mediawiki.html 15.3 KB
Newer Older
Clément OUDOT's avatar
Clément OUDOT committed
1 2 3 4 5 6
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:applications:mediawiki</title>
<meta name="generator" content="DokuWiki"/>
Xavier Guimard's avatar
Xavier Guimard committed
7
<meta name="robots" content="index,follow"/>
Clément OUDOT's avatar
Clément OUDOT committed
8 9 10 11 12
<meta name="keywords" content="documentation,2.0,applications,mediawiki"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="mediawiki.html"/>
<link rel="contents" href="mediawiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
Xavier Guimard's avatar
Xavier Guimard committed
13 14 15 16 17 18 19 20 21
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
22 23 24
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:mediawiki","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
Xavier Guimard's avatar
Xavier Guimard committed
39
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
40
//else -->
Xavier Guimard's avatar
Xavier Guimard committed
41
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
42
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#mediwiki_local_configuration">MediWiki local configuration</a></div></li>
<li class="level2"><div class="li"><a href="#mediawiki_virtual_host">MediaWiki virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="mediawiki">MediaWiki</h1>
<div class="level1">

<p>
<a href="mediawiki_logo.png_documentation_2.0_applications_mediawiki.html" class="media" title="applications:mediawiki_logo.png"><img src="mediawiki_logo.png" class="mediacenter" alt="" /></a>
</p>

</div>
<!-- EDIT1 SECTION "MediaWiki" [1-66] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">

<p>
<a href="http://www.mediawiki.org" class="urlextern" title="http://www.mediawiki.org"  rel="nofollow">MediaWiki</a> is a wiki software, used by the well known <a href="http://www.wikipedia.org" class="urlextern" title="http://www.wikipedia.org"  rel="nofollow">Wikipedia</a>.
</p>

<p>
Xavier Guimard's avatar
Xavier Guimard committed
82
Several extensions allows one to configure <abbr title="Single Sign On">SSO</abbr> on MediaWiki:
Clément OUDOT's avatar
Clément OUDOT committed
83 84 85 86 87 88 89 90 91 92 93 94 95
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"  rel="nofollow">Automatic REMOTE_USER</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication"  rel="nofollow">Siteminder Authentication</a></div>
</li>
</ul>

<p>
We will explain how to use <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"  rel="nofollow">Automatic REMOTE_USER</a> extension.
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
96
<!-- EDIT2 SECTION "Presentation" [67-594] -->
Clément OUDOT's avatar
Clément OUDOT committed
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">

<p>
The extension is presented here: <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"  rel="nofollow">http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER</a>
</p>

<p>
You can download the code here: <a href="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser" class="urlextern" title="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser"  rel="nofollow">https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser</a>
</p>

<p>
You have to install <code> Auth_remoteuser</code> in the <code>extensions/</code> directory of your MediaWiki installation:
</p>
<pre class="code">cp -a Auth_remoteuser/ extensions/</pre>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
114
<!-- EDIT3 SECTION "Installation" [595-989] -->
Clément OUDOT's avatar
Clément OUDOT committed
115 116 117 118
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">

</div>
Xavier Guimard's avatar
Xavier Guimard committed
119
<!-- EDIT4 SECTION "Configuration" [990-1016] -->
Clément OUDOT's avatar
Clément OUDOT committed
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176
<h3 class="sectionedit5" id="mediwiki_local_configuration">MediWiki local configuration</h3>
<div class="level3">

<p>
Then edit MediaWiki local settings
</p>
<pre class="code">vi LocalSettings.php</pre>
<pre class="code file php"><span class="kw1">require_once</span> <span class="st0">&quot;<span class="es4">$IP</span>/extensions/Auth_remoteuser/Auth_remoteuser.php&quot;</span><span class="sy0">;</span>
<span class="re0">$wgAuth</span> <span class="sy0">=</span> <span class="kw2">new</span> Auth_remoteuser<span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>

