Comments on: MediaWiki remote user authentication

By: Namroud

Namroud — Wed, 22 Sep 2010 21:24:29 +0000

How would all of this would work with Ldap authentication Plugin for mediawiki. I mean how to pass http authentication to the Ldap plugin.

Thanks.
Namroud

By: Trev

Trev — Fri, 30 Jul 2010 00:44:53 +0000

Thanks for all the code + Etenil for the hack.
I’m using this in 1.16.0 and it works perfectly.

By: Jaya

Jaya — Thu, 13 Aug 2009 12:01:27 +0000

Just to update. I tried this method with the modifications suggested by Etenil for Mediawiki 1.15.1 and it works fine for me. Thanks Raskas!

By: Daniel

Daniel — Fri, 29 May 2009 08:42:02 +0000

I have MediWiki 1.13.3 running. Authentication via remote user only works partially: On the first time I call a wiki-page, I am shown the login page. If I go to another page or simply hit refresh, I am logged in and everything is fine.
Does anybody have a clue how to solve this problem? Thanks a lot in advance.

Regards, Daniel

By: Robert Kuszinger

Robert Kuszinger — Mon, 06 Apr 2009 16:54:28 +0000

Hello!

I’m trying to set up alternative authentication to a WIKI. I’d like to ask if your solution could work with mediawiki 1.14.
I’ve set up the pwauth recipe, login is successful, however, user won’t be in a logged in state…

If your recipe above works with 1.14 as far as you know, I’d modify it to use pwauth (or whatever) for authentication…

thanks for any help.
Robert Kuszinger

By: Michael Raugh

Michael Raugh — Mon, 05 Jan 2009 16:10:59 +0000

Oops — I should cite the whole platform, I suppose.

Apache 2.2.3
CentOS 5 (RHEL 5 clone)
MediaWiki 1.13.3

My external authentication source is LDAP over SSL, configured via the standard Apache mod_authz_ldap module. Shouldn’t matter though, as it’s transparent to MediaWiki.

By: Michael Raugh

Michael Raugh — Mon, 05 Jan 2009 16:05:17 +0000

Just a report for the good of the lodge, as it were. I just installed this mod on MediaWiki 1.13.3 using the code from here, which Raskas referenced at the top of the blog entry. I used Etenil's tweak to the Auth_remoteuser.php (though there is no usage of 'PHP_AUTH_USER' in the version I started with) and I also had to change the ownership of /var/lib/php/session (chown -R apache:web /var/lib/php/session) to get around an "Error saving session data" problem when trying to edit a page. Side note: once a user has accessed the wiki (and therefore had an account auto-created) you can assign them any group memberships you like using the normal means. For me that's editing the user_groups table in mySQL directly, but your methods may vary.

By: Will Neelen

Will Neelen — Wed, 05 Nov 2008 13:57:29 +0000

FOR RICH

I got this to work on Windows 2003 server running IIS.
It even works if you have multiple domains in a forrest.
Below the configuration for a single domain.

You need to 3 things
1. Set IIS configuration
2. Download Auth_remoteuser_iis.php
3. Add settings to LocalSettings.php

1. In IIS,
under the website configuration,
tab Directory Security /
Authentication and acces control /
username: your_domain\your_remote_user
password: your_remote_users_password
UNMARK anonymous access
Apply these settings for underlying virtual directories.

2. Download Auth_remoteuser_iis.php
And put it in the extensions folder

3. Add the settings below to LocalSettings.php
Change the variables to:
-your domain
-your DC
-your DNS server
- the remote user account in your domain

# SECURITY section added for SSO
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
# Pages anonymous (not-logged-in) users may see
$wgWhitelistRead = array( “Main Page”, “Special:Userlogin”, “-”, “MediaWiki:Monobook.css” );
# Remote_User Auth with MS AD LDAP enhancements
require_once(’extensions/Auth_remoteuser_iis.php’);
$wgAuth = new Auth_remoteuser();
$wgLDAPServerNames = array( “YOUR_DOMAIN”=>”first_domaincontroller.yourdomain.com”, second_domaincontroller.yourdomain.com”);
$wgLDAPSearchStrings = array( “YOUR_DOMAIN”=>”USER-NAME” );
$wgLDAPBindUsers = array( “your_remote_user_account your_remote_users_password” );
$wgLDAPBaseDNs = array( “YOUR_DOMAIN”=>”DC=YOUR_DOMAINS_DNS_SERVER.YOUR_DOMAIN.com, DC=YOUR_DOMAIN.com” );
$wgLDAPDebug = 0;

By: Rich

Rich — Tue, 28 Oct 2008 10:31:57 +0000

Im a relative newbie with mediawiki and have been given the task of implementing mediawiki, on a Windows 2003 server running IIS, using php and a mysql DB. One of the requirements is that users are logged in automatically to mediawiki via their domain credentials. To be honest im really unsure how to go about this as REMOTE_USER etc that i have seen i believe are not relevant for my specifications. Any help would be a God send!!

Rich

By: timhessel

timhessel — Thu, 29 May 2008 12:21:01 +0000

Disregard that last comment, it’s nonsense. I need to look at my code a little better though