All,
I've read the meta-wiki pages about LDAP authentication and Remote Web Server authentication ... what I'm looking for is much more simple.
To get to where my wiki is, the user has to have already authenticated as a unique individual through a kerberized .htaccess method. What I want is for the wiki to then see the existing "johndoe" user that had logged in to the .htaccess method and understand that it is the same user as the wiki's "johndoe".
My current wiki (TikiWiki) has this functionality by simply setting "Authentication Method" on its "Login" admin pane to "Web Server". I had to add the users by hand (with no password), but that's it -- the user can't even logout as the web server's authentication is still in effect.
This is about the only thing I like about TikiWiki, but it's a *very* important thing. Any ideas? Thanks in advance...
- John
John,
I have something what relies on a detected IP address (gethostbyaddr() = something), see http://bugzilla.wikimedia.org/show_bug.cgi?id=1360 Auto-login / Auto-account-creation by hostname for intranet MediaWikis . There is no uploaded patch (yet), but it is easy.
Please can you check, if this can be useful for you ? Tom
John Straffin schrieb:
To get to where my wiki is, the user has to have already authenticated as a unique individual through a kerberized .htaccess method. What I want is for the wiki to then see the existing "johndoe" user that had logged in to the .htaccess method and understand that it is the same user as the wiki's "johndoe".
My current wiki (TikiWiki) has this functionality by simply setting "Authentication Method" on its "Login" admin pane to "Web Server". I had to add the users by hand (with no password), but that's it -- the user can't even logout as the web server's authentication is still in effect.
Hi Tom, Hi John,
i'm in the same situation like John. i use .htaccess for a member-section where i'm to install a wiki. TikiWiki is the only wiki i know that has this working but it is the only good feature from tikiwiki.
Tom, your solution sounds really interesting. i imagine to be able to make a solution that works with .htaccess from your solution more easily than from tabula rasa. Actually i already wrote some code but it simply will not work. Any chance to have a look at your code?
What i did:
i wrote a extensions/cpAuth.php (attached) and added
include('extensions/cpAuth.php'); $wgAuth = new cpAuth();
to LocalSettings.php
however, i seem to have missing some important steps because this seems not to work for now. (no error, no changed behaviour)
hope to get this working soon,
Damir Perisa
On Tuesday 15 February 2005 00:55, Thomas Gries wrote:
John,
I have something what relies on a detected IP address (gethostbyaddr() = something), see http://bugzilla.wikimedia.org/show_bug.cgi?id=1360 Auto-login / Auto-account-creation by hostname for intranet MediaWikis . There is no uploaded patch (yet), but it is easy.
Please can you check, if this can be useful for you ? Tom
John Straffin schrieb:
To get to where my wiki is, the user has to have already authenticated as a unique individual through a kerberized .htaccess method. What I want is for the wiki to then see the existing "johndoe" user that had logged in to the .htaccess method and understand that it is the same user as the wiki's "johndoe".
My current wiki (TikiWiki) has this functionality by simply setting "Authentication Method" on its "Login" admin pane to "Web Server". I had to add the users by hand (with no password), but that's it -- the user can't even logout as the web server's authentication is still in effect.
Okay... I'm satisfied that the answer to my original question (below) is "No. There is nothing currently in MW that allows for the use of existing web server credentials instead of MW's login." Now, I'm trying to do this myself...
I've looked at Thoams Gries' flowchart and perused index.php, setup.php, user.php and I can't find where MW actually says "are they logged in?" Anyone wanna throw me a bone? Thanks in advance...
- John
John Straffin wrote:
All,
I've read the meta-wiki pages about LDAP authentication and Remote Web Server authentication ... what I'm looking for is much more simple.
To get to where my wiki is, the user has to have already authenticated as a unique individual through a kerberized .htaccess method. What I want is for the wiki to then see the existing "johndoe" user that had logged in to the .htaccess method and understand that it is the same user as the wiki's "johndoe".
