Re: [Mediawiki-l] plexcel SSO and/or mediawiki issue

On Mon, Oct 13, 2008 at 10:48 PM, Sam Ami &lt;persip(a)gmail.com&gt; wrote: Hi Sam, First, since the Plexcel PHP extension is a commercial product you should contact IOPLEX Software support directly in the future. Even if you're just using the < 25 users for free we're happy to help. However, I will reply here for this message. ANSWER: Log off of the workstation and back on. That'll fix it. Whenever you add (or remove) someone from a Windows group, that someone must logoff and back on to reinitialize their security token (although in the case of Plexcel, technically you can achieve the same effect by purging your Kerberos tickets using kerbtray.exe). If SSO is used, there is no communication with the domain controller. Groups are extracted directly from the Kerberos ticket. So you must refresh that ticket whenever you make changes to group memberships. Windows has always been that way and it's actually very important for performance reasons. This is why Plexcel access checks are so fast. Also, because the MW groups are only updated when the user's HTTP session is initialized, you will also need to logoff and back on to MW. Of course if the user logs out of their workstation they will have also restarted their browser which will have reinitialized their HTTP session but I'm adding this bit for the benefit of *nix users who might be using kinit with Firefox and such. Finally, make sure the groups you are entering into LocalSettings.php are resolving properly. Whenever you make changes to LocalSettings.php regarding Plexcel you should always tail -f plexcel.log for a while. If a group name is not found you will see an error to that effect in the log file. See the Plexcel MediaWiki Plugin Manual for details. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/