hi, I am very very thankful you can supply me such rich information. I have read them carefully and found they are not comfort my situation. The Central Auth System I use is not developed by me. So I must do my project in its framework. When one user login in a application such like a forum, the forum would ask the central auth system if the username and password which supplied by user is match. When this is okay, it would call a function which provided by this central auth system. This function will access the myapi.php in each applications which configured with this central auth system and pass User_ID by POST. So I have to write a myapi.php for mediawiki to create a session with the uid it supplied. I am not good at English and I hope you can understand my meanning. thx!
--------------- Bear 2010-08-12
------------------------------------------------------------- From:Lane, Ryan Send Date:2010-08-12 21:54:21 To:Wikimedia developers CC: Subject:Re: [Wikitech-l] How to login a user without password?
X-Uidl: GmailId12a6694788dbab50&&pop.gmail.com Delivered-To: jilingshu@gmail.com Received: by 10.150.43.19 with SMTP id q19cs106381ybq; Thu, 12 Aug 2010 06:54:21 -0700 (PDT) Received: by 10.213.40.75 with SMTP id j11mr7270999ebe.28.1281621260676; Thu, 12 Aug 2010 06:54:20 -0700 (PDT) Return-Path: wikitech-l-bounces@lists.wikimedia.org Received: from lists.wikimedia.org (lists.wikimedia.org [91.198.174.5]) by mx.google.com with ESMTP id b60si3757558eei.69.2010.08.12.06.54.19; Thu, 12 Aug 2010 06:54:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of wikitech-l-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) client-ip=91.198.174.5; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of wikitech-l-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) smtp.mail=wikitech-l-bounces@lists.wikimedia.org Received: from localhost ([127.0.0.1]:57644 helo=lily.esams.wikimedia.org) by lily.knams.wikimedia.org with esmtp (Exim 4.69) (envelope-from wikitech-l-bounces@lists.wikimedia.org) id 1OjYEU-00063Q-L2; Thu, 12 Aug 2010 13:54:11 +0000 Received: from navofw.navo.navy.mil ([128.160.199.100]:14750 helo=ocean2.ocean.navo.navy.mil) by lily.knams.wikimedia.org with esmtp (Exim 4.69) (envelope-from Ryan.Lane@ocean.navo.navy.mil) id 1OjYEO-00061E-Uj for wikitech-l@lists.wikimedia.org; Thu, 12 Aug 2010 13:54:06 +0000 Received: from Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) by Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) with mapi; Thu, 12 Aug 2010 08:54:01 -0500 From: "Lane, Ryan" Ryan.Lane@ocean.navo.navy.mil To: Wikimedia developers wikitech-l@lists.wikimedia.org Thread-Topic: [Wikitech-l] How to login a user without password? Thread-Index: AQHLObie6u3yp2mSrUKST4Z+Ta89aZLdoc8FgAAznNA= Date: Thu, 12 Aug 2010 13:54:00 +0000 Message-ID: 7FF208A2F1E6004D8F7BDC10A103C34A35C357@Ocean2.ocean.navo.navy.mil References: 201008120850417622420@Gmail.com 201008121837568563457@Gmail.com In-Reply-To: 201008121837568563457@Gmail.com Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.9 Subject: Re: [Wikitech-l] How to login a user without password? X-BeenThere: wikitech-l@lists.wikimedia.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Wikimedia developers wikitech-l@lists.wikimedia.org List-Id: Wikimedia developers <wikitech-l.lists.wikimedia.org> List-Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikitech-l, mailto:wikitech-l-request@lists.wikimedia.org?subject=unsubscribe List-Archive: http://lists.wikimedia.org/pipermail/wikitech-l List-Post: mailto:wikitech-l@lists.wikimedia.org List-Help: mailto:wikitech-l-request@lists.wikimedia.org?subject=help List-Subscribe: https://lists.wikimedia.org/mailman/listinfo/wikitech-l, mailto:wikitech-l-request@lists.wikimedia.org?subject=subscribe Content-Type: multipart/mixed; boundary="===============9179145024861882871==" Mime-version: 1.0 Sender: wikitech-l-bounces@lists.wikimedia.org Errors-To: wikitech-l-bounces@lists.wikimedia.org
--===============9179145024861882871== Content-Language: en-US Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0073_01CB39FB.E5B303C0"
------=_NextPart_000_0073_01CB39FB.E5B303C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
I am very thankful you can reply me, but your solution looks not comfort me. I am using a Central Auth System to manage all user authcation. So when user are authenticated by this system, they should be logged in Mediawiki automatically. The system would access a .php file in Mediawiki such like http://wiki.xxxxx.org/myapi.org . So I must use this file to set mediawiki session. Could you tell me how to do? thx!
Does your central system require you to access a php file like that, or is this an arbitrary requirement that you believe you need? If this isn't really a requirement, you'll want to write an auto-authentication plugin that verifies the credentials from the central system, and creates a session in MediaWiki. This plugin should also create users when they access the wiki as well.
Here's an example of an auto-authentication plugin:
http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/LdapAuthenticatio n/LdapAutoAuthentication.php?view=markup
This plugin assumes you have a regular authentication plugin doing something as well. Here's one that is standalone:
http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
Note that in both of these, the user is assumed to have already logged into the central authentication system, and the web server is handling the actual authentication. Here's an extension that changes the login and logout links to redirect to the central system (warning, it is CDDL licensed, which is incompatible with the GPL!):
http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension
Respectfully,
Ryan Lane
------=_NextPart_000_0073_01CB39FB.E5B303C0--
--===============9179145024861882871== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l --===============9179145024861882871==--