I have read both of the link: http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension http://www.mediawiki.org/wiki/Extension:CASAuthentication
But unfortunately, I havnt found the code you said... It seems like these extensions are use hook to implentment user authencation? In my own myapi.php, how can a hook work? The code below is a breif overview of the myapi.php:
<?php $data = $_POST['data']; // call a function to decode the data with a secret key. The result is in $get $action = $get['action']; if($action == 'login'){ $uid = $get['uid']; // I must do something here to make mediawiki login. echo 1; } elseif($action == 'logout'){ //I must do something here to make mediawiki logout. echo 1; } else{ echo 0; } ?>
When user is logged in other application, the central auth system would access this myapi.php with data.
I'd use the webserver to alias "/myapi.php" to "/index.php?title=Special:Userlogin"; then use the above methods. The central authentication system will still think it is hitting "/myapi.php", but will instead send its data to your extension. Since your extension is going through index.php, the hooks will be called, and the globals needed will exist.
Respectfully,
Ryan Lane