Extension talk:SSL authentication

&raquo; Archive (early 2011 and earlier)

How to have both SSL and ordinary logins?
Hello --

Thanks to the developers for creating such a fantastic extension. I am running a wiki on a university where I'd like to automatically allow everyone in the university to view the wiki and make anonymous edits without having to register. But, I'd like to also specific people who are not part of the university (and therefore don't have SSL certificates) to make edits and view if they have a user name.

Does anyone know a way to do this? I know @johnp mentioned something, but I wasn't sure I understood it or if the advice was applicable.

Thanks in advance, Dc321 22:05, 9 September 2011 (UTC)

Underscores in usernames
I am running MW 1.11.2 and the plugin version for that rev. I am having a problem with users that have an underscore in their username. They get various errors when they attempt to log in. Evidently, this is a common issue with any external auth module for MW. Here's what happens when they attempt to log in. I realize I probably just need to undo the automatic changing of the underscore to a space - somewhere, but where exactly?

Initial entry:

Detected bug in an extension! Hook SSLAuth failed to return a value; should return true to continue hook processing or false to abort.

Backtrace:


 * 1) 0 /var/www/sfsintranet/includes/StubObject.php(131): wfRunHooks('AutoAuthenticat...', Array)
 * 2) 1 /var/www/sfsintranet/includes/StubObject.php(57): StubUser->_newObject
 * 3) 2 /var/www/sfsintranet/includes/StubObject.php(31): StubObject->_unstub('isAllowed', 5)
 * 4) 3 /var/www/sfsintranet/includes/StubObject.php(122): StubObject->_call('isAllowed', Array)
 * 5) 4 [internal function]: StubUser->__call('isAllowed', Array)
 * 6) 5 /var/www/sfsintranet/includes/Title.php(1269): StubUser->isAllowed('read')
 * 7) 6 /var/www/sfsintranet/includes/Wiki.php(133): Title->userCanRead
 * 8) 7 /var/www/sfsintranet/includes/Wiki.php(43): MediaWiki->preliminaryChecks(Object(Title), Object(OutputPage), Object(WebRequest))
 * 9) 8 /var/www/sfsintranet/index.php(89): MediaWiki->initialize(Object(Title), Object(OutputPage), Object(User), Object(WebRequest))
 * 10) 9 {main}

Subsequent entry attempts:

A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was: (SQL query hidden) from within function "User::addToDatabase". MySQL returned error "1062: Duplicate entry 'Mj_p' for key 2 (localhost)".

hiding logout button slightly broken with MW-1.19
I've just installed mediawiki-1.19.0beta1 and added the 1.19 version of SSLAuthPlugin.php. End result: working well except that the logout button has been replaced with "AMPlt;0AMPgt;" (I replaced the ampersands with AMP as I don't know what would happen to them in this editor).

Must be a slight bug in something? Also, MW still asks to confirm the email address - can the code also take that into account? i.e. a cert with an email address should be treated as validated?

Thanks - this was VERY easy to get up and running!

Jason

--Paran7 (talk) 21:52, 23 March 2012 (UTC)
 * The logout link problem exists with 1.18 as well. The problem is that the logout url is set to null rather than being removed. The following patch fixed the problem for me:


 * Would be great if somebody else could test this. If it works then I guess I should just change the code in the main article.

how to map USER_PRINCIPAL_NAME under X509_EXTENSION with AD - UserPrincipalName attribute
I am able to implement this extension. After that, I need to map USER_PRINCIPAL_NAME to AD UserPrincipalName to get more data back from Active Directory. Do you have some example code I could reference?

I have been searched about this issues for a while
======= only to find the PHP Bug #60388 about openssl_x509_parse extensions=>subjectAltName. If you are able to find any workaround, I would love to learn how..