[dokuwiki] Re: sharing dokuwiki authentication
- From: Jason Keltz <jas@xxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 12 Sep 2007 11:57:33 -0400
On 09/12/07 07:25, Grant Gardner wrote:
Jason,
If I understand correctly you want single sign on (SSO) between wikis in your
wiki farm
From my reading of the code it is inc/auth.php that does the cookie
thing by storing/checking an encrypted version of the user and password.
The name of the cookie is defined in inc/init.php
if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5(DOKU_URL));
As you can see the name of the cookie is dependant on the base url (DOKU_URL),
so
you'll need to do something about that if this is different for each of your
course wikis.
eg use PHP's "prepend" facility to set DOKU_COOKIE to something common
Secondly the encryption depends on a salt value that is randomly
generated on first use and stored in $conf['metadir'].'/_htcookiesalt'
so you'll need to make sure all the wikis have the same value in this file.
eg. generate one and then use a symbolic link for all the others.
Presumably you've already configured each wiki to share the users.auth.php file
or equivalent
for whatever authentication method you are using.
Hi Grant.
Thanks for your message.
I would indeed like single sign on for Wikis in a Wiki farm.
I wonder if anyone else is interested in seeing this in core DokuWiki.
After reading your notes, and doing my own experiments, it doesn't look
overly difficult...
1) As you said, DOKU_COOKIE needs to be the same for all sites in the
farm. This could be done through a PHP prepend, but there would
probably be better performance if it was hard-coded as a configuration
variable.
2) I believe the cookie path in both of the "setcookie()" calls in
inc/auth.php needs to be changed from DOKU_REL to just "/".
3) data/meta/_htcookiesalt as generated by auth_cookiesalt needs to be
the same for all sites.
I wonder if there is a way to generalize this in a way that it could
easily be integrated into DW.
How about adding these conf variables ...
conf['sso']
This would be 0 for regular sign-on, or 1 for single sign on
(default:0)
conf['ssoID'] =
This could be set to some ID (string) used in the generation of
DOKU_COOKIE. Right now, DOKU_COOKIE is 'DW' . md5(DOKU_URL), but
if sso is on, and this variable is set, DOKU_COOKIE could be set to:
'DW' . md5(conf['ssoID'])
(if ssoID is not set, it could default (maybe) to
$_SERVER['SERVER_NAME']?)
conf['sso_saltpath'] =
This could be the location of the shared salt file which could be
still be generated by the auth_cookiesalt function. If sso is off,
DW uses data/meta/_htcookiesalt, but if sso is on, and this variable
is set, then it checks this location for the file (writing the file
the first time when it does not exist).
The calls for setcookie() in inc/auth.php could set the path to DOKU_REL
if sso is not on, or "/" if it is on.
Am I thinking about this clearly, or might there be other issues?
Might this feature be useful to other DW users? As I'm thinking about
it right now, it doesn't seem overly complicated to implement, and
certainly wouldn't add much to the size of the DW code.
Jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
