Hello,
We have a CentOS 7 server running Mediawiki 1.24.1, Apache 2.4.6, PHP
5.4.16, Shibboleth (SP) 2.5.3 and fast CGI 2.3.9. We are also using the
mediawiki shibboleth extension fork taken from github.
Unfortunately putting it all together is proving a problem. The
Shibboleth SP code seems to be working fine with our IdP in that we can
see that a user is authenticated, and the relevant attributes returned
by the IdP. The SP code sets the users userid in the Apache REMOTE_USER
variable. (The SP session shows this.)
The problem is that the shibboleth extension seems to always see the
user as being logged in (wgUser is set and isLoggedIn() returns true)
but with the shib_UN variable unset. So it logs the user out (which in
turn has mediawiki send them back to the login page (we don't allow
anonymous access)). By putting some debug statements in the extension we
can see that the above is happening.
Looking at the Apache logs seems to indicate that the REMOTE_USER
variable is set (we see the users userid being logged), but when the
user is redirected then the userid/REMOTE_USER value is lost.
So, my question is has anyone got this combination working at all? I
have tried setting shib_UN to '$_SERVER['REDIRECT_REMOTE_USER']' but
that made no difference. If I set it explicitly to my own userid, then
everything works fine. I can log in, see the main wiki page, edit things
etc, and then logout. So it seems that basically everything is working,
except for the fact that REMOTE_USER is becoming unset somewhere.
Anyone any ideas about this?
Thanks,
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK