Extension:CryoKey

The CryoKey extension will add support for CryoKey credentials if the user has them and the server recognizes them.

Installation
Unpack cryokey.php from the tarball and copy it to the extensions directory in MediaWiki. Then add the following code to your LocalSettings.php (at the bottom):

require_once( "$IP/extensions/cryokey.php" );

Verify the installation by checking Special:Version on your wiki.

Before you can use the extension, your web server must recognize the CryoKey CA certificate found in https://www.cryokey.com/ca.pem. After you download the CA certificate, configure your webserver to load it. For example, in Apache, add the following line in your MediaWiki  section (or Apache's global SSL configuration):

SSLCACertificateFile [path to CryoKey's CA Certificate]

Then, for your MediaWiki directory, you must configure Apache using:

SSLVerifyClient optional SSLVerifyDepth 1  SSLOptions +StdEnvVars 

You can put those lines in the global SSL configuration, a  section, a   section, or even a .htaccess file (if you configured Apache using   for your MediaWiki directory). Note that the configuration will not work with Safari, which does not recognize. If a user with Safari connects, he will go through the normal username and password flow.

By default, the extension searches for a user with a matching E-Mail address. If no users match, it falls back to the standard authentication flow. If you set  to , then the extension will automatically try to register a new user using the E-Mail address found in the CryoKey credentials attached to a random username and password.

To get an idea of how CryoKey works in MediaWiki, first acquire CryoKey credentials, then try to log in to the test wiki at


 * https://www.authenticade.com/wiki