We have a wikifarm with a number of wikis and central media repositories. We are missing a single sign-on - presently, if someone is signed into a wiki and uploads a file, this one has to sign in a second time.
The "obvious" solution is to do the same as wikimedia, i.e. http://www.mediawiki.org/wiki/Extension:CentralAuth
However, the page above warns in no unclear words to rather use $wgSharedDB (which we already do). But while this offers single-authorization ("password storage"), it provides no single-sign on.
Advice? What are our options?
thanks!
Gregor
Advice? What are our options?
I should perhaps clarify that behavior like http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER is not desired - the wiki should be fully readable for anonymous users without login, we only need authentication on signon through the wiki login page. The behavior should be similar to the behavior on wikimedia sites.
Gregor
Are all your wiki on the same domain (as subdomains or subdirectories) or separate domains?
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
On 11-02-28 09:10 AM, Gregor Hagedorn wrote:
We have a wikifarm with a number of wikis and central media repositories. We are missing a single sign-on - presently, if someone is signed into a wiki and uploads a file, this one has to sign in a second time.
The "obvious" solution is to do the same as wikimedia, i.e. http://www.mediawiki.org/wiki/Extension:CentralAuth
However, the page above warns in no unclear words to rather use $wgSharedDB (which we already do). But while this offers single-authorization ("password storage"), it provides no single-sign on.
Advice? What are our options?
thanks!
Gregor
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
So example.com, example.de, example.fr, etc?
We don't have any good way to share sessions across domains with a shared user db. I did have an idea for an extension that would fix that as a side effect, but haven't got round to implementing it.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
On 11-02-28 10:45 AM, Gregor Hagedorn wrote:
Are all your wiki on the same domain (as subdomains or subdirectories) or separate domains?
separate domains, in part because they are different languages (en, de, fr, si).
Gregor
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
So example.com, example.de, example.fr, etc?
more: species-id.net, offene-naturführer.de etc.
We don't have any good way to share sessions across domains with a shared user db. I did have an idea for an extension that would fix that as a side effect, but haven't got round to implementing it.
thanks for the answer, a negative is useful here as well.
So our best bet would be: http://www.mediawiki.org/wiki/Extension:CentralAuth = possible but difficult to get running?
Gregor
Gregor Hagedorn wrote:
So example.com, example.de, example.fr, etc?
more: species-id.net, offene-naturführer.de etc.
We don't have any good way to share sessions across domains with a shared user db. I did have an idea for an extension that would fix that as a side effect, but haven't got round to implementing it.
thanks for the answer, a negative is useful here as well.
So our best bet would be: http://www.mediawiki.org/wiki/Extension:CentralAuth = possible but difficult to get running?
Gregor
If you already have a shared user table, you only need session sharing. A piece that IMHO should be rewritten in CentralAuth, so perhaps it should be available as a separated piece. You can see some discussions about it in wikitech recently.
If you already have a shared user table, you only need session sharing. A piece that IMHO should be rewritten in CentralAuth, so perhaps it should be available as a separated piece. You can see some discussions about it in wikitech recently.
that would be brilliant. We have some resources and could contribute to testing and debugging, but we feel not ready to factor the single-sign-on code out of CentralAuth ourselves alone.
Who is interested in this? Maybe in a collaboration it becomes more likely.
Gregor
mediawiki-l@lists.wikimedia.org