MediaWiki-Docker/Extension/CentralAuth

This page instructs you to install Extension:CentralAuth inside MediaWiki-Docker. Extension:CentralAuth#Installation has more detailed instructions for the general case; this page provides simplified instructions specific to a MediaWiki-Docker environment.

Follow the Quickstart instructions at MediaWiki-Docker page. Once MediaWiki is running and available at http://localhost:8080, then continue with instructions on this page.

All commands should be run in the directory where you installed MediaWiki. All mentioned files are also located there.

Having a wiki farm is a prerequisite to installing CentralAuth. You can do that by following the steps MediaWiki-Docker/Configuration recipes/Wiki farm. When the wiki farm is up and running, you can continue with the steps in this page.

git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/AntiSpoof" extensions/AntiSpoof
git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/CentralAuth" extensions/CentralAuth

The exact command here depends on the DBMS you are using.

MySQL/MariaDB

echo "CREATE DATABASE centralauth;USE centralauth;GRANT all on centralauth.* to 'root'@'%';" | docker compose exec -T database mysql

SQLite

Note, this also configures the database to use WAL mode.

sqlite3 cache/sqlite/centralauth.sqlite "PRAGMA journal_mode=WAL;"

Postgres

???

There are composer dependencies that must be installed for CentralAuth to function. For convenience, you can use composer-merge-plugin to manage those:

cp composer.local.json-sample composer.local.json

This will let composer install dependencies for every extension and skin:

docker compose exec mediawiki composer update

Add the following to the end of LocalSettings.php.

// AntiSpoof - CentralAuth dependency
wfLoadExtension( 'AntiSpoof' );

// CentralAuth
wfLoadExtension( 'CentralAuth' );
$wgVirtualDomainsMapping['virtual-centralauth'] = [ 'db' => 'centralauth' ];
// Configure autologin: reuse session from my_wiki for all wikis
$wgCentralAuthLoginWiki = 'my_wiki';
$wgCentralAuthAutoMigrate = true;
$wgCentralAuthAutoMigrateNonGlobalAccounts = true;
// Use the CentralAuth provider for temp accounts
$wgAutoCreateTempUser['serialProvider']['type'] = 'centralauth';

At this point, newly registered accounts should be CentralAuth users, however, migration of existing accounts will not work.

Run the updater to create tables in both wikis as well as the shared centralauth database:

docker compose exec mediawiki php maintenance/run.php update.php --quick --doshared
docker compose exec mediawiki php maintenance/run.php update.php --quick --wiki secondwiki

Then run the command below, replacing DBTYPE with your database type (mysql, sqlite, or postgres), to create AntiSpoof tables:

docker compose exec mediawiki php maintenance/run.php sql --wikidb centralauth extensions/AntiSpoof/sql/DBTYPE/tables-generated.sql

Finally, you can migrate all the existing accounts, by running the following two scripts for each wiki:

docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass0.php
docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass1.php

docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass0.php --wiki secondwiki
docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass1.php --wiki secondwiki

It's possible that some accounts, like the Admin account on the second wiki, will not get attached to the central account after you run the migration scripts above. If that happens, go to Special:MergeAccount on the relevant wiki, while logged in as that user, and enter your password to attach the account manually.

Populate the central AntiSpoof tables:

docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/batchCAAntiSpoof.php