Thanks for replying.
Django actually is already using LDAP for authentication (company LDAP
server, not under my control). In fact, I also have MediaWiki tied into
the same LDAP server.
What I'm trying to avoid is logging into the Django site, clicking to
get to the wiki (which is a part of the overall web site, the Django
piece being the main content part), and having the user log in again
(with exactly the same credentials).
What happened originally is that the Django site had no security while
MediaWiki was read-only to everybody and read/write when you logged in.
Now upper management MUST HAVE security on the Django part, so I was
trying to avoid having people log in twice. This means that MediaWiki
is read-only if user has a certain Django permission and read/write
given another Django permission (which would tie into 'guest' for
read-only and actually authenticated if read/write as far as MediaWiki
is concerned).
On Thu, 2009-06-11 at 16:25 -0500, Lane, Ryan wrote:
I need to have
Django (a python web framework) handle
authentication/authorization instead of MediaWiki doing it (like
normal). This way authentication/authorization is handled in
one place
with a single sign-on.
I've seen many extentions and notes regarding authentication, but none
specifically deal with Django. Before I start seeing what I can
mish-mosh together from all the other information I've found,
I thought
I would ask to see if anybody has already done this.
I'm currently running MediaWiki v1.12.3 and php 5.2.5, but can upgrade
if necessary.
Is your Django application using some specific method of authentication? Is
this a custom built solution for web sso? Why not take a look at some open
standards for web sso? If this is for a corporate environment, use LDAP or use
some type of federated login like SAML or Shibboleth. If this is a
non-corporate environment, look at using OpenID.
Take a look at OpenSSO with OpenDS, it'll do SAML 1/2, Shibboleth, OpenID, and
a few other federation standards. OpenID and Shibboleth both have MediaWiki
plugins available; it is possible to do SAML by using web agents with an HTTP
authentication plugin.
V/r,
Ryan Lane
------=_NextPart_000_0032_01C9EAB1.4048BEB0--
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l --
Adam Stein @ Xerox Corporation Email: adam(a)eng.mc.xerox.com
Disclaimer: Any/All views expressed
here have been proven to be my own. [
http://www.csh.rit.edu/~adam/]