I'm trying to setup external authentication with
MediaWiki.
I've gone over
http://wiki.case.edu/CaseWiki:External_Authentication time
and time again
but it's not exactly clear.
Here's how our company authentication for web access works.
- I check to see if a cookie exists. If so, decrypt it and
get user info.
- If cookie doesn't exist, redirect to the company
authentication URL. In
that redirect, I specify a "return to" URL so after the user
authenticates,
it knows where to send the user back to.
- Go back to first step. Since the cookie should now exist,
I have user
info.
Have you considered using Federated login/Shibboleth/SAML? It does SSO
without all of the messy cookie stuff, and can do so at the web server
or application level. It also has support for attributes and roles, so
that your application can do authorization from a single source. Check
out OpenSSO/Glassfish/OpenDS combo for a completely OSS stack that is
fairly good. OpenSSO also works with multiple backends, including AD.
To more directly answer your question, Wikimedia uses a cookie based
solution for SSO between their sites; it probably doesn't do what you
are looking for, but it may be able to give you some ideas:
http://www.mediawiki.org/wiki/Extension:CentralAuth
I definitely recommend looking at a SAML solution though.
V/r,
Ryan Lane