RestAuth (MediaWiki Extension): Unterschied zwischen den Versionen

Aus Free Software
Zur Navigation springen Zur Suche springen
Zeile 55: Zeile 55:
 
===== MediaWiki 1.16.2 or earlier =====
 
===== MediaWiki 1.16.2 or earlier =====
 
MediaWiki 1.16.2 or earlier does not have the Hooks required to synchronize local groups to the RestAuth service. Please apply the patch included in the 1.16.0 branch. You can also fetch the patch [http://git.fsinf.at/restauth/mediawiki/blobs/raw/1.16.0/GroupHooks.patch directly].
 
MediaWiki 1.16.2 or earlier does not have the Hooks required to synchronize local groups to the RestAuth service. Please apply the patch included in the 1.16.0 branch. You can also fetch the patch [http://git.fsinf.at/restauth/mediawiki/blobs/raw/1.16.0/GroupHooks.patch directly].
 +
 +
=== Migrating old Wikis ===
 +
 +
 +
=== Configure RestAuth server ===
 +
The RestAuth server needs to know about each wiki using it. You ''can'' share the servicename and password among several wikis, but in order to improve logging and security, it is recommended, to configure individual servicenames and passwords for each wiki.
 +
 +
The exact details of the configuration depend on the server implementation, but since there currently is only one, here are instructions on how to add a service. The example below assumes that your wiki runs on wiki.example.com and connects to the authentication server on 192.168.0.2:
 +
# add service to authentication server
 +
root@auth ~ # restauth-service add wiki.example.com 192.168.0.2
 +
password: <enter password here>
 +
confirm: <confirm>
 +
# add standard groups:
 +
root@auth ~ # restauth-groups --service=wiki.example.com add sysop
 +
root@auth ~ # restauth-groups --service=wiki.example.com add bureaucrat
 +
# every bureaucrat is automatically a sysop:
 +
root@auth ~ # restauth-groups --service=wiki.example.com --child-service=wiki.example.com add-group bureaucrat sysop
 +
# jane is a bureaucrat and thus (see above) automatically a sysop:
 +
root@auth ~ # restauth-groups --service=wiki.example.com add-user bureaucrat jane
 +
# joe is 'only' a sysop:
 +
root@auth ~ # restauth-groups --service=wiki.example.com add-user sysop joe
  
 
=== How synchronization works ===
 
=== How synchronization works ===

Version vom 17. März 2011, 22:30 Uhr

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
RestAuth

Release status: stable

Implementation User identity, User rights
Description This allows MediaWiki to authenticate against the RestAuth shared authentication service.
Author(s) Mathias Ertl (Mati talk)
Version 0.9 (2011-03-16)
MediaWiki 1.16.3 or later
License GPL v3 or any later version.
Download see Download
Documentation
Changelog
Parameters $wgRestAuthHost, $wgRestAuthService, $wgRestAuthServicePassword, $wgRestAuthRefresh, $wgRestAuthGlobalOptions, $wgRestAuthIgnoredOptions
Example see Example
Hooks used

UserAddGroup
UserRemoveGroup
UserSaveSettings
UserSaveOptions
BeforeInitialize

The RestAuth MediaWiki extension integrates MediaWiki with the RestAuth project. It uses all features of the RestAuth protocol (authentication, authorization and preferences).

Download

The source code of this extension was hosted on git.fsinf.at, a project no longer maintained. Since this extension was so old, the git repository was not transfered to any other repository and the source code is no longer available.

Installation & Configuration

After downloading the extension, you need to include RestAuth.php in your LocalSettings.php file and set a few required settings:

require_once( "$IP/extensions/RestAuth/RestAuth.php" );

# RestAuth service details:
$wgRestAuthHost = 'https://auth.example.com';
$wgRestAuthService = 'example.com';
$wgRestAuthServicePassword = 'random-password';

# Needs to be *after* the settings above:
$wgAuth = new RestAuthPlugin();

# Optional Settings:

# How often do you want to update settings from the shared authentication server:
#$wgRestAuthRefresh = 360;

# You can add MediaWiki settings here so they are saved as global option and may be used by other systems. By default, language, real name, email and email_confirmed are synchronized to global settings:
#$wgRestAuthGlobalOptions['some setting'] = true;

# If you want the plugin to completely ignore some settings, you can add them here. By default, only the watchlist token is ignored.
#$wgRestAuthIgnoredOptions[] = 'ignored setting';
MediaWiki 1.16.2 or earlier

MediaWiki 1.16.2 or earlier does not have the Hooks required to synchronize local groups to the RestAuth service. Please apply the patch included in the 1.16.0 branch. You can also fetch the patch directly.

Migrating old Wikis

Configure RestAuth server

The RestAuth server needs to know about each wiki using it. You can share the servicename and password among several wikis, but in order to improve logging and security, it is recommended, to configure individual servicenames and passwords for each wiki.

The exact details of the configuration depend on the server implementation, but since there currently is only one, here are instructions on how to add a service. The example below assumes that your wiki runs on wiki.example.com and connects to the authentication server on 192.168.0.2:

# add service to authentication server
root@auth ~ # restauth-service add wiki.example.com 192.168.0.2
password: <enter password here>
confirm: <confirm>
# add standard groups:
root@auth ~ # restauth-groups --service=wiki.example.com add sysop
root@auth ~ # restauth-groups --service=wiki.example.com add bureaucrat
# every bureaucrat is automatically a sysop:
root@auth ~ # restauth-groups --service=wiki.example.com --child-service=wiki.example.com add-group bureaucrat sysop 
# jane is a bureaucrat and thus (see above) automatically a sysop:
root@auth ~ # restauth-groups --service=wiki.example.com add-user bureaucrat jane
# joe is 'only' a sysop:
root@auth ~ # restauth-groups --service=wiki.example.com add-user sysop joe

How synchronization works

Passwords

If the user sets a new password in MediaWiki, the new passwords is sent immediately to the RestAuth server. This means that the change takes immediate effect in all services that use RestAuth (unless the other service uses some sort of cache on its own). This also means that it is impossible to login if the RestAuth server is not available.

Groups & Preferences

Groups and Preferences are refreshed upon login, when viewing Special:Preferences or five minutes after the last refresh. The latter interval can be configured using $wgRestAuthRefresh.

Example

This Wiki is one of the Wikis that uses our own RestAuth server. Feel free to create an account here and then log in at, for example, vowi.fsinf.at.

Try updating preferences in this Wiki (try setting real name, email address or column width). All your preferences and groups are saved on the RestAuth server. The MediaWiki plugin updates preferences every five minutes by default (see $wgRestAuthRefresh above), so it will take a little while for your preferences to become visible in another wiki. If you logout and login again or view the preferences page, all your settings are immediately synchronized.

Changelog

0.9
  • first version documented here.

ToDo

  • Nothing on the ToDo pile right now.

Licence

GPL v3 or any later version.