SimpleSAMLphp integration with mediaWiki

[pxh]

Hi -

I've been working on a slightly different MediaWiki integration than
the one here https://ow.feide.no/simplesamlphp:mediawiki - it's based
on a SpecialPages plugin/extension that is only triggered when a
particular SpecialPage is visited. If there is any interest, then I
can package it up, but as it stands I don't have a proper place for it
to have a home.

Cheers,
Piers Harding.

[pxh]

Further to my previous post about a new (different style of
integration) plugin for MediaWiki I've published it at
http://www.mediawiki.org/wiki/Extension:SAMLAuth for those who maybe
interested.

The basic approach is to create a Special:SAMLAuth page that isolates
SAML based authentication from existing forms of MediaWiki
authentication so that they can all play together.

Cheers,
Piers Harding.

On Oct 28, 7:54 am, pxh <piers.hard...@gmail.com> wrote:
> Hi -
>
> I've been working on a slightly different MediaWiki integration than

> the one herehttps://ow.feide.no/simplesamlphp:mediawiki- it's based

[François Kooman]

pxh wrote:
> The basic approach is to create a Special:SAMLAuth page that isolates
> SAML based authentication from existing forms of MediaWiki
> authentication so that they can all play together.

My approach has been to use
http://www.mediawiki.org/wiki/Extension:CASAuthentication as a template.
This way the extension becomes very simple (although it does replace
all authentication with just simpleSAMLphp). It is still work in
progress, but it works with latest MediaWiki (1.15) and simpleSAMLphp 1.5.

I don't know yet how to deal with the password, as it seems to be not
relevant when authentication is (always) done using simpleSAMLphp.

README:
========================================================================
Copy the file simpleSAMLphpAuth.php to
"extensions/simpleSAMLphpAuth/simpleSAMLphpAuth.php".

Change the configuration settings in the file (e.g. path to simpleSAMLphp).

In LocalSettings.php:

$wgSimpleSAMLphpAuth = array(
"path" => "/var/www/simplesamlphp",
"authId" => "mediawiki-sp",
"CreateAccounts" => true,
"PwdSecret" => "a random string of letters",
"RememberMe" => true,
"AttrUser" =>
'urn:mace:dir:attribute-def:eduPersonPrincipalName',
"AttrGn" => 'urn:mace:dir:attribute-def:givenName',
"AttrSn" => 'urn:mace:dir:attribute-def:sn',
"AttrMail" => 'urn:mace:dir:attribute-def:mail',
);
require_once("$IP/extensions/simpleSAMLphpAuth/simpleSAMLphpAuth.php");

EITHER

The session name needs to be modified to be the same as the one used by
simpleSAMLphp. By default this is PHPSESSID.

Add this to LocalSettings.php:

# Configuration for simpleSAMLphp
$wgSessionName = "PHPSESSID";

OR

In the simpleSAMLphp configuration, file "config/config.php", set
"session.phpsession.cookiename" to "mediawiki_mw__session". WARNING:
this is a GLOBAL setting.
========================================================================

Fran�ois