We are hoping to set up a private cloud wiki and would like to make sure that it is locked down to users within our organization. We have a domain with Google Apps and this would be ideal to use for authenticating our users into the wiki. I am using a fresh install without any content though it is a canned bitnami hosted installation rather than rolling my own from the ground up.
I have been able to configure the OpenID extension and I can log in with my own Google credentials. I am not clear on whether I have locked it down to just our own organization or from Google if it would still authenticate any OpenID from any provider. I would like the user names to be the user part before the @ of the email address.
I have tried to search for specific instructions on configuring the OpenID extension to only use Google Apps but without success, if anybody can point me to a step by step guide I will attempt that before taking up anyone's time on here. To re-iterate, I want to only allow access to people in my domain authenticating with Google. (In future I may wish to grant access to users outside our Google App domain but have them sign up with a regular login and then manually grant them access.)
Meanwhile here are some details about our installation pasted from the Version page
MediaWiki 1.19.1 PHP 5.3.13 (apache2handler) MySQL 5.5.21-log OpenID(Version 1.004 20120427)
My LocalSettings.php looks like this (Updated since first posted, I have re-read the README and figured out how to only use Google as the provider)
#// *** OpenID Configuration *** require_once( "$IP/extensions/OpenID/OpenID.php" ); $wgTrustRoot = "http://okthen.bitnamiapp.com/mediawiki/"; #$wgOpenIDOnly = true; #$wgOpenIDConsumerDenyByDefault = true; $wgOpenIDConsumerForce = "https://www.google.com/accounts/o8/id"; $wgOpenIDUseEmailAsNickname = true; $wgOpenIDAllowExistingAccountSelection = false; $wgOpenIDAllowNewAccountname = false; $wgOpenIDShowProviderIcons = true; $wgOpenIDLoginLogoUrl = "http://www.google.com/favicon.ico";
I am not clear on how I can only allow folks who are part of my domain hosted on google apps to login.
I have not modified anything in the OpenID extension folder.