I'm trying to setup external authentication with MediaWiki. I've gone over http://wiki.case.edu/CaseWiki:External_Authentication time and time again but it's not exactly clear.
Here's how our company authentication for web access works.
- I check to see if a cookie exists. If so, decrypt it and get user info. - If cookie doesn't exist, redirect to the company authentication URL. In that redirect, I specify a "return to" URL so after the user authenticates, it knows where to send the user back to. - Go back to first step. Since the cookie should now exist, I have user info.
I figured I would use mod_rewrite in .htaccess to redirect index.php?title=Special:UserLogin to say index2.php. index2.php would get the cookie and be the return point for the redirection if needed. But now that index2.php has the user info, I need it to login, creating the userid if needed, to mediawiki. This is where I'm totally lost. Any help would be greatly appreciated!
I'm trying to setup external authentication with MediaWiki. I've gone over http://wiki.case.edu/CaseWiki:External_Authentication time and time again but it's not exactly clear.
Here's how our company authentication for web access works.
- I check to see if a cookie exists. If so, decrypt it and
get user info.
- If cookie doesn't exist, redirect to the company
authentication URL. In that redirect, I specify a "return to" URL so after the user authenticates, it knows where to send the user back to.
- Go back to first step. Since the cookie should now exist,
I have user info.
Have you considered using Federated login/Shibboleth/SAML? It does SSO without all of the messy cookie stuff, and can do so at the web server or application level. It also has support for attributes and roles, so that your application can do authorization from a single source. Check out OpenSSO/Glassfish/OpenDS combo for a completely OSS stack that is fairly good. OpenSSO also works with multiple backends, including AD.
To more directly answer your question, Wikimedia uses a cookie based solution for SSO between their sites; it probably doesn't do what you are looking for, but it may be able to give you some ideas:
http://www.mediawiki.org/wiki/Extension:CentralAuth
I definitely recommend looking at a SAML solution though.
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org