Thanks for the input. As noted, I can't use server variable REMOTE_USER because I'm on a physically different server than where the main site's http auth occurs. So I have to rely on the domain cookie, which stores the username for the main site, that is set by said main site.
So I guess my question is, should there be any inherent problems with trying to assign the username using wiki's external authentication from a cookie, as opposed to REMOTE_USER or LDAP, etc?
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Domas Mituzas Sent: Sunday, January 08, 2006 4:59 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Authentication using existing domain cookie
Hi Justin,
The main site does log users in, and stores their information in a domain-wide cookie. However, to my knowledge, since the sites sit on two physically separate servers, I cannot use the REMOTE_USER authentication hack that is available on mediawiki.org.
So basically, I'm looking for a way for Mediawiki to take the username that is available in the domain-wide cookie and authenticate using that. Has anyone seen an implementation like that or know where I can find out how to do that?
HEAD and 1.5 have ExternalAuth hook, which allows to bind external authentication methods, this is example Auth class I've written as an example (of course, more sophisticated methods can be used..):
--Domas
<?
global $wgHooks;
$wgHooks['AutoAuthenticate'][] = 'AuthServerMagic';
function AuthServerMagic(&$user) {
if ($_SERVER["REMOTE_USER"] == "") { return new User(); }
$user = User::newFromName( $_SERVER["REMOTE_USER"] ); if ( $user->getID() == 0 ) { $user->addToDatabase(); $user->setToken(); } else { /* Should cache some day, I guess :) */ $user->loadFromDatabase(); } return true; }
?>
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l