I recently set up a large collection of web apps with an ldap directory backend - included in this was phpBB and MediaWiki. However, I didn't get the single sign-on bit of it working, neither was it one of my original targets.
2009/4/16 Paul C Lustgarten plus@research.att.com
On Apr 15, 2009, at 7:15 PM, Platonides wrote:
Schiz0 wrote:
Hey,
I run a members-only forum. I'm in the process of adding a Wiki to the site, and I'd like to restrict the wiki to only members logged into the forum. Would there be any problems to adding session_start() to the top of the wiki's index.php (as well as some checks to validate the session cookie from the forum)?
What would be the best way to restrict this? I don't want non-members to be able to view, edit, or register an account on the wiki at all, so I don't see how I would be able to do this using the Wiki settings.
Thanks for all suggestions.
Use an Auth plugin to get the credentials from the forum. Then restrict view and edits to the user group.
Sounds to me like you'll need to create that Auth plugin on your own, vs. being able to find an existing one that would fit your needs. I just did a related round of work linking my wiki into our corporate authentication & single-signon service, from which I would suggest you look in particular at the UserLoadFromSession hook and the associated talk page.
One aspect that you'll need to think about, if you haven't already, is whether your members will have an actual wiki account. I decided that my users would (and recommend the same for you), so all the normal wiki preference settings & such work & are retained as expected, but I made the account creation totally automatic and mostly invisible to them - it simply happens on their first visit. (I've left some notes on this point at the talk page ref'd above.)
And then I use the wiki's own session structure, as well, with a relatively short time out (hours, not days), so the interaction with the external auth service (or even their cookies) only occurs on their first visit in a given span of time, after which it continues the same as if they had signed in through the wiki's native login process. (And non-logged in visitors aren't allowed - use the regular wiki access controls for that.)
HTH, Paul
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l