Skip to content

MI-OSiRIS/dokuwiki-shibboleth-auth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

conf

conf

 
 

plugin/authshibboleth

plugin/authshibboleth

 
 

CHANGELOG.md

CHANGELOG.md

 
 

README.md

README.md

 
 

Repository files navigation

DokuWiki Shibboleth Authentication Plugin

Introduction

DokuWiki is a flexible and simple wiki system written in PHP. Shibboleth is widely used open-source implementation of SAML. DokuWiki supports different authentication plugins and it is easy to write an alternative authentication plugin to integrate your own authentication mechanism within DokuWiki.

This plugin uses a Shibboleth session to authenticate users. It just takes all required information from the environment variables injected by Shibboleth (user's attributes sent by the identity provider).

The plugin requires DokuWiki version 2013-05-10 Weatherwax or newer. The older versions have different authentication structure - authentication backends. In case you have an older version and you don't want to upgrade, you may use the Shibboleth authentication backend.

Requirements

  • PHP >= 5.x
  • Shibboleth SP 2.x instance
  • DokuWiki 2013-05-10 Weatherwax or newer

Features

  • highly configurable
  • includes an action plugin to handle login actions
  • different group sources
  • logging and debugging

Shibboleth configuration

You need Shibboleth SP 2.x installed and running. In Apache you have to configure Shibboleth to "know" about your DokuWiki directory:

<Directory "/var/www/sites/dokuwiki/">
  AuthType shibboleth
  require shibboleth
</Directory>

Plugin installation and configuration

Clone the repository anywhere on your system. Copy the plugin/authshibboleth directory to DOKUWIKI_HOME/lib/plugins.

In DOKUWIKI_HOME/conf/local.conf set the authtype directive:

$conf['authtype'] = 'authshibboleth';

Alternatively, you can use the configuration manager.

Now, in most cases, the Shibboleth authentication should work out-of-the-box. But if that is not the case or you need to tune something, there is a bunch of configuration options you can set.

The best way to do this is to copy the conf/authshibboleth.conf.php file from the repository to DOKUWIKI_HOME/conf and include it in your DOKUWIKI_HOME/conf/local.protected.php file (it doesn't exist by default, you have to create it yourself):

include __DIR__ . '/authshibboleth.conf.php';

It's better to use local.protected.php instead of local.php, because local.php may be overwritten if you use the configuration manager.

The authshibboleth.conf.php file contains all available directives, set to their default values and commented out. If you need to change a directive, just uncomment it and change its value.

Embedded discovery interface

Assuming you have setup your SP already, to enable an embedded discovery interface set the following in authshibboleth.conf.php:

'login_discovery_service' => true,

In DOKUWIKI_HOME/lib/plugins/authshibboleth/idpselect_config.js configure the default return url to your SP:

this.defaultReturn = "https://www.example.org/Shibboleth.sso/Login?SAMLDS=1";

Links in the embedded interface will be modified to pass 'target' param to the selected identity provider preserving any URL args for page

The .js and .css for the embedded interface come from the shibboleth-embedded-ds package. More info: https://wiki.shibboleth.net/confluence/display/EDS10/2.+Installation

If the embedded service is not enabled, then instead a link "Login with Shibboleth" will be displayed. This will direct to service provider as configured in authshibboleth.conf.php and discovery service as configured in shibboleth.

About

Shibboleth authentication plugin for DokuWiki

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • PHP 83.3%
  • CSS 8.4%
  • JavaScript 8.3%