> I'm trying to setup external authentication with MediaWiki. > I've gone over > http://wiki.case.edu/CaseWiki:External_Authentication time > and time again > but it's not exactly clear. > > Here's how our company authentication for web access works. > > - I check to see if a cookie exists. If so, decrypt it and > get user info. > - If cookie doesn't exist, redirect to the company > authentication URL. In > that redirect, I specify a "return to" URL so after the user > authenticates, > it knows where to send the user back to. > - Go back to first step. Since the cookie should now exist, > I have user > info. >
Have you considered using Federated login/Shibboleth/SAML? It does SSO without all of the messy cookie stuff, and can do so at the web server or application level. It also has support for attributes and roles, so that your application can do authorization from a single source. Check out OpenSSO/Glassfish/OpenDS combo for a completely OSS stack that is fairly good. OpenSSO also works with multiple backends, including AD. To more directly answer your question, Wikimedia uses a cookie based solution for SSO between their sites; it probably doesn't do what you are looking for, but it may be able to give you some ideas: http://www.mediawiki.org/wiki/Extension:CentralAuth I definitely recommend looking at a SAML solution though. V/r, Ryan Lane _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
