Dear all,
I'm trying to casify mediawiki as per instructions on http://kellinwood.blogspot.com/2009/01/casify-mediawiki-with-phpcas.html
Now, I'm running into a problem that might (or might not?) be what is mentioned in the user comment at the end of the page (wpLoginToken against CSRF)
Currently, I've been able to get it to the point where CAS is up and running, connected to an MSAD server, and authenticating properly. Mediawiki is running fine with local accounts.
When I enable the casifying changes however, mediawiki properly redirects me to the cas login page, cas properly authenticates me and sends me back to mediawiki, but mediawiki then is stuck on Special:Userlogin.
Clicking the login link again from the Special:Userlogin page I see only keeps me there (I am not even redirected to cas).
Any thoughts on how this can be fixed are most appreciated.
Best, Chris
PS: I'm using a localized version of MediaWiki, so Special:Userlogin is called Speciaal:Aanmelden and Special:Userlogout is Speciaal:Afmelden
Changes to /etc/apache2/apache2.conf file:
---
Alias /wiki /var/www/mediawiki/index.php
<Directory />
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/mediawiki/index.php$
RewriteCond %{QUERY_STRING} ^title=Speciaal:Aanmelden
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ /mediawiki/login/cas1.php [R,L]
RewriteCond %{REQUEST_URI} ^/mediawiki/index.php$
RewriteCond %{QUERY_STRING} ^title=Speciaal:Afmelden
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ /mediawiki/login/cas2.php?logout [R,L]
</Directory>
---
Changes to LocalSettings.php
---
# CAS
require_once "$IP/extensions/CasAuthentication.php";
$wgAuth = new CasAuthPlugin();
$casServerHostname = 'myserver.mydomain.nl';
$casServerPort = 8443;
$casServiceURI = '/cas';
$wgLoginFormKey = "tU2HfXYkf6jc454SYqke"; // Random key, change this
$wgGroupPermissions ['*']['read']=false;
$wgGroupPermissions ['*']['edit']=false;
$wgGroupPermissions ['*']['createaccount']=false;
$wgWhitelistRead = array("Speciaal:Aanmelden");
---
Files extensions/CasAuthentication.php and login/cas1.php and login/cas2.php are exactly as given on the site linked above.
Met vriendelijke groet,
Christian C. Schouten
Christian C. Schouten wrote:
Dear all,
I'm trying to casify mediawiki as per instructions on http://kellinwood.blogspot.com/2009/01/casify-mediawiki-with-phpcas.html
Now, I'm running into a problem that might (or might not?) be what is mentioned in the user comment at the end of the page (wpLoginToken against CSRF)
Yes, the wpLoginToken will be interfering with the External Authentication. Although I have to say, that class smells like a vulnerability.
mediawiki-l@lists.wikimedia.org