Extension:SimpleSamlAuth

**MediaWiki extensions manual**
SimpleSamlAuth; Release status: unmaintained
Implementation	Page action, User rights
Description	Enables SAML authentication using SimpleSAMLphp
Author(s)	Jørn de Jong (Nordyorntalk)
Latest version	0.8 (2017-06-03)
MediaWiki	1.15+
PHP	5.3+
Database changes	No
License	GNU Lesser General Public License 3.0
Download	GitHub: project page; git repository URL [help]; commit history; ; Note:; No localisation updates are; provided by translatewiki.net. ; README; Changelog
	Parameters $wgSamlRequirement; $wgSamlCreateUser; $wgSamlAuthSource; $wgSamlSspRoot; $wgSamlPostLogoutRedirect; $wgSamlGroupMap; $wgSamlUsernameAttr; $wgSamlRealnameAttr; $wgSamlMailAttr;
	Hooks used UserLoadFromSession; GetPreferences; SpecialPage_initList; UserLoginForm; UserLogoutComplete; PersonalUrls; MediaWikiPerformAction; ArticleFromTitle;

The SimpleSamlAuth extension enables SAML authentication using SimpleSAMLphp.

InstallationEdit

This is the management summary; see README.md for more information.

1) Install simpleSamlPhp and make sure the www folder is available from the same vhost MediaWiki is installed on (e.g. on /simplesaml).

simpleSamlPhp cannot be configured to use phpession for store.type, since this is not compatible with MediaWiki's session management framework.

2) Configure simpleSamlPhp.

3) Clone mwSimpleSamlAuth to extensions/SimpleSamlAuth.

cd extensions
git clone https://github.com/jornane/mwSimpleSamlAuth.git SimpleSamlAuth -b v0.8
cd SimpleSamlAuth

or upgrade

cd extensions/SimpleSamlAuth
git pull --tags origin tags/v0.8
git checkout tags/v0.8

4) Add configuration to LocalSettings.php and change configuration values:

require_once "$IP/extensions/SimpleSamlAuth/SimpleSamlAuth.php";
// make sure that session storage matches to the one used in simplesaml most likely default PHPSESSID
$wgSessionName = "PHPSESSID"; 
// SAML_OPTIONAL // SAML_LOGIN_ONLY // SAML_REQUIRED //
$wgSamlRequirement = SAML_OPTIONAL;
// Should users be created if they don't exist in the database yet?
$wgSamlCreateUser = false;

// SAML attributes
$wgSamlUsernameAttr = 'uid';
$wgSamlRealnameAttr = 'cn';
$wgSamlMailAttr = 'mail';

// SimpleSamlPhp settings
$wgSamlSspRoot = '/usr/share/simplesamlphp';
$wgSamlAuthSource = 'default-sp';
$wgSamlPostLogoutRedirect = NULL;

// Array: [MediaWiki group][SAML attribute name][SAML expected value]
// If the SAML assertion matches, the user is added to the MediaWiki group
$wgSamlGroupMap = array(
	'sysop' => array(
		'groups' => array('admin'),
	),
);

StabilityEdit

This extension runs without problems in production environments, but can use some extra testing. Because of this the extension is still set on beta. A Stable version will be released as 1.0 ASAP.

If you encounter any problems, you are welcome to submit a bug report.

Important Edit

If you run MediaWiki 1.27 or newer, SimpleSamlPhp MUST be configured to use an alternative session handler. If this is not done, SAML authentication succeeds, but MediaWiki still shows that nobody is logged in. Please refer to the SimpleSamlPhp website on how to configure SimpleSamlPhp for session storage.

SimpleSamlAuth Release status: unmaintained

Implementation	Page action , User rights
Description	Enables SAML authentication using SimpleSAMLphp
Author(s)	Jørn de Jong (Nordyorn^talk)
Latest version	0.8 (2017-06-03)
MediaWiki	1.15+
PHP	5.3+
Database changes	No
License	GNU Lesser General Public License 3.0
Download	GitHub: project page git repository URL ^{[help ]} commit history Note: No localisation updates are provided by translatewiki.net . README Changelog
Parameters $wgSamlRequirement $wgSamlCreateUser $wgSamlAuthSource $wgSamlSspRoot $wgSamlPostLogoutRedirect $wgSamlGroupMap $wgSamlUsernameAttr $wgSamlRealnameAttr $wgSamlMailAttr
Hooks used UserLoadFromSession GetPreferences SpecialPage_initList UserLoginForm UserLogoutComplete PersonalUrls MediaWikiPerformAction ArticleFromTitle

Extension:SimpleSamlAuth

Contents

InstallationEdit

StabilityEdit

Important Edit

See alsoEdit