Hi Mark,
Nice to hear from you! I'm very interested to understand more about it, but as you can see below I'm not sure if I have the right skills.
Ad
On 6 Oct 2016, at 17:54, Mark A. Hershberger mah@nichework.com wrote:
Ad Strack van Schijndel writes:
- Same users and passwords for all wiki's
- Single sign on
- API requests from one wiki to another
Does the enterprise you are hosting these for have an SSO source like Active Directory?
No, this is for our own company. First attempts on this road. Would it be an idea to have a shared user table for all wiki's?
Cindy Cicalese has just finished updating PluggableAuth for MW 1.27. I think it would prove very helpful to you.
Mmm, at first glance it seems that situation where PluggableAuth is especially useful is not ours. And I wouldn't know how to use it. I'm more the 'use extensions as-is' kind of guy :-).
You don't say what you're using the API requests for, but that seems trivial. Are you running into problems there?
Semantic External Query Lookup! So I am not doing the api requests myself, but I want to try to contribute to this fine extension and make it usable with private wiki's. SEQL works fine if the 'source' wiki is public.
For one of my clients, I have written PluggableSSO (which uses Cindy's PluggableAuth) to take care of authentication based on HTTP headers that Apache provides using mod_auth_kerb. I have and AD user that queries AD via LDAP for user information then.
In the meantime I have tried OAuth 'Owner-only consumers' https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers#PHP. Added this code to James's QueryResultFetcher in what I figured would be the right place. With the values I got when registering the wiki as a consumer. This should add the authorization header to the request. That looks fine, but it doesn't work and I can't figure out what happens next. And I must admit: I'm not that knowledgable with these things...
Another client of mine uses a CA-provided module for Apache that takes care of SAML authentication and then sends me headers for the user. I'm thinking of replacing that apache module with Cindy's SimpleSAMLphp extension that uses PluggableAuth.
Hope this helps!
Mark.
-- Mark A. Hershberger NicheWork LLC 717-271-1084
Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise