Hey,
I run a members-only forum. I'm in the process of adding a Wiki to the site, and I'd like to restrict the wiki to only members logged into the forum. Would there be any problems to adding session_start() to the top of the wiki's index.php (as well as some checks to validate the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
Thanks for all suggestions.
2009/4/11 Schiz0 schiz0phrenic21@gmail.com:
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
The main page can be a splash page that says "members only" or supplies a login form. You set it so that only logged-in users can view any other pages. Then you authenticate against the forum (this is the "magic beans" bit, I'm not sure of the details, but I'm sure others have done this).
- d.
2009/4/11 David Gerard dgerard@gmail.com:
The main page can be a splash page that says "members only" or supplies a login form. You set it so that only logged-in users can view any other pages. Then you authenticate against the forum (this is the "magic beans" bit, I'm not sure of the details, but I'm sure others have done this).
Example (though this does use MediaWiki's login system): http://internal.wikimedia.org/wiki/Main_Page http://office.wikimedia.org/wiki/Main_Page
- d.
You may want to use MediaWiki's built in restriction which is tested and in use in various private wikis:
http://www.mediawiki.org/wiki/Manual:Preventing_access#1.5_upwards
Greets, Wuzur
On Sat, Apr 11, 2009 at 4:34 PM, David Gerard dgerard@gmail.com wrote:
2009/4/11 David Gerard dgerard@gmail.com:
The main page can be a splash page that says "members only" or supplies a login form. You set it so that only logged-in users can view any other pages. Then you authenticate against the forum (this is the "magic beans" bit, I'm not sure of the details, but I'm sure others have done this).
Example (though this does use MediaWiki's login system): http://internal.wikimedia.org/wiki/Main_Page http://office.wikimedia.org/wiki/Main_Page
- d.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Schiz0 wrote:
Hey,
I run a members-only forum. I'm in the process of adding a Wiki to the site, and I'd like to restrict the wiki to only members logged into the forum. Would there be any problems to adding session_start() to the top of the wiki's index.php (as well as some checks to validate the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
Thanks for all suggestions.
Use an Auth plugin to get the credentials from the forum. Then restrict view and edits to the user group.
On Apr 15, 2009, at 7:15 PM, Platonides wrote:
Schiz0 wrote:
Hey,
I run a members-only forum. I'm in the process of adding a Wiki to the site, and I'd like to restrict the wiki to only members logged into the forum. Would there be any problems to adding session_start() to the top of the wiki's index.php (as well as some checks to validate the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
Thanks for all suggestions.
Use an Auth plugin to get the credentials from the forum. Then restrict view and edits to the user group.
Sounds to me like you'll need to create that Auth plugin on your own, vs. being able to find an existing one that would fit your needs. I just did a related round of work linking my wiki into our corporate authentication & single-signon service, from which I would suggest you look in particular at the UserLoadFromSession hook and the associated talk page.
One aspect that you'll need to think about, if you haven't already, is whether your members will have an actual wiki account. I decided that my users would (and recommend the same for you), so all the normal wiki preference settings & such work & are retained as expected, but I made the account creation totally automatic and mostly invisible to them - it simply happens on their first visit. (I've left some notes on this point at the talk page ref'd above.)
And then I use the wiki's own session structure, as well, with a relatively short time out (hours, not days), so the interaction with the external auth service (or even their cookies) only occurs on their first visit in a given span of time, after which it continues the same as if they had signed in through the wiki's native login process. (And non-logged in visitors aren't allowed - use the regular wiki access controls for that.)
HTH, Paul
I recently set up a large collection of web apps with an ldap directory backend - included in this was phpBB and MediaWiki. However, I didn't get the single sign-on bit of it working, neither was it one of my original targets.
2009/4/16 Paul C Lustgarten plus@research.att.com
On Apr 15, 2009, at 7:15 PM, Platonides wrote:
Schiz0 wrote:
Hey,
I run a members-only forum. I'm in the process of adding a Wiki to the site, and I'd like to restrict the wiki to only members logged into the forum. Would there be any problems to adding session_start() to the top of the wiki's index.php (as well as some checks to validate the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
Thanks for all suggestions.
Use an Auth plugin to get the credentials from the forum. Then restrict view and edits to the user group.
Sounds to me like you'll need to create that Auth plugin on your own, vs. being able to find an existing one that would fit your needs. I just did a related round of work linking my wiki into our corporate authentication & single-signon service, from which I would suggest you look in particular at the UserLoadFromSession hook and the associated talk page.
One aspect that you'll need to think about, if you haven't already, is whether your members will have an actual wiki account. I decided that my users would (and recommend the same for you), so all the normal wiki preference settings & such work & are retained as expected, but I made the account creation totally automatic and mostly invisible to them - it simply happens on their first visit. (I've left some notes on this point at the talk page ref'd above.)
And then I use the wiki's own session structure, as well, with a relatively short time out (hours, not days), so the interaction with the external auth service (or even their cookies) only occurs on their first visit in a given span of time, after which it continues the same as if they had signed in through the wiki's native login process. (And non-logged in visitors aren't allowed - use the regular wiki access controls for that.)
HTH, Paul
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Hello!
I also work on something like this, however, instead of selecting a webapp out of the bunch for user credential storage, or LDAP or whatever, I decided to use basic apache authentication that authenticates to the operating system (unix password) using pwauth. Mediawiki has a good plugin to use Basic authentitaction to auto create wiki users on their first login. I make all apps use this authentication data, so "single sign on" is working. What more, it is running behind https - it was a must in our case.
However, I don't know if phpBB and others could use basic auth info from apache ($_SERVER['REMOTE_USER'] ..or what)
Good luck Robert
I recently set up a large collection of web apps with an ldap directory backend - included in this was phpBB and MediaWiki. However, I didn't get the single sign-on bit of it working, neither was it one of my original targets.
2009/4/16 Paul C Lustgarten plus@research.att.com
mediawiki-l@lists.wikimedia.org