But let's explore the AutoAuthenticate hook again. If I make a plugin roughly like the following:
class PlexcelAuth extends AuthPlugin {
function PlexcelAuth() { // other stuff $wgHooks['AutoAuthenticate'][] = array($this, 'authenticateSso'); }
function authenticateSso($user) { // do sso if (sso_is_successful) { $user->mName = $acct['sAMAccountName']; return; } } }
You need to look at some examples of other auto-authentication plugins. You need to do quite a bit more than you are doing. You should be checking to see if the user is already logged in, and if so returning, if not, checking to make sure the authentication went through ok. If it did, you need to check to see if the user has an account; if so, log them in; if not create an account manually.
The HttpAuth plugin is a good simple example (http://www.mediawiki.org/wiki/Extension:HttpAuth), the LDAP Authentication plugin is a slightly more complicated example (http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/LdapAuthenti cation/LdapAuthentication.php?view=markup). There are a few more on mediawiki.org (http://www.mediawiki.org/wiki/Category:Authentication_and_Login).
Currently, in the non-AutoAuthenticate version I have the following which is invoked manually from within includes/Setup.php:
function authenticateSso($user) { // do sso if (sso_is_successful) { global $wgUser;
$wgUser =User::newFromName($this->acct['sAMAccountName']); if ($wgUser->idForName() == 0) { if (isset($this->acct['mail'])) $wgUser->mEmail = $this->acct['mail']; if (isset($this->acct['displayName'])) $wgUser->mRealName = $this->acct['displayName']; $wgUser->addToDatabase(); $wgUser->setToken(); }
plexcel_log(3, 'MediaWiki: SSOsuccessful: ' . $wgUser->getName()); return;
This looks similar to how the auto-authentication plugins work. I'm pretty sure you'll be able to use the auto-authentication hook instead of mucking around in Setup.php.
V/r,
Ryan Lane