[Mediawiki-l] Unable to CAS-ify mediawiki

Christian C. Schouten info at zark3.net
Fri Jul 16 12:48:26 UTC 2010 

Dear all,

 

I'm trying to casify mediawiki as per instructions on
http://kellinwood.blogspot.com/2009/01/casify-mediawiki-with-phpcas.html

Now, I'm running into a problem that might (or might not?) be what is
mentioned in the user comment at the end of the page (wpLoginToken against
CSRF)

 

Currently, I've been able to get it to the point where CAS is up and
running, connected to an MSAD server, and authenticating properly. Mediawiki
is running fine with local accounts.

When I enable the casifying changes however, mediawiki properly redirects me
to the cas login page, cas properly authenticates me and sends me back to
mediawiki, but mediawiki then is stuck on Special:Userlogin.

Clicking the login link again from the Special:Userlogin page I see only
keeps me there (I am not even redirected to cas).

 

Any thoughts on how this can be fixed are most appreciated.

 

Best, Chris

 

 

PS: I'm using a localized version of MediaWiki, so Special:Userlogin is
called Speciaal:Aanmelden and Special:Userlogout is Speciaal:Afmelden

 

Changes to /etc/apache2/apache2.conf file:

---

Alias /wiki /var/www/mediawiki/index.php

 

<Directory />

RewriteEngine on

RewriteCond %{REQUEST_URI} ^/mediawiki/index.php$

RewriteCond %{QUERY_STRING} ^title=Speciaal:Aanmelden

RewriteCond %{REQUEST_METHOD} ^GET$

RewriteRule ^(.*)$ /mediawiki/login/cas1.php [R,L]

RewriteCond %{REQUEST_URI} ^/mediawiki/index.php$

RewriteCond %{QUERY_STRING} ^title=Speciaal:Afmelden

RewriteCond %{REQUEST_METHOD} ^GET$

RewriteRule ^(.*)$ /mediawiki/login/cas2.php?logout [R,L]

</Directory>

---

 

Changes to LocalSettings.php

---

# CAS

require_once "$IP/extensions/CasAuthentication.php";

$wgAuth = new CasAuthPlugin();

$casServerHostname = 'myserver.mydomain.nl';

$casServerPort = 8443;

$casServiceURI = '/cas';

$wgLoginFormKey = "tU2HfXYkf6jc454SYqke";  // Random key, change this

$wgGroupPermissions ['*']['read']=false;

$wgGroupPermissions ['*']['edit']=false;

$wgGroupPermissions ['*']['createaccount']=false;

$wgWhitelistRead = array("Speciaal:Aanmelden");

---

 

Files extensions/CasAuthentication.php and login/cas1.php and login/cas2.php
are exactly as given on the site linked above.

 

Met vriendelijke groet,

 

Christian C. Schouten

More information about the MediaWiki-l mailing list