Extension:Plexcel

=Plexcel MediaWiki Plugin=

The Plexcel MediaWiki Plugin seamlessly adds Active Directory authentication to MediaWiki. This plugin has the following features.


 * Active Directory Single Sign-On (SSO)
 * User Information Populated from Active Directory
 * Explicit Login with Username and Password
 * Automatic Directory Location
 * No setup on Windows side required
 * Superior Security of Kerberos
 * Internationalization (I18N)

Authentication
The Plexcel MediaWiki Plugin can authenticate clients against Active Directory using Single Sign-On (SSO) or by explicit login using the standard login form.

The default behavior is to authenticate clients using SSO. Users will not need to repeatedly enter their username and password. Just visiting the site will trigger the browser to automatically authenticate the client and pass the user's information to the web server.

Alternatively they may also use the standard login form. If the client does not support SSO (e.g. because they are not logged into the domain) authentication will fall-back to the login form.

Automatic Directory Location
Plexcel will automatically locate AD servers. No configuration of the Plexcel module is necessary. If you have multiple AD servers, Plexcel will load balance between them (unless DNS is configured to do otherwise).

Easy Installation
Plexcel comes with an easy to use installer that will locate your AD server, create the necessary HTTP service account and set it's password. After restarting Apache, just copy the PlexcelAuth directory into the MediaWiki extensions directory and add four lines to a file. No modifications on the Windows side are necessary. Installation takes only a few minutes.

=Installation=

Requirements
The following requirements must be satisfied for the Plexcel MediaWiki extension to work. For detailed Plexcel requirements and installation instructions please see the Plexcel Operator's Manual on the IOPLEX Software Support page.
 * MediaWiki 1.9.3 or newer (older versions should work but they have not been tested)
 * The Plexcel PHP extension also from IOPLEX Software. Plexcel has the following requirements.
 * Linux on 32 bit x86
 * PHP 4, 5.0, 5.1 or 5.2
 * Browsers that support Kerberos SSO (e.g. Internet Explorer)
 * Operator must have sufficient AD privileges to create the HTTP service account
 * Linux web server must have valid entires in DNS
 * Apache must run in a UTF-8 locale to support internationalized text
 * Time and date differences on all machines must nominal (usually within 5 minutes)

Install Prerequisites
Install Apache, PHP and any other prerequisites for MediaWiki. These packages should be installable from yourpackage manager (e.g. yum on Red Hat Linux, apt-get on Ubuntu, etc). Install Plexcel. See the Plexcel Operator's Manual for details. Install MediaWiki.

Install the Extension
Download the plexcel-mediawiki-1.0.0.tar.gz file. Unpack the file and copy the PlexcelAuth directory into the MediaWiki extensions directory. This procedure is illustrated by the example command dialog below:

$ wget http://www.ioplex.com/d/plexcel-mediawiki-1.0.0.tar.gz $ tar -xvzf plexcel-mediawiki-1.0.0.tar.gz $ cp -a plexcel-mediawiki-1.0.0/PlexcelAuth mediawiki-1.9.3/extensions

Modifying includes/Setup.php
Because Kerberos Single Sign-On over HTTP requires intercepting HTTP requests at an early stage but after the account management infrastructure has been initialized, the PlexcelAuth plugin must be initialized and invoked at a very specific location in the MediaWiki file includes/Setup.php.

IMPORTANT: Before you begin, backup your includes/Setup.php file with a command like:

$ cd mediawiki-1.9.3/includes $ cp Setup.php Setup.php.orig

Modify your includes/Setup.php around line 170 to look like the below listing. The four bold lines shown below are the new lines that must be added to the file. They must immediately follow the $wgUser = new StubUser; statement.

$wgContLang = new StubContLang; $wgUser = new StubUser;

require_once('extensions/PlexcelAuth/PlexcelAuth.php'); $wgAuth = new PlexcelAuth; $wgAuth->authenticateSso;
 * 1) The below 3 lines are required for Plexcel Single Sign-On

$wgLang = new StubUserLang; $wgOut = new StubObject( 'wgOut', 'OutputPage' );

These four lines may also be read from the file plexcel-mediawiki-1.0.0/Setup.php.mod.

The plugin should now be fully functional. Try visiting a page with a suitable Kerberos enabled browser. The user should automatically login. Try clicking “log out” and manually enter alternative credentials. Then logout again and click on any page to resume SSO behavior. If any of this does not work, verify that the Plexcel examples still work and review the Plexcel Operator's Manual if they do not. If the Plexcel examples do not work, the MediaWiki plugin will not work.