From mediawiki.org
Jump to navigation Jump to search
MediaWiki extensions manual
OOjs UI icon advanced.svg
Release status: unmaintained
Implementation User identity
Description Single Sign On from HISQIS-Portal
Author(s) Hendrik Brummermanntalk
Latest version 0.4 (2008-09-12)
MediaWiki 1.13+
Database changes No
License CC BY / GPL
Download SourceForge
  • $wgAuthQISSingleSignOnSharedSecret
  • $wgAuthQISSingleSignOnService

Check usage and version matrix.

The QISSingleSignOn extensions coordinates user authentication with a HISQIS or HISinOne portal (HISQIS and HISinOne are used by many German universities to offer campus services).


  • Download and place the file(s) in a directory called QISSingleSignOn in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    require_once "$IP/extensions/QISSingleSignOn/QISSingleSignOn.php";
    $wgAuthQISSingleSignOnSharedSecret = 'kahC1oo3pieg6FaekEhou1aipEivae4fe'; // replace with random characters
    $wgAuthQISSingleSignOnService = 'wiki';
    $wgAuth = new QISSingleSignOn();
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Linking the authentication server and MediaWiki[edit]

Create a link to http://example.com/mediawiki/index.php/Main_Page?qisssotoken=1.0/1115814654/wik/schmidt/d1bf93299de1b68e6d382c893bf1215f

In this example Main_Page is the name of the page you want to link to and qissotoken is the authentication token described below.

Details On The Required Token[edit]

The token look lines this (without spaces): 

  1.0   / 1115814654 /   wiki     / schmidt / d1bf93299de1b68e6d382c893bf1215f
version /   time     / service    /  user   /            hash

The second parameter is is the token creation time measured in the number of seconds since the Unix Epoch (0:00:00 January 1, 1970 GMT). 

The third token is the name of the destination service as configured in the $wgAuthQISSingleSignOnService option in your LocalSettings.php. 

The forth token is the user name. 

A shared secret is added to theses parameters and the md5 hash is calculated. This hash is used to verify the the token has not been manipulated or forged. The shared secret is only known to the authentication server and your MediaWiki installation ($wgAuthQISSingleSignOnSharedSecret in LocalSettings.php). Without the knowledge of the shared secret it is impossible to calculate the correct hash.

Please note that the separation of user and hash is not the 4th slash but the last one. (The user name may contain '/'-chars).