My current wiki (TikiWiki) has this functionality by simply setting "Authentication Method" on its "Login" admin pane to "Web Server". I had to add the users by hand (with no password), but that's it -- the user can't even logout as the web server's authentication is still in effect.
This is about the only thing I like about TikiWiki, but it's a *very* important thing. Any ideas? Thanks in advance...
- John
John Straffin wrote:
I've looked at Thoams Gries' flowchart and perused index.php, setup.php, user.php and I can't find where MW actually says "are they logged in?" Anyone wanna throw me a bone? Thanks in advance...
User::loadFromSession() checks several sources for login credentials, returning either the authenticated User or a generic anonymous User object.
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
John Straffin wrote:
I've looked at Thoams Gries' flowchart and perused index.php, setup.php, user.php and I can't find where MW actually says "are they logged in?" Anyone wanna throw me a bone? Thanks in advance...
User::loadFromSession() checks several sources for login credentials, returning either the authenticated User or a generic anonymous User object.
Okay... so, as I understand it, User::loadFromSession() basically says:
"If there's a session, then do some stuff, otherwise if there's a cookie, then do some stuff, otherwise return a new user object."
Instead of saying "return a new user object" above, I want to say "log in as <?= _SERVER["REMOTE_USER"] ?>". Should I be looking for the "log in" function in SpecialUserlogin.php?
(also, on a side note, how does the User::loadFromSession() function get beyond the initial block of code? It appears that all of the options of the first "if, else if, else" end up with a "return"...)
(and, on a completely unrelated note, lines 23 - 25 of Index.php state: require_once( './includes/Defines.php' ); require_once( './LocalSettings.php' ); require_once( 'includes/Setup.php' ); Shouldn't line 25 look like 23 & 24 (i.e. './x' vs 'x'), if not just for consistency's sake?)
- John
John Straffin wrote:
Instead of saying "return a new user object" above, I want to say "log in as <?= _SERVER["REMOTE_USER"] ?>". Should I be looking for the "log in" function in SpecialUserlogin.php?
Perhaps.
(also, on a side note, how does the User::loadFromSession() function get beyond the initial block of code? It appears that all of the options of the first "if, else if, else" end up with a "return"...)
No, there are several conditions that don't return. It's not really legible code though.
(and, on a completely unrelated note, lines 23 - 25 of Index.php state: require_once( './includes/Defines.php' ); require_once( './LocalSettings.php' ); require_once( 'includes/Setup.php' ); Shouldn't line 25 look like 23 & 24 (i.e. './x' vs 'x'), if not just for consistency's sake?)
LocalSettings.php may define an include path which doesn't include the currect directory, to store the bulk of the scripts outside the webroot.
-- brion vibber (brion @ pobox.com)
ATTN: David Cameron, Marcus Kazmierczak, Ryan Lane, Frank Wales, John Straffin:
I can't exactly deal with the plenty of mails referring to Auto-Login / Auto-Account-Creation and similar, but different ideas... so I decided quickly to post, what I have and what works for me.
The whole story in on http://bugzilla.wikipedia.org/show_bug.cgi?id=1360 Auto-login / Auto-account-creation by hostname for intranet MediaWikis
Basically, every
RETURN NEW USER() in every return path in loadFromSession()
is now changed to not return immediately, but to call my new function loadfromLUT(), which either gets some info via gethostbyaddr() in Setup.php and the lookup table or actually returns the new user() object (if a user comes to wiki, who is not listed in the file lookup table, he stays "anonymous" without a login chance, because I disabled the manual login and logout paths).
Please check http://bugzilla.wikipedia.org/show_bug.cgi?id=1360 . I just uploaded the code according to the flowchart, the code is for User.php of mediawiki 1.3.7 and only modifies the existings loadfromSession() as explained.
Sorry for cross-posting ! Tom
mediawiki-l@lists.wikimedia.org