Open main menu

Extension:QISSingleSignOn

MediaWiki extensions manual
OOjs UI icon advanced.svg
QISSingleSignOn
Release status: stable
Implementation User identity
Description Single Sign On from HISQIS-Portal
Author(s) Hendrik Brummermanntalk
Latest version 0.4 (2008-09-12)
MediaWiki 1.13+
Database changes No
License CC BY / GPL
Download SourceForge
  • $wgAuthQISSingleSignOnSharedSecret
  • $wgAuthQISSingleSignOnService
Translate the QISSingleSignOn extension if it is available at translatewiki.net
Check usage and version matrix.

The QISSingleSignOn extensions coordinates user authentication with a HISQIS or HISinOne portal (HISQIS and HISinOne are used by many German universities to offer campus services).

InstallationEdit

  • Download and place the file(s) in a directory called QISSingleSignOn in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    require_once "$IP/extensions/QISSingleSignOn/QISSingleSignOn.php";
    $wgAuthQISSingleSignOnSharedSecret = 'kahC1oo3pieg6FaekEhou1aipEivae4fe'; // replace with random characters
    $wgAuthQISSingleSignOnService = 'wiki';
    $wgAuth = new QISSingleSignOn();
    
  •   Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Linking the authentication server and MediaWikiEdit

Create a link to http://example.com/mediawiki/index.php/Main_Page?qisssotoken=1.0/1115814654/wik/schmidt/d1bf93299de1b68e6d382c893bf1215f

In this example Main_Page is the name of the page you want to link to and qissotoken is the authentication token described below.

Details On The Required TokenEdit

The token look lines this (without spaces): 

  1.0   / 1115814654 /   wiki     / schmidt / d1bf93299de1b68e6d382c893bf1215f
version /   time     / service    /  user   /            hash

The second parameter is is the token creation time measured in the number of seconds since the Unix Epoch (0:00:00 January 1, 1970 GMT). 

The third token is the name of the destination service as configured in the $wgAuthQISSingleSignOnService option in your LocalSettings.php. 

The forth token is the user name. 

A shared secret is added to theses parameters and the md5 hash is calculated. This hash is used to verify the the token has not been manipulated or forged. The shared secret is only known to the authentication server and your MediaWiki installation ($wgAuthQISSingleSignOnSharedSecret in LocalSettings.php). Without the knowledge of the shared secret it is impossible to calculate the correct hash.

Please note that the separation of user and hash is not the 4th slash but the last one. (The user name may contain '/'-chars).

WeblinksEdit