Extension:QISSingleSignOn

Purpose
Coordinates user authentication with a HISQIS or HISinOne portal (HISQIS and HISinOne are used by many German universities to offer campus services).

Installation
Copy QISSingleSignOn.php into the extension folder

Add this to your LocalSettings.php: require_once($IP."/extensions/QISSingleSignOn.php"); // replace with random characters $wgAuthQISSingleSignOnSharedSecret = 'kahC1oo3pieg6FaekEhou1aipEivae4fe'; $wgAuthQISSingleSignOnService = 'wiki'; $wgAuth = new QISSingleSignOn;

MediaWiki 1.6 and newer
Create a link to http://example.com/mediawiki/index.php/Main_Page?qisssotoken=1.0/1115814654/wik/schmidt/d1bf93299de1b68e6d382c893bf1215f

In this example Main_Page is the name of the page you want to link to and qissotoken is the authentication token described below.

MediaWiki 1.3 - 1.5
The authentication server has to create a token for MediaWiki and transmit it as "password" action="/mediawiki/index.php?title=Spezial:Userlogin&action=submit&returnto=Main_Page"wpLoginattempt=Anmelden wpName=username wpPassword=1.0/1115814654/wik/schmidt/d1bf93299de1b68e6d382c893bf1215f You must put this variables into a hidden form because MediaWiki will only accept POST-requests. This form can be triggered automatically by JavaScript: 

Details On The Required Token
The token look lines this (without spaces): 1.0   / 1115814654 /   wiki     / schmidt / d1bf93299de1b68e6d382c893bf1215f version /   time     / service    /  user   /            hash The second parameter is is the token creation time measured in the number of seconds since the Unix Epoch (0:00:00 January 1, 1970 GMT).

The third token is the name of the destination service as configured in the $wgAuthQISSingleSignOnService option in your LocalSettings.php.

The forth token is the user name.

A shared secret is added to theses parameters and the md5 hash is calculated. This hash is used to verify the the token has not been manipulated or forged. The shared secret is only known to the authentication server and your MediaWiki installation ($wgAuthQISSingleSignOnSharedSecret in LocalSettings.php). Without the knowledge of the shared secret it is impossible to calculate the correct hash.

Please note that the separation of user and hash is not the 4th slash but the last one. (The user name may contain '/'-chars).

Weblinks

 * Download the most recent version
 * Git-Repository