verified that the REMOTE_USER environment variable is being set to the proper username, continue with installation. You can use phpinfo to check the contents of REMOTE_USER.

IIS
Depending on your version of Internet Information Services (IIS) Manager, your navigation may be slightly different. The instructions below are specified for a corporate server running IIS v7.5 on Windows Server 2008 R2 Enterprise. (Trust me, I wanted Linux and Apache but IT wont allow it)

To enable simple authentication navigate to the following paths.
 * 1) IIS
 * 2) (Server Name) > Sites > Default Web Site
 * 3) From "Features View" double click, "Authentication"
 * 4) Disable - "Anonymous Authentication"
 * 5) Enable - "Windows Authentication"  (HTTP 401 Challenge)

How It Works
When the user first hits the wiki, the web server authenticates the user and sets the REMOTE_USER variable. The MediaWiki code is then invoked. At the end of Setup.php, before any real processing begins, the extension's hook is called. This code depends primarily on the fact that user is always authenticated by the web server prior to any MediaWiki code being executed.

If the user already has an existing, valid MediaWiki session and account, the hook takes no further action. MediaWiki already has what it needs.

If the user has an existing valid MediaWiki account, but not a session, the hook simply ensures that MediaWiki uses the username in REMOTE_USER in creating a session, cookies, etc, and takes no further action.

If the user has not created an account, the hook uses MediaWiki's initUser function to create an account, and sets various default user-options. See the hook's initUser function to change these default options. The hook then issues a Location directive to the browser, using the same URL that was called. When the browser reloads, the user account has been created, a session is now created, and MediaWiki behaves as normal.

Backups
If your backups don't work, try setting the REMOTE_USER environment variable manually: