Shibboleth SP part 4 (MediaWiki Configuration)
Integrating Shibboleth login with Mediawiki
Installation
- This extension will not create a new user if the user is not exist, the mediawiki user must be created first before they can login using shibboleth, if the user is not exist, the mediawiki will report an error after the user authenticated with shibboleth.
- Create file ShibAuthPlugin.php in mediawiki extensions directory, and put the code like in this link.
- Create file wiki_login.php in mediawiki root directory, and put the code like in this link, and add header("Location: /Shibboleth.sso/Logout"); so the code looks like the following:
if(isset($_REQUEST['logout']))
{
$obj_user = new User();
$obj_user->logout();
header("Location: /Shibboleth.sso/Logout");
}
- For mediawiki lower than 1.13 version change in both files this directive:
specials/SpecialUserlogin.php to SpecialUserlogin.php
- and in file ShibAuthPlugin.php change this line:
ShibUserLoadFromSession($user, true); to ShibUserLoadFromSession($user, $result); above line is a hack for mediawiki prior 1.13 version, that hack is work but need to refresh the browser after login via shibboleth.
Configuration
Configure LocalSettings.php and add the following code:require_once('extensions/ShibAuthPlugin.php');
$shib_WAYF = "Login";
$shib_WAYFStyle = "";
$shib_Https = true;
$shib_LoginHint = "Shibboleth Login";
$shib_AssertionConsumerServiceURL = "/Shibboleth.sso";
// prevent errors reported because the variable not defined yet
if (!isSet($_SERVER['fn']))$_SERVER['fn']="aaaa";
if (!isSet($_SERVER['mail']))$_SERVER['mail']="bbbb";
if (!isSet($_SERVER['uid']))$_SERVER['uid']="";
$shib_RN = ucfirst(strtolower($_SERVER['fn']));
$shib_email = $_SERVER['mail'];
// enable this to update mediawiki data using Shibboleth attribute
#$wgHooks['ShibUpdateUser'][] = 'ShibUpdateTheUser';
#function ShibUpdateTheUser($existing, &$user) {
# global $shib_email;
# global $shib_RN;
# if (! $existing) {
# if($shib_email != null)
# $user->setEmail($shib_email);
# if($shib_RN != null)
# $user->setRealName($shib_RN);
# }
#}
$shib_UN = strtolower($_SERVER['uid']);
# call the logout script
$shib_logout = "/mediawiki/wiki_login.php?logout=yes";
SetupShibAuth();
apache configuration
- Add the following rule in the apache configuration
AuthType Shibboleth ShibRequireSession Off Require Shibboleth
- Example
<Directory /var/www/https/> Options -Indexes FollowSymLinks -MultiViews AllowOverride None Order allow,deny allow from all AuthType shibboleth Require shibboleth </Directory>
References
Original source from CakePHP Mediawiki :
<?PHP
global $preIP ;
$preIP = dirname( __FILE__ );
apache_setenv('MW_INSTALL_PATH',$preIP);
require_once( "$preIP/includes/WebStart.php" );
#Initialize MediaWiki base class
require_once( "$preIP/includes/Wiki.php" );
include("includes/specials/SpecialUserlogin.php");
include("includes/User.php");
global $wgRequest;
if( session_id() == '' ) {
wfSetupSession();
}
$form = new LoginForm( $wgRequest, NULL );
if(isset($_REQUEST['logout']))
{
$obj_user = new User();
$obj_user->logout();
}
elseif(isset($_GET['wpLoginattempt']) && $_GET['wpLoginattempt']=="Log in")
{
//Login
$form->processLogin();
}
elseif(isset($_GET['wpCreateaccount']) && $_GET['wpCreateaccount']=="Create account")
{
//Create account
$form->addNewAccount();
}
?>
global $preIP ;
$preIP = dirname( __FILE__ );
apache_setenv('MW_INSTALL_PATH',$preIP);
require_once( "$preIP/includes/WebStart.php" );
#Initialize MediaWiki base class
require_once( "$preIP/includes/Wiki.php" );
include("includes/specials/SpecialUserlogin.php");
include("includes/User.php");
global $wgRequest;
if( session_id() == '' ) {
wfSetupSession();
}
$form = new LoginForm( $wgRequest, NULL );
if(isset($_REQUEST['logout']))
{
$obj_user = new User();
$obj_user->logout();
}
elseif(isset($_GET['wpLoginattempt']) && $_GET['wpLoginattempt']=="Log in")
{
//Login
$form->processLogin();
}
elseif(isset($_GET['wpCreateaccount']) && $_GET['wpCreateaccount']=="Create account")
{
//Create account
$form->addNewAccount();
}
?>
Comments