MediaWiki extensions manual
SimpleSamlAuth
Release status: unmaintained
Implementation Page action , User rights
Description Enables SAML authentication using SimpleSAMLphp
Author(s) Jørn de Jong (Nordyorntalk)
Latest version 0.8 (2017-06-03)
MediaWiki 1.15+
PHP 5.3+
Database changes No
License GNU Lesser General Public License 3.0
Download

GitHub:

Note:
No localisation updates are
provided by translatewiki.net .


README
Changelog
Parameters
  • $wgSamlRequirement
  • $wgSamlCreateUser
  • $wgSamlAuthSource
  • $wgSamlSspRoot
  • $wgSamlPostLogoutRedirect
  • $wgSamlGroupMap
  • $wgSamlUsernameAttr
  • $wgSamlRealnameAttr
  • $wgSamlMailAttr
Hooks used
  • UserLoadFromSession
  • GetPreferences
  • SpecialPage_initList
  • UserLoginForm
  • UserLogoutComplete
  • PersonalUrls
  • MediaWikiPerformAction
  • ArticleFromTitle

The SimpleSamlAuth extension enables SAML authentication using SimpleSAMLphp.

Installation

This is the management summary; see README.md for more information.

1) Install simpleSamlPhp and make sure the www folder is available from the same vhost MediaWiki is installed on (e.g. on /simplesaml).

simpleSamlPhp cannot be configured to use phpession for store.type, since this is not compatible with MediaWiki's session management framework.

2) Configure simpleSamlPhp.

3) Clone mwSimpleSamlAuth to extensions/SimpleSamlAuth.

cd extensions
git clone https://github.com/jornane/mwSimpleSamlAuth.git SimpleSamlAuth -b v0.8
cd SimpleSamlAuth

or upgrade

cd extensions/SimpleSamlAuth
git pull --tags origin tags/v0.8
git checkout tags/v0.8

4) Add configuration to LocalSettings.php and change configuration values:

require_once "$IP/extensions/SimpleSamlAuth/SimpleSamlAuth.php";
// make sure that session storage matches to the one used in simplesaml most likely default PHPSESSID
$wgSessionName = "PHPSESSID"; 
// SAML_OPTIONAL // SAML_LOGIN_ONLY // SAML_REQUIRED //
$wgSamlRequirement = SAML_OPTIONAL;
// Should users be created if they don't exist in the database yet?
$wgSamlCreateUser = false;

// SAML attributes
$wgSamlUsernameAttr = 'uid';
$wgSamlRealnameAttr = 'cn';
$wgSamlMailAttr = 'mail';

// SimpleSamlPhp settings
$wgSamlSspRoot = '/usr/share/simplesamlphp';
$wgSamlAuthSource = 'default-sp';
$wgSamlPostLogoutRedirect = NULL;

// Array: [MediaWiki group][SAML attribute name][SAML expected value]
// If the SAML assertion matches, the user is added to the MediaWiki group
$wgSamlGroupMap = array(
	'sysop' => array(
		'groups' => array('admin'),
	),
);

Stability

This extension runs without problems in production environments, but can use some extra testing. Because of this the extension is still set on beta. A Stable version will be released as 1.0 ASAP.

If you encounter any problems, you are welcome to submit a bug report.

Important 

If you run MediaWiki 1.27 or newer, SimpleSamlPhp MUST be configured to use an alternative session handler. If this is not done, SAML authentication succeeds, but MediaWiki still shows that nobody is logged in. Please refer to the SimpleSamlPhp website on how to configure SimpleSamlPhp for session storage.

See also

This article is issued from Mediawiki. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.