Topic on Extension talk:PluggableAuth

Do not show Login page

7
Summary by Cindy.cicalese

PluggableAuth requires MediaWiki 1.29 or later in order to bypass the Login page.

131.176.243.9 (talkcontribs)

Hi,

First of all many thanks for writing the PluggableAuth plugin, this is really nice! Within a day I've managed to write my own plugin to authenticate against our CAS server. This all works fine, I can properly login and logout and it also handles our mechanism for Authorization based on LDAP membership.

The only thing I have not managed to configure is the flow of logging in. I click on the "Log in" link, which returns the Mediawiki Login page when I see the default Mediawiki Login button and the Login with PluggableAuth button. Since we don't allow a login into Mediawiki via a local wiki account, the additional step to click on the PluggableAuth button is for us an extra click we would like to avoid (since there would only be one option). Is there a way to configure PluggableAuth to directly execute the step which would happen when clicking on Login with PluggableAuth without showing the login buttons to the user?

Best regards,

Martin


Cindy.cicalese (talkcontribs)

Hi, Martin.

Thank you for the positive feedback :-)

Bypassing the login page is the default behavior of PluggableAuth, as long as the plugin does not add any other fields to the login page to gather custom information (i.e. adding fields to $wgPluggableAuth_ExtraLoginFields will add fields to the login form). It is unclear, if your plugin is not adding fields, why your plugin does not bypass the login page. You could try to compare to one of the other plugins (e.g. Extension:OpenID Connect) to see if you are doing something different. The code in MediaWiki core to bypass the login form is at https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/specialpage/LoginSignupSpecialPage.php$305.

Cindy

131.176.243.9 (talkcontribs)

Hi Cindy,

I had a look at the OpenID connector and I don't see anything weird in my own connector, I don't explicitly set $wgPluggableAuth_ExtraLoginFields. What I find strange is that above the "Log in with PluggableAuth" button, I still see the standard "Log in" button for Local logins. If I add explicitly $wgPluggableAuth_EnableLocalLogin = false; in my LocalSettings.php file the button stays. Just to test it, I've added this before and after loading the PluggableAuth extension. I see no difference in behavior. I use PluggableAuth for Mediawiki 1.27, since this is what is currently available for me to test, we don't have a server running yet with a newer version. Is the version maybe too old and is it missing features?

Martin

Cindy.cicalese (talkcontribs)

Ah, yes, the code to bypass the Login page was only added to MediaWiki core in MW 1.29. So, regardless of which version of the PluggableAuth extension you use (you should ideally use the most recent version to get most functionality/bug fixes), you will need to use a more recent version of MediaWiki.

131.176.243.9 (talkcontribs)

Good to know that bypassing the Login page was only implemented in MW1.29. I've requested with the person in charge of the test installation to upgrade Mediawiki to the latest LTS version (1.31), which also requires PHP7, then I will test my plugin again and let you know if it all work as expected. Many thanks for your quick support!

Martin

131.176.243.9 (talkcontribs)

Our server now runs WM1.31 (the latest LTS version) together with PHP7.1 and it all works great now. The Login page is not shown anymore when I click on the Login link. Thanks again for your help!

Martin

Cindy.cicalese (talkcontribs)

Excellent!