From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.png

Release status:Extension status unmaintained

ImplementationTemplate:Extension#type User identity
DescriptionTemplate:Extension#description single plugin to manage all possible authentication scenarios
Author(s)Template:Extension#username Florian Löffler, RRZE (unrza249talk)
Latest versionTemplate:Extension#version 1.4.0
MediaWikiTemplate:Extension#mediawiki Verified with v1.13.4, v1.15.1. Does not work in 1.24.
LicenseTemplate:Extension#license GPLv3
Download https://github.com/movermeyer/multiauth
authentication, sso, shibboleth, simplesamlphp
Hooks usedTemplate:Extension#hook

Translate the MultiAuthPlugin extension if it is available at translatewiki.net

Check usage and version matrix.


At the Regional Computing Centre Erlangen (RRZE) we use MediaWiki in many projects for documentation and publication purposes.

With the development of a Single Sign On infrastructure based on SimpleSAMLphp and Shibboleth we needed to make MediaWiki SSO capable in a flexible and easily configurable way. We are aware that there are already extensions out there providing simple SSO capabilities, but we wanted more.

So we started developing the MediaWiki MultiAuthPlugin with the goal to provide a single plugin to manage all possible authentication scenarios with one single extension -- for example local authentication via original MediaWiki login dialog (as fallback), SSO via Shibboleth, SSO via SimpleSAMLphp, and so on (to be extended).


The MultiAuthPlugin hacks into MW's UserLoadFromSession Hook and replaces the global $wgAuth authentication instance to take complete control of the user authentication.

In addition the extension also installs two new special pages to replace the original login/logout special pages. This way the user can choose how he would like to authenticate from the configured methods.

The plugin allows you to

  • configure multiple authentication methods in parallel
    currently: Shibboleth, SimpleSAMLphp, local, OpenID (in development)
  • selectively activate/deactivate each method without losing the configuration
  • auto-create local user accounts if authenticated externally, if you like
  • send e-mail notification (e.g. about auto-created users) to a specified e-mail address
  • completely forbid local authentication, if you like
  • configure a redirect to a corporate logout page after MW logout

If you make the log/ directory writeable the extension also provides a debug.log file to help you identify possible errors.

Download instructions[edit]

Since the original SVN repository at BerliOS was taken offline, movermeyer has found a copy of the repo on a production machine and uploaded it to his GitHub account.

git clone https://github.com/movermeyer/multiauth


The 'MultiAuthPlugin/' folder should be placed under the 'wiki/extensions/' directory.

The plugin can be activated by putting the following lines at the _end_ of the LocalSettings.php

if (!$wgCommandLineMode) {
    # extension includes

To activate the debug log capability you have to make the 'log/' directory writeable by the web server and create a 'log/debug.log' file - also writeable by the web server.

Configuration parameters[edit]

The config.php file holds all confguration parameters and is well-documented.

See also[edit]