Release status: stable
|Description||Single Sign On from HISQIS-Portal|
|Latest version||0.4 (2008-09-12)|
|License||CC BY / GPL|
|Translate the QISSingleSignOn extension if it is available at translatewiki.net|
|Check usage and version matrix.|
The QISSingleSignOn extensions coordinates user authentication with a HISQIS or HISinOne portal (HISQIS and HISinOne are used by many German universities to offer campus services).
- Download and place the file(s) in a directory called
- Add the following code at the bottom of your LocalSettings.php:
require_once "$IP/extensions/QISSingleSignOn/QISSingleSignOn.php"; $wgAuthQISSingleSignOnSharedSecret = 'kahC1oo3pieg6FaekEhou1aipEivae4fe'; // replace with random characters $wgAuthQISSingleSignOnService = 'wiki'; $wgAuth = new QISSingleSignOn();
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Linking the authentication server and MediaWiki
Create a link to http://example.com/mediawiki/index.php/Main_Page?qisssotoken=1.0/1115814654/wik/schmidt/d1bf93299de1b68e6d382c893bf1215f
In this example Main_Page is the name of the page you want to link to and qissotoken is the authentication token described below.
Details On The Required Token
The token look lines this (without spaces):
1.0 / 1115814654 / wiki / schmidt / d1bf93299de1b68e6d382c893bf1215f version / time / service / user / hash
The second parameter is is the token creation time measured in the number of seconds since the Unix Epoch (0:00:00 January 1, 1970 GMT).
The third token is the name of the destination service as configured in the $wgAuthQISSingleSignOnService option in your LocalSettings.php.
The forth token is the user name.
A shared secret is added to theses parameters and the md5 hash is calculated. This hash is used to verify the the token has not been manipulated or forged. The shared secret is only known to the authentication server and your MediaWiki installation ($wgAuthQISSingleSignOnSharedSecret in LocalSettings.php). Without the knowledge of the shared secret it is impossible to calculate the correct hash.
Please note that the separation of user and hash is not the 4th slash but the last one. (The user name may contain '/'-chars).