Extension:SimpleSamlAuth
This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. |
![]() Release status: unmaintained |
|
---|---|
![]() |
|
Implementation | Page action , User rights |
Description | Enables SAML authentication using SimpleSAMLphp |
Author(s) | Jørn de Jong (Nordyorntalk) |
Latest version | 0.8 (2017-06-03) |
MediaWiki | 1.15+ |
PHP | 5.3+ |
Database changes | No |
License | GNU Lesser General Public License 3.0 |
Download | GitHub: Note: README Changelog |
|
|
The SimpleSamlAuth extension enables SAML authentication using SimpleSAMLphp.
InstallationEdit
This is the management summary; see README.md for more information.
1) Install simpleSamlPhp and make sure the www folder is available from the same vhost MediaWiki is installed on (e.g. on /simplesaml).
3) Clone mwSimpleSamlAuth to extensions/SimpleSamlAuth.
cd extensions
git clone https://github.com/jornane/mwSimpleSamlAuth.git SimpleSamlAuth -b v0.8
cd SimpleSamlAuth
or upgrade
cd extensions/SimpleSamlAuth
git pull --tags origin tags/v0.8
git checkout tags/v0.8
4) Add configuration to LocalSettings.php and change configuration values:
require_once "$IP/extensions/SimpleSamlAuth/SimpleSamlAuth.php";
// make sure that session storage matches to the one used in simplesaml most likely default PHPSESSID
$wgSessionName = "PHPSESSID";
// SAML_OPTIONAL // SAML_LOGIN_ONLY // SAML_REQUIRED //
$wgSamlRequirement = SAML_OPTIONAL;
// Should users be created if they don't exist in the database yet?
$wgSamlCreateUser = false;
// SAML attributes
$wgSamlUsernameAttr = 'uid';
$wgSamlRealnameAttr = 'cn';
$wgSamlMailAttr = 'mail';
// SimpleSamlPhp settings
$wgSamlSspRoot = '/usr/share/simplesamlphp';
$wgSamlAuthSource = 'default-sp';
$wgSamlPostLogoutRedirect = NULL;
// Array: [MediaWiki group][SAML attribute name][SAML expected value]
// If the SAML assertion matches, the user is added to the MediaWiki group
$wgSamlGroupMap = array(
'sysop' => array(
'groups' => array('admin'),
),
);
StabilityEdit
This extension runs without problems in production environments, but can use some extra testing. Because of this the extension is still set on beta. A Stable version will be released as 1.0 ASAP.
If you encounter any problems, you are welcome to submit a bug report.
Important Edit
If you run MediaWiki 1.27 or newer, SimpleSamlPhp MUST be configured to use an alternative session handler. If this is not done, SAML authentication succeeds, but MediaWiki still shows that nobody is logged in. Please refer to the SimpleSamlPhp website on how to configure SimpleSamlPhp for session storage.
See alsoEdit
- Project Github page
- SimpleSAMLphp homepage
- Extension:SimpleSAMLphp — similar extension