Extension:Auth remoteuser

Automatically logs-in users if they are already authenticated by an arbitrary remote source. The extension maps the given remote user name to an existing user name in the local wiki database (or creates it first if it has the permissions to do so). The external source takes total responsibility in authenticating that user.

This allows integration with the web server's built-in authentication system (for example via the  environment variable, which is set through HTTP-Auth, LDAP, CAS, PAM, etc.) or any other type of external authentication (SSL client auth, user accounts provided by different forum software, etc.).

Compatibility
If you are using MediaWiki  or below, you need a version of Auth_remoteuser prior. See the legacy documentation in this case.

Configuration
Take account of MediaWikis global permissions for account creation ( or  ) inside your. At least one of them must be  for anonymous users to let this extension create accounts for users as of yet unknown to the wiki database. If you set this to, then automatic login works only for users who have a wiki account already.

Examples:



Parameters
Add some of the following global variables to your  to adjust the extensions behaviour to your specific needs. Default values for each global are marked with the " " comment in the examples section.

Legacy parameters
You can still use all legacy parameters from versions prior, but their usage is deprecated in favour of the new parameters:

Provided hooks
When you need to process your remote user name before it can be used as an identifier into the wiki user list, for example to strip a Kerberos principal from the end, replacing invalid characters, or blacklisting some names, use the hook  provided by this extension. Just have a look at MediaWikis Hook documentation on how to register additional functions to this hook. It provides as first parameter the remote user name by reference to the hook function. If the function returns, the remote user name will be ignored for automatic login. (See parameters,   or   for predefined filters which utilizing this hook.)

Setup environment variable
This environment variable can be set by many different authentication systems and the configuration of these is heavily dependent on which one you are using. You can always use  to check the contents of   and to troubleshoot your setup. What follows are examples of different webserver environments and how to put a username into this environment variable.

Apache
Consult the Apache documentation for details. You can use,  ,  ,  ,   or any other authentication module that utilizes. Once you have verified that the  environment variable is being set to the proper username, continue with installation/configuration of the extension. Some examples:
 * For simple HTTP authentication add this :
 * The  environment variable is getting evaluated by default from the extension, so the following code is all you need in your  :
 * Setup HTTP SPNEGO with Vintella/Quest Authentication Services for your heterogeneous network, using :
 * Now the  environment variable contains the full principal name, so remove the realm from the username inside your   with:
 * Setup HTTP SPNEGO with Vintella/Quest Authentication Services for your heterogeneous network, using :
 * Now the  environment variable contains the full principal name, so remove the realm from the username inside your   with:
 * Now the  environment variable contains the full principal name, so remove the realm from the username inside your   with:

IIS
Depending on your version of Internet Information Services (IIS) Manager, your navigation may be slightly different. The instructions below are specified for a corporate server running IIS v7.5 on Windows Server 2008 R2 Enterprise. (Trust me, I wanted Linux and Apache but IT wont allow it)

To enable simple authentication navigate to the following paths.
 * 1) IIS
 * 2) (Server Name) > Sites > Default Web Site
 * 3) From "Features View" double click, "Authentication"
 * 4) Disable - "Anonymous Authentication"
 * 5) Enable - "Windows Authentication"  (HTTP 401 Challenge)