hi, I have read both of the link: http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension http://www.mediawiki.org/wiki/Extension:CASAuthentication
But unfortunately, I havnt found the code you said... It seems like these extensions are use hook to implentment user authencation? In my own myapi.php, how can a hook work? The code below is a breif overview of the myapi.php: <?php $data = $_POST['data']; // call a function to decode the data with a secret key. The result is in $get
$action = $get['action']; if($action == 'login'){ $uid = $get['uid']; // I must do something here to make mediawiki login. echo 1; } elseif($action == 'logout'){ //I must do something here to make mediawiki logout. echo 1; } else{ echo 0; } ?>
When user is logged in other application, the central auth system would access this myapi.php with data. Thx!!
------------------ Bear 2010-08-12
------------------------------------------------------------- From:Lane, Ryan Send Date:2010-08-12 22:48:05 To:Wikimedia developers CC: Subject:Re: [Wikitech-l] How to login a user without password?
X-Uidl: GmailId12a66c5ad00f6f23&&pop.gmail.com Delivered-To: jilingshu@gmail.com Received: by 10.150.43.19 with SMTP id q19cs108796ybq; Thu, 12 Aug 2010 07:48:05 -0700 (PDT) Received: by 10.213.104.211 with SMTP id q19mr353520ebo.45.1281624485062; Thu, 12 Aug 2010 07:48:05 -0700 (PDT) Return-Path: wikitech-l-bounces@lists.wikimedia.org Received: from lists.wikimedia.org (lists.wikimedia.org [91.198.174.5]) by mx.google.com with ESMTP id b4si3903961eei.56.2010.08.12.07.48.04; Thu, 12 Aug 2010 07:48:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of wikitech-l-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) client-ip=91.198.174.5; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of wikitech-l-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) smtp.mail=wikitech-l-bounces@lists.wikimedia.org Received: from localhost ([127.0.0.1]:33140 helo=lily.esams.wikimedia.org) by lily.knams.wikimedia.org with esmtp (Exim 4.69) (envelope-from wikitech-l-bounces@lists.wikimedia.org) id 1OjZ4X-0005WX-MA; Thu, 12 Aug 2010 14:47:57 +0000 Received: from navofw.navo.navy.mil ([128.160.199.100]:59490 helo=ocean2.ocean.navo.navy.mil) by lily.knams.wikimedia.org with esmtp (Exim 4.69) (envelope-from Ryan.Lane@ocean.navo.navy.mil) id 1OjZ4T-0005Vg-5P for wikitech-l@lists.wikimedia.org; Thu, 12 Aug 2010 14:47:53 +0000 Received: from Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) by Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) with mapi; Thu, 12 Aug 2010 09:47:52 -0500 From: "Lane, Ryan" Ryan.Lane@ocean.navo.navy.mil To: Wikimedia developers wikitech-l@lists.wikimedia.org Thread-Topic: [Wikitech-l] How to login a user without password? Thread-Index: AQHLObie6u3yp2mSrUKST4Z+Ta89aZLd5PgcgAABKCA= Date: Thu, 12 Aug 2010 14:47:51 +0000 Message-ID: 7FF208A2F1E6004D8F7BDC10A103C34A35C535@Ocean2.ocean.navo.navy.mil References: 201008120850417622420@Gmail.com, 201008121837568563457@Gmail.com 201008122237582572914@Gmail.com In-Reply-To: 201008122237582572914@Gmail.com Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.9 Subject: Re: [Wikitech-l] How to login a user without password? X-BeenThere: wikitech-l@lists.wikimedia.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Wikimedia developers wikitech-l@lists.wikimedia.org List-Id: Wikimedia developers <wikitech-l.lists.wikimedia.org> List-Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikitech-l, mailto:wikitech-l-request@lists.wikimedia.org?subject=unsubscribe List-Archive: http://lists.wikimedia.org/pipermail/wikitech-l List-Post: mailto:wikitech-l@lists.wikimedia.org List-Help: mailto:wikitech-l-request@lists.wikimedia.org?subject=help List-Subscribe: https://lists.wikimedia.org/mailman/listinfo/wikitech-l, mailto:wikitech-l-request@lists.wikimedia.org?subject=subscribe Content-Type: multipart/mixed; boundary="===============8180891937508425267==" Mime-version: 1.0 Sender: wikitech-l-bounces@lists.wikimedia.org Errors-To: wikitech-l-bounces@lists.wikimedia.org
--===============8180891937508425267== Content-Language: en-US Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_007D_01CB3A03.69598B20"
------=_NextPart_000_007D_01CB3A03.69598B20 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
I am very very thankful you can supply me such rich information. I have read them carefully and found they are not comfort my situation. The Central Auth System I use is not developed by me. So I must do my project in its framework. When one user login in a application such like a forum, the forum would ask the central auth system if the username and password which supplied by user is match. When this is okay, it would call a function which provided by this central auth system. This function will access the myapi.php in each applications which configured with this central auth system and pass User_ID by POST. So I have to write a myapi.php for mediawiki to create a session with the uid it supplied. I am not good at English and I hope you can understand my meanning. thx!
Ok. I understand the requirement now. Note that the last extension I linked to has code that creates a session for a user. You can use it as an example. It also has an example of creating a user in the database, which you'll need to do as well.
Note that this sounds like a really insecure system if done improperly. I hope the central auth server has some way of authenticating that POST request, or anyone would be able to grant themselves a session.
V/r,
Ryan Lane
------=_NextPart_000_007D_01CB3A03.69598B20--
--===============8180891937508425267== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l --===============8180891937508425267==--