MediaWiki

Presentation

MediaWiki is a wiki software, used by the well known Wikipedia.

Several extensions allows to configure SSO on MediaWiki:

We will explain how to use the latest: HTTP Auth.

Installation

The HTTP Auth extension is presented here: http://www.mediawiki.org/wiki/Extension:HttpAuth

You can download the code here: http://github.com/oremj/mediawiki-http-auth/downloads

You have to install HttpAuthPlugin.php in the extensions/ directory of your MediaWiki installation:

cp HttpAuthPlugin.php extenstions/

Configuration

MediWiki local configuration

Then edit MediaWiki local settings

vi LocalSettings.php

session_start();
 
$_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
 
if ((!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['REMOTE_USER'])) || $_COOKIE[$wgDBserver . 'UserID']) {
        require_once("$IP/extensions/HttpAuthPlugin.php");
        $wgAuth = new HttpAuthPlugin();
        # For MediaWiki < 1.13
        $wgHooks['AutoAuthenticate'][] = array($wgAuth,'autoAuthenticate');
        # For MediaWiki >= 1.13
        #$wgHooks['UserLoadFromSession'][] = array($wgAuth,'autoAuthenticate');
}

MediaWiki virtual host in Apache

Configure MediaWiki virtual host like other protected virtual host.

<VirtualHost *:80>
       ServerName mediawiki.example.com
 
       PerlHeaderParserHandler Lemonldap::NG::Handler
 
       ...
 
</VirtualHost>

If you are protecting MediaWiki with LL::NG as reverse proxy, convert header into REMOTE_USER environment variable.

MediaWiki virtual host in Manager

Go to the Manager and create a new virtual host for MediaWiki.

Just configure the access rules. You can also add a rule for logout:

Userlogout => logout_sso

If using LL::NG as reverse proxy, configure the Auth-User header, else no headers are needed.