<p>
Add then extension configuration, for example:
</p>
<pre class="code file php"><span class="re0">$wgAuthRemoteuserAuthz</span> <span class="sy0">=</span> <span class="kw4">true</span><span class="sy0">;</span> <span class="coMULTI">/* Your own authorization test */</span>
<span class="re0">$wgAuthRemoteuserName</span> <span class="sy0">=</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st0">&quot;HTTP_AUTH_CN&quot;</span><span class="br0">&#93;</span><span class="sy0">;</span> <span class="coMULTI">/* User's name */</span>
<span class="re0">$wgAuthRemoteuserMail</span> <span class="sy0">=</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st0">&quot;HTTP_AUTH_MAIL&quot;</span><span class="br0">&#93;</span><span class="sy0">;</span> <span class="coMULTI">/* User's Mail */</span>
<span class="re0">$wgAuthRemoteuserNotify</span> <span class="sy0">=</span> <span class="kw4">false</span><span class="sy0">;</span> <span class="coMULTI">/* Do not send mail notifications */</span>
<span class="co1">//$wgAuthRemoteuserDomain = &quot;NETBIOSDOMAIN&quot;; /* Remove NETBIOSDOMAIN\ from the beginning or @NETBIOSDOMAIN at the end of a IWA username */</span>
<span class="coMULTI">/* User's mail domain to append to the user name to make their email address */</span>
<span class="co1">//$wgAuthRemoteuserMailDomain = &quot;example.com&quot;;</span>
&nbsp;
<span class="co1">// see http://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList</span>
<span class="co1">// and http://www.mediawiki.org/w/Manual:Special_pages</span>
<span class="co1">// and http://lists.wikimedia.org/pipermail/mediawiki-l/2009-June/031231.html</span>
<span class="co1">// disable login and logout functions for all users</span>
<span class="kw2">function</span> LessSpecialPages<span class="br0">&#40;</span><span class="sy0">&amp;</span><span class="re0">$list</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
    <a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$list</span><span class="br0">&#91;</span><span class="st_h">'Userlogout'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
    <a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$list</span><span class="br0">&#91;</span><span class="st_h">'Userlogin'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
    <span class="kw1">return</span> <span class="kw4">true</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'SpecialPage_initList'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span><span class="sy0">=</span><span class="st_h">'LessSpecialPages'</span><span class="sy0">;</span>
&nbsp;
<span class="co1">// http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth</span>
<span class="co1">// remove login and logout buttons for all users</span>
<span class="kw2">function</span> StripLogin<span class="br0">&#40;</span><span class="sy0">&amp;</span><span class="re0">$personal_urls</span><span class="sy0">,</span> <span class="sy0">&amp;</span><span class="re0">$wgTitle</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
    <a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st0">&quot;login&quot;</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
    <a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st0">&quot;logout&quot;</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
    <a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st_h">'anonlogin'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
    <span class="kw1">return</span> <span class="kw4">true</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'PersonalUrls'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span> <span class="sy0">=</span> <span class="st_h">'StripLogin'</span><span class="sy0">;</span></pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, empty passwords are not authorized, so you may need to patch the extension code if you get the error:
“Unexpected REMOTE_USER authentication failure. Login Error was:EmptyPass”.
</div>
<p>
If necessary, use the code below to patch the extension:
</p>
<pre class="code">sed -i &quot;s/&#039;wpPassword&#039; =&gt; &#039;&#039;/&#039;wpPassword&#039; =&gt; &#039;none&#039;/&quot; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, auto-provisioning requires REMOTE_USER to match the normalized mediawiki username (for example: john_doe → john doe), so you may need to patch the extension code if you get the error:
“Unexpected REMOTE_USER authentication failure. Login Error was:WrongPluginPass”
</div>
<p>
You can use the code below for normalizing logins containing “_” in the extension:
</p>
<pre class="code">sed -i &#039;/$usertest = $this-&gt;getRemoteUsername();/a\                $usertest = str_replace( &quot;_&quot;,&quot; &quot;, $usertest );&#039; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
177
<!-- EDIT5 SECTION "MediWiki local configuration" [1017-3670] -->
Clément OUDOT's avatar
Clément OUDOT committed
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236
<h3 class="sectionedit6" id="mediawiki_virtual_host">MediaWiki virtual host</h3>
<div class="level3">

<p>
Configure MediaWiki virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<div class="noteimportant">If you are protecting MediaWiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div><ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
       <span class="kw1">ServerName</span> mediawiki.example.com
&nbsp;
       PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
       ...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
  listen 80;
  server_name mediawiki.example.com;
  root /path/to/application;
  # Internal authentication request
  location = /lmauth {
    internal;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH &quot;&quot;;
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
  } 
&nbsp;
  # Client requests
  location / {
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmlocation $upstream_http_location;
    error_page 401 $lmlocation;
    try_files $uri $uri/ =404;
&nbsp;
    ...
&nbsp;
    include /etc/lemonldap-ng/nginx-lua-headers.conf;
  }
  location / {
    try_files $uri $uri/ =404;
  }
}</pre>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
237
<!-- EDIT6 SECTION "MediaWiki virtual host" [3671-5110] -->
Clément OUDOT's avatar
Clément OUDOT committed
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260
<h3 class="sectionedit7" id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</h3>
<div class="level3">

<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for MediaWiki.
</p>

<p>
Just configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>. You can also add a rule for logout:
</p>
<pre class="code">Userlogout =&gt; logout_sso</pre>

<p>
You can create these two headers to fill user name and mail (see extension configuration):
</p>
<pre class="code">Auth-Cn =&gt; $cn
Auth-Mail =&gt; $mail</pre>

<p>
If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure also the <code>Auth-User</code> <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">header</a>,
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
261
<!-- EDIT7 SECTION "MediaWiki virtual host in Manager" [5111-] --></div>
Clément OUDOT's avatar
Clément OUDOT committed
262 263
</body>
</html>