Feed on
Posts
Comments

MediaWiki: HttpAuth Plugin

January 29th, 2007 by oremj

Using MediaWiki behind http authetication was always slightly annoying in the past. One would have to:

  1. Login with their htpasswd credentials
  2. Create account if it did not exist already
  3. Login with their wiki credentials
  4. Remember both sets of credentials

This extension reduces the previous four steps into one simple step.

  1. Login with htpasswd credentials

The extension can be downloaded at http://people.mozilla.com/~oremj/HttpAuthPlugin.php and setup instructions at MediaWiki.

9 Responses to “MediaWiki: HttpAuth Plugin”

  1. on 28 Feb 2007 at 1:54 am   Ben Herrick

    Hi Jeremiah,

    I’m having some trouble using your HttpAuthPlugin on the latest version of MediaWiki. I get logged in with no issue, but when I try to edit a page it fails silently on submit.

    I’m using MediaWiki 1.9.3. No error messages are logged anywhere that I can find, the page that I’m editing simply doesn’t change.

    Any idea what this might be?

    Thanks!

    -Ben

  2. on 08 Apr 2007 at 8:28 am   Korbinian Pauli

    Hi Ben,

    I had troubles with the plugin in 1.9.3, too. Htaccess logged in fine, but in mediawiki I was not logged in. So I replaced all PHP_AUTH_USER with REMOTE_USER in HttpAuthPlugin.php and LocalSettings.php. Now everthing works fine.

    Best regards,
    Korbinian

  3. on 10 Aug 2007 at 11:28 am   amg1127

    There is a security hole in the extension.

    Function autoAuthenticate() should ensure the username loaded from session matches the username that was used for HTTP authentication.

    If it doesn’t, a user can get an account that would belong to an other previously authenticated user, because some browsers can clear HTTP authentication data without clearing the cookies.

  4. on 09 Sep 2007 at 10:09 pm   anon

    Hi,

    This plugin will be more flexible, if it also check for REMOTE_USER variable (when PHP_AUTH_USER doesn’t exist), so that it will also work when running php as cgi.

    Just a wishlist to improve the plugin capability :)

  5. on 10 Sep 2007 at 8:23 am   Michael Blodgett

    Hello Jeremiah,
    I’m using MediaWiki 1.11.0rc1 on Centos5.0, I had to add a ‘return 0′ at the end of the autoAuthenticate function in your module. I’m using xradius to do the http auth, everything seem to function correctly.

  6. on 12 Feb 2008 at 12:08 am   Rod

    What Michael said above I added “return true;” as the last line of authAuthenticate. It looks like, if it falls through that far, it means we have authentication.

  7. on 29 May 2008 at 11:57 am   Michael

    Hi Jeremiah,
    Looks like PHP functionality was added to http://people.mozilla.com.
    HttpAuthPlugin.php no longer can be downloaded, returned page is blank.
    Could you rename plugin extension to ‘txt’ or ‘phps’. That should make your script available again.
    Looking forward to using it.
    Thanks

  8. on 29 May 2008 at 12:08 pm   oremj

    Thanks for the heads up. You should be able to download it now.

  9. on 18 Jun 2008 at 3:38 pm   Rainer Seifert

    Hi oremj,

    your HTTPAuth PLugin looks similar to an extention I’m desparetly looking for.

    What I want is:
    Poeple log onto our password protected customer site. From there, there is a link to mediawiki. I would like, that those people get auto logined to the wiki site with the same username. No need to press the login button and type in username and password. They have already done it. Actually they didn’t, they got autologined via our desktop software into our customer web site.

    Is that possible? And can your code be adjusted to that?

    To be honest. I am familiar with PHP. But to adjust your mediawiki extention for my purpose is far too challenging for me. Additionally, I’m willing to pay for your help and support in this subject. Please contact me. You should have my email address.

    Thanks a lot in advance.
    Greetings
    Rainer

Trackback URI | Comments RSS

Leave a Reply