Extension talk:QISSingleSignOn/Archive

Congratulations, this is excellent work -- it's a cleaner implementation that the one I've been working on. I will be stealing lots of your ideas, for sure!

Of course, I have questions:

It isn't clear to me how the authentication server is called. If an unathenticated user clicks on "Create an account or log in", what happens?

I added in link to the authentication-server and a large number of newlines in MediaWiki:Loginprompt. --Hendrik Brummermann 21:21, 13 August 2005 (UTC)Reply

How do you handle logout? Without modification, Special:Userlogout will not kill the session with the authentication server. Then if the user returns to MW, he will be auto-logged on -- to him or her, it will look like there was no logout.

I haven't hacked the mediawiki-logout-link to point back to the authentication-server, yet. But this is something that has to be done in the near future. If he logs out in the authentication-server-application, however, the html-response should contain image-"links" to http://.../Special:Userlogout. --Hendrik Brummermann 21:21, 13 August 2005 (UTC)Reply

Your implementation is "strict" -- that is, all accounts are served by the authentication server. What would need to change to support "local" accounts (that is, in the MW database)? I am assuming that the account creation would be restricted by using $wgWhitelistAccount.

Joshua Yeidel 18:49, 21 Jun 2005 (UTC)

An answer to #3 above: "Not very much!" It looks like the AuthPlugIn is called first; if it fails to validate the password, then the database is asked. Probably you would want to make sure that local accounts are required to have names that are syntactically distinct from user names on the authentication server (AS), so that accounts on the AS can never "shadow" older local accounts. We use a "." as the second character of our local account names, which is not valid for our campus "network ID".

Joshua Yeidel 19:29, 21 Jun 2005 (UTC)

Cool! Once authenticated in our primary wiki via QISSingleSignOn, what would be the best way to have a secondary wiki then authenticate users navigating there via an interwiki link from the primary wiki? One way would be to route the interwiki record thorugh a QISSingleSignOn Form bridge using an UnknownAction hook. Are there other alternatives to going to a bridge approach besides passing variables for QISSingleSignOn in the url?

Redirect after QISSingleSignOn authentication seems to be failing; Mediawiki (ver 1.6.5) seems to lose returnto when url switches to index.php?title=Special:Userlogin&wpCookieCheck=login. Any ideas for solutions?

Hi. Please try the new version 0.3 with the installation instructions for MediaWiki 1.6. --Hendrik Brummermann 07:52, 20 May 2006 (UTC)Reply

I've been searching, trying to find information on this... Does this extension mean that I can allow users on one MediaWiki installation to sign in using their username and passwords from another? If so, that's great! - just what I'm looking for. Does this extension then have to be installed on both installations? Also, are there any problems with this method we should be aware of -- for example, how does it work with user pages, email contacts, and so on? Thanks!

No, the idea behind this extension is not to transmit any information to the destination system that can decrease the security of the master.

MediaWiki does support shared password authentication by itself: Help:$wgSharedDB on mediawiki.org

The following scenario leads to an expired page with Mediawiki 1.7.1 and QISSingleSignOn 0.3

1. Successful QISSingleSignOn login and launch of intended page (with qisssotoken remaining in the url string)
2. Follow any link on this page
3. Press the "Back-Button" in the web browser (an expired page results)

Is QISSingleSignOn compatible with Mediawiki version 1.8.2?

Is QISSingleSignOn compatible with MW 1.9.1?

It is if the following lines in function QISSingleSignOnAutoAuthenticate in /extensions/QISSingleSignOn.php are commented out or removed:

if ( $user != null) {

// user is authenticated (by another hook)

return true;

}

--Duvemyster 00:08, 10 April 2007 (UTC)Reply

Anybody using QISSingleSignOn with MW 1.9.3 yet? Are they getting along with one another?

QISSingleSignOn 0.3 works fine with Mediawiki 1.11.0 (using the workaround mentionned above "MW 1.9.1 and QISSingleSignOn")