hi,
I have read both of the link:
http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension
http://www.mediawiki.org/wiki/Extension:CASAuthentication
But unfortunately, I havnt found the code you said... It seems like these
extensions are use hook to implentment user authencation? In my own myapi.php,
how can a hook work?
The code below is a breif overview of the myapi.php:
<?php
$data = $_POST['data'];
// call a function to decode the data with a secret key. The result is in $get
$action = $get['action'];
if($action == 'login'){
$uid = $get['uid'];
// I must do something here to make mediawiki login.
echo 1;
}
elseif($action == 'logout'){
//I must do something here to make mediawiki logout.
echo 1;
}
else{
echo 0;
}
?>
When user is logged in other application, the central auth system would access
this myapi.php with data.
Thx!!
------------------
Bear
2010-08-12
-------------------------------------------------------------
From:Lane, Ryan
Send Date:2010-08-12 22:48:05
To:Wikimedia developers
CC:
Subject:Re: [Wikitech-l] How to login a user without password?
X-Uidl: GmailId12a66c5ad00f6f23&&pop.gmail.com
Delivered-To: [email protected]
Received: by 10.150.43.19 with SMTP id q19cs108796ybq;
Thu, 12 Aug 2010 07:48:05 -0700 (PDT)
Received: by 10.213.104.211 with SMTP id q19mr353520ebo.45.1281624485062;
Thu, 12 Aug 2010 07:48:05 -0700 (PDT)
Return-Path: <[email protected]>
Received: from lists.wikimedia.org (lists.wikimedia.org [91.198.174.5])
by mx.google.com with ESMTP id b4si3903961eei.56.2010.08.12.07.48.04;
Thu, 12 Aug 2010 07:48:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
[email protected] designates 91.198.174.5 as permitted
sender) client-ip=91.198.174.5;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record
for domain of [email protected] designates 91.198.174.5 as
permitted sender) [email protected]
Received: from localhost ([127.0.0.1]:33140 helo=lily.esams.wikimedia.org)
by lily.knams.wikimedia.org with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1OjZ4X-0005WX-MA; Thu, 12 Aug 2010 14:47:57 +0000
Received: from navofw.navo.navy.mil ([128.160.199.100]:59490
helo=ocean2.ocean.navo.navy.mil)
by lily.knams.wikimedia.org with esmtp (Exim 4.69)
(envelope-from <[email protected]>) id 1OjZ4T-0005Vg-5P
for [email protected]; Thu, 12 Aug 2010 14:47:53 +0000
Received: from Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) by
Ocean2.ocean.navo.navy.mil ([2002:80a0:a553::80a0:a553]) with mapi;
Thu, 12 Aug 2010 09:47:52 -0500
From: "Lane, Ryan" <[email protected]>
To: Wikimedia developers <[email protected]>
Thread-Topic: [Wikitech-l] How to login a user without password?
Thread-Index: AQHLObie6u3yp2mSrUKST4Z+Ta89aZLd5PgcgAABKCA=
Date: Thu, 12 Aug 2010 14:47:51 +0000
Message-ID: <7ff208a2f1e6004d8f7bdc10a103c34a35c...@ocean2.ocean.navo.navy.mil>
References: <[email protected]>,
<[email protected]> <[email protected]>
In-Reply-To: <[email protected]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.9
Subject: Re: [Wikitech-l] How to login a user without password?
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Wikimedia developers <[email protected]>
List-Id: Wikimedia developers <wikitech-l.lists.wikimedia.org>
List-Unsubscribe: <https://lists.wikimedia.org/mailman/listinfo/wikitech-l>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive: <http://lists.wikimedia.org/pipermail/wikitech-l>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe: <https://lists.wikimedia.org/mailman/listinfo/wikitech-l>,
<mailto:[email protected]?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8180891937508425267=="
Mime-version: 1.0
Sender: [email protected]
Errors-To: [email protected]
--===============8180891937508425267==
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_007D_01CB3A03.69598B20"
------=_NextPart_000_007D_01CB3A03.69598B20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
> I am very very thankful you can supply me such rich
> information. I have read them carefully and found they are
> not comfort my situation. The Central Auth System I use is
> not developed by me. So I must do my project in its framework.
> When one user login in a application such like a forum, the
> forum would ask the central auth system if the username and
> password which supplied by user is match. When this is okay,
> it would call a function which provided by this central auth
> system. This function will access the myapi.php in each
> applications which configured with this central auth system
> and pass User_ID by POST. So I have to write a myapi.php for
> mediawiki to create a session with the uid it supplied.
> I am not good at English and I hope you can understand my meanning.
> thx!
>
Ok. I understand the requirement now. Note that the last extension I linked
to has code that creates a session for a user. You can use it as an example.
It also has an example of creating a user in the database, which you'll need
to do as well.
Note that this sounds like a really insecure system if done improperly. I
hope the central auth server has some way of authenticating that POST
request, or anyone would be able to grant themselves a session.
V/r,
Ryan Lane
------=_NextPart_000_007D_01CB3A03.69598B20--
--===============8180891937508425267==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--===============8180891937508425267==--
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
