Hello,
I am setting up a new MW 1.29 application on a secure RHEL7+Apache2+PHP5.6+MariaDB5.5 host running in an Active Directory enterprise environment. All client browsers that will access the wiki have user session attributes in the header authenticated by the domain. When users visit the MW site, I would like MW to automatically log-in the users (and create new users as needed) from the authentication information in the browser session header. I am told by my enterprise security admins that the session header data is compatible with Siteminder (i.e. SM_SDOMAIN, etc..)
[Q1] Will I need anything beyond PluggableAuth and PluggableSSO? (like say Mod_auth_ker?)
[Q2] Will I need to configure either of these for my domain or should it just work?
So far I have successfully installed PluggableAuth and PluggableSSO and added the following to LocalSettings.php?
$wgPluggableAuth_EnableAutoLogin = true;
$wgPluggableAuth_EnableLocalLogin = true; $wgPluggableAuth_EnableLocalProperties = false; $wgPluggableAuth_Class = "PluggableSSO"; wfLoadExtension( 'PluggableAuth' ); wfLoadExtension( 'PluggableSSO' ); |
but it does not work as straightforwardly as hoped.
I have set $wgShowDebug = true; in my Localsettings.php and can see all of the session data and trace info, but I don't know how to interpret it as well as i'd like.
[Q3] My local login no longer works either. Is this to be expected?
Any advice from the authentication gurus is greatly appreciated :-)
Thanks in advance,
-Rich