User talk:Stevel
Disabling automatic user account creation[edit]
Hi,
Could you please have a look at an issue I'm trying to resolve with the shibauthplugin?
Everything else is working great, and it was easy to setup!
Thanks, Matt
Mr. Stevel,
Shibboleth 2.0 runs on shibbolet2.xml, which is slightly different with the original shibboleth.xml. Do you have some reference/correction for this SSO extension configuration?
Thanks, dannguyen@ucsd.edu
Hi,
Until my university upgrades its shib implementation, I can't check the configuration. It shouldn't require specific configuration once you have shibboleth working on your domain. Check the shibboleth 2 documentation for information on configuring your service provider.
--Stevel 22:49, 25 August 2008 (UTC)
MW 1.3 bug?[edit]
Hi, can you please have a look at Extension_talk:Shibboleth_Authentication#Problems_with_MW_1.13 ?
Thanks,
Kristof
Changes to Accomodate Shib2 Discover Service[edit]
Hi Steve,
I've been working with your extension under a Shib 2.x SP and had to make a few changes to the ShibLinkAdd function to accommodate using a new style Discover Service instead of a traditional WAYF. I'd love to contribute the changes if you'd like to have them.
Essentially, I added a new config variable :
//Are you using an old style WAYF (Shib 1.3) or new style Discover Service (Shib 2.x)?
//Values are WAYF or DS, defaults to WAYF
$shib_WAYFStyle = "DS";
And I switch on it to determine how the URI of the wayf is formed. Here's the modified function:
/* Add login link */
function ShibLinkAdd(&$personal_urls, $title)
{
global $shib_WAYF, $shib_LoginHint, $shib_Https, $shib_AssertionConsumerServiceURL;
global $shib_WAYFStyle;
if (! isset($shib_AssertionConsumerServiceURL) || $shib_AssertionConsumerServiceURL == '')
$shib_AssertionConsumerServiceURL = "/Shibboleth.sso";
if (! isset($shib_Https))
$shib_Https = false;
$pageurl = $title->getLocalUrl();
if (! isset($shib_LoginHint))
$shib_LoginHint = "Login via Single Sign-on";
if (! isset($shib_WAYFStyle) || $shib_WAYFStyle != 'DS') {
$shib_WAYFUriPath = $shib_AssertionConsumerServiceURL . "/WAYF/" . $shib_WAYF;
} else {
$shib_WAYFUriPath = $shib_AssertionConsumerServiceURL . "/" . $shib_WAYF;
}
$personal_urls['SSOlogin'] = array(
'text' => $shib_LoginHint,
'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] .
$shib_WAYFUriPath .
'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
return true;
}
Thanks for keeping up the extension. Take care...
Barry Johnson
Clemson University
Issue with MediaWiki 1.18 and Shibboleth[edit]
Can you look at Extension_talk:Shibboleth_Authentication#Problem_with_MW_1.18 ?
Thanks,
--Todd
ToddDTaft 17:45, 20 January 2012 (UTC)
Is it possible to create an account through Special pages with shibboleth turned on?[edit]
We would like to use shibboleth to grant access to a mediawiki. We still need to allow the administrators the ability to create accounts through Special:UserLogin&type=signup page. When I do this, I get "There was either an authentication database error or you are not allowed to update your external account." The user is registered with the external validation database. I've tried setting canCreateAccounts to return true and uncommenting ShibUpdateTheUser, but the best I've gotten was a broken wiki.
The alternative is to turn shibboleth off, reset the administrator's password, and then add the user, but that brings the wiki down in the meantime.
Chris Schulte University of Wisconsin