I recently set up a large collection of web apps with an ldap directory
backend - included in this was phpBB and MediaWiki. However, I didn't get
the single sign-on bit of it working, neither was it one of my original
targets.
2009/4/16 Paul C Lustgarten <plus(a)research.att.com>
On Apr 15, 2009, at 7:15 PM, Platonides wrote:
Schiz0 wrote:
Hey,
I run a members-only forum. I'm in the process of adding a Wiki to
the
site, and I'd like to restrict the wiki to only members logged into
the forum. Would there be any problems to adding session_start() to
the top of the wiki's index.php (as well as some checks to validate
the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members
to be able to view, edit, or register an account on the wiki at all,
so I don't see how I would be able to do this using the Wiki
settings.
Thanks for all suggestions.
Use an Auth plugin to get the credentials from the forum. Then
restrict
view and edits to the user group.
Sounds to me like you'll need to create that Auth plugin on your own,
vs. being able to find an existing one that would fit your needs. I
just
did a related round of work linking my wiki into our corporate
authentication
& single-signon service, from which I would suggest you look in
particular
at the UserLoadFromSession hook and the associated talk page.
One aspect that you'll need to think about, if you haven't already, is
whether your members will have an actual wiki account. I decided
that my users would (and recommend the same for you), so all the
normal wiki preference settings & such work & are retained as
expected, but I made the account creation totally automatic and
mostly invisible to them - it simply happens on their first visit.
(I've left some notes on this point at the talk page ref'd above.)
And then I use the wiki's own session structure, as well, with a
relatively short time out (hours, not days), so the interaction with
the external auth service (or even their cookies) only occurs on
their first visit in a given span of time, after which it continues
the same as if they had signed in through the wiki's native login
process. (And non-logged in visitors aren't allowed - use the
regular wiki access controls for that.)
HTH,
Paul
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
Regards,
Simon Walker
User:Stwalkerster on all public Wikimedia Foundation wikis
Administrator on the English Wikipedia
Developer of Helpmebot and the ACC tool