On Mon, 16 Apr 2007 15:44:47 -0500
"Lane, Ryan" <Ryan.Lane(a)ocean.navo.navy.mil> wrote:
We have
written a MediaWiki extension for Krb5 Single Sign-On
(SSO) that uses our Plexcel PHP extension. I have created an
extension page in the usual way:
http://www.mediawiki.org/wiki/Extension:Plexcel
The extension works great but we had to add the AuthPlugin
initialization to includes/Setup.php. We feel this procedure
is sub-optimal so I would like to explain why this was
necessary hoping that a future version of MediaWiki might
improve this use-case (or at least no break it).
Is it not possible to use the auto-authentication hook, or is the hook
called too late?
I'm not sure about the timing, it might be ok. But I could never figure
out how to set the user's information. I had to make an entirely new
User object and set it to $wgUser. Actually I remember now that that
is why I had to initialize *after* $wgUser = new StubUser; because that
statement would overwrite the $wgUser value.
But let's explore the AutoAuthenticate hook again. If I make a plugin
roughly like the following:
class PlexcelAuth extends AuthPlugin {
function PlexcelAuth() {
// other stuff
$wgHooks['AutoAuthenticate'][] = array($this, 'authenticateSso');
}
function authenticateSso($user) {
// do sso
if (sso_is_successful) {
$user->mName = $acct['sAMAccountName'];
return;
}
}
}
The user's name is never acknowledged. Even though the user is passed
by reference it seems I'm doing something wrong. I'm a lot better at C
than I am at PHP. How am I supposed to be setting the user's information?
Currently, in the non-AutoAuthenticate version I have the following
which is invoked manually from within includes/Setup.php:
function authenticateSso($user) {
// do sso
if (sso_is_successful) {
global $wgUser;
$wgUser = User::newFromName($this->acct['sAMAccountName']);
if ($wgUser->idForName() == 0) {
if (isset($this->acct['mail']))
$wgUser->mEmail = $this->acct['mail'];
if (isset($this->acct['displayName']))
$wgUser->mRealName = $this->acct['displayName'];
$wgUser->addToDatabase();
$wgUser->setToken();
}
plexcel_log(3, 'MediaWiki: SSO successful: ' . $wgUser->getName());
return;
How do I do this using AutoAuthenticate and the supplied user?
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/