| conf | Make the remote user header a configuration | |
| lang | Make the remote user header a configuration | |
| auth.php | Make the remote user header a configuration | |
| plugin.info.txt | Adds french translation and fixes typos | |
| README.md |
Fixes typos in README.md
|
|
AuthRemoteUser
This DokuWiki
plugin provides Single Sign On authentication via web
server's REMOTE_USER environment variable which is set through authentication
systems like
- HTTP-Auth,
- LDAP,
- CAS,
- Cosign,
- NTLM,
- PAM,
- WebAuth,
- SSPI,
- and so on.
It uses the default plain text file conf/users.auth.php to store user
information.
Installation
-
Enable an authentication system which sets
REMOTE_USER(and disable anonymous authentication) on your web server. -
Search and install the plugin using the Extension Manager. Refer to Plugin Installation Instructions on how to install plugins manually.
Usage
-
Determine your
REMOTE_USERname:-
Save file
phpinfo.phpon your web server:<?PHP phpinfo(); ?> -
Open
phpinfo.phpin your web browser and search for the value in_SERVER["REMOTE_USER"]. -
Add this value as new user ID to your user list if it is missing and add them groups
adminanduser.1 -
Remove file
phpinfo.php.
-
-
In your DokuWiki login as superuser, click Admin, choose Configuration Settings, and configure these settings:
-
Disable action
profile. -
If enabled, disable option
subscriberstemporarily. -
Enable
authtypeAuthRemoteUser. -
Disable
rememberme. -
Save this configuration.
-
-
Remove DokuWiki cookie from your browser or close and restart your browser.
-
Reload your DokuWiki installation. Your login should be automatically detected.
-
Now, you can re-enable option
subscribersagain (see above).
Copy the configuration settings to the conf/local.protected.php file to
protect the settings against changes via Config Manager.
Administration of users and its groups is done in the User Manager which is fully supported by this plugin.
Storage
AuthRemoteUser uses the same storage backend like authplain that is
conf/users.auth.php. Users which are added after switching to
AuthRemoteUser, won't contain an encrypted password.
That is: You can switch back to authplain (and enable profile setting)
whenever you want, and all your users which were already added before are still
able to login using their (hopefully yet known) password. All other users can
use the forget my password link.
File Format
Empty lines, and everything after a # character are ignored. Each line
contains a colon separated array of five fields:
loginname:password:Real Name:email:groups
loginname:
This has to be a valid page name.password:
Encrypted password if user id was added using authplain, otherwise empty.Real Name:
Real name of the user.email:
Email address of user.groups:
Comma separated list of groups a user is member of. The group names must follow the rules of valid page names.
Editing
Since conf/users.auth.php is a plain text file, it can be edited with any
text editor.
-
Don't be surprised: The user ID is converted to a valid page name. ↩︎