I'm setting up a wiki for a system that has an existing corporate login system. We want it to be integrated with this system, rather than relying on an external one. Especially I don't want it to set any type of cookie to check user id, as this may weaken the security of the existing system. Basicly anywhere it figures out the user id, I'd like to pull that and rely on my code to figure out what user it is (I will still have a user table in the db, it will map external user ids to wiki ids). Can anyone point me out to what files would need to be changed? I'm guessing User.php, but what file actually does the logon sequence?
Gabe
Sechan, Gabe wrote:
I'm setting up a wiki for a system that has an existing corporate login system. We want it to be integrated with this system, rather than relying on an external one. Especially I don't want it to set any type of cookie to check user id, as this may weaken the security of the existing system. Basicly anywhere it figures out the user id, I'd like to pull that and rely on my code to figure out what user it is (I will still have a user table in the db, it will map external user ids to wiki ids). Can anyone point me out to what files would need to be changed? I'm guessing User.php, but what file actually does the logon sequence?
So, basically, you want to rewrite PHP's sessioning system?
You have to remember that login and authentication is only have the battle. The other is sessions (because HTTP is stateless). The most common way of doing this is cookies.
Cookies are not shared with other sites, unless they have Javascript running under the current one (see the cross-site scripting issues). So a properly configured cookie assignment should not be sent to anything other than the wiki.
In order for us to assist you, you will have to give us (some) details as to how this "login system" works (ie, how do web apps know who the user is). (If it uses LDAP, already been done.)
HTTP authentication has been discussed but I am not aware of any actual implementations.
-- Jamie ------------------------------------------------------------------- http://endeavour.zapto.org/astro73/ Thank you to JosephM for inviting me to Gmail! Have lots of invites. Gmail now has 2GB.
http://wiki.case.edu/CaseWiki:External_Authentication
There is a PHP script on that page that can perform a login and send the MediaWiki cookies to the client. I have made it work with HTTP Basic auth, Pubcookie, and CAS.
Gregory Szorc gregory.szorc@case.edu
Jamie Bliss wrote:
Sechan, Gabe wrote:
I'm setting up a wiki for a system that has an existing corporate login system. We want it to be integrated with this system, rather than relying on an external one. Especially I don't want it to set any type of cookie to check user id, as this may weaken the security of the existing system. Basicly anywhere it figures out the user id, I'd like to pull that and rely on my code to figure out what user it is (I will still have a user table in the db, it will map external user ids to wiki ids). Can anyone point me out to what files would need to be changed? I'm guessing User.php, but what file actually does the logon sequence?
So, basically, you want to rewrite PHP's sessioning system?
You have to remember that login and authentication is only have the battle. The other is sessions (because HTTP is stateless). The most common way of doing this is cookies.
Cookies are not shared with other sites, unless they have Javascript running under the current one (see the cross-site scripting issues). So a properly configured cookie assignment should not be sent to anything other than the wiki.
In order for us to assist you, you will have to give us (some) details as to how this "login system" works (ie, how do web apps know who the user is). (If it uses LDAP, already been done.)
HTTP authentication has been discussed but I am not aware of any actual implementations.
-- Jamie
http://endeavour.zapto.org/astro73/ Thank you to JosephM for inviting me to Gmail! Have lots of invites. Gmail now has 2GB.
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org