Table of Contents

Split Authentication Plugin

Compatible with DokuWiki

  • 2017-02-19 "Frusterick Manners" yes
  • 2016-06-26 "Elenor Of Tsort" yes
  • 2015-08-10 "Detritus" yes
  • 2014-09-29 "Hrun" yes

plugin Splits DokuWiki authentication among auth plugins

Last updated on
2017-12-12
Provides
Auth
Repository
Source

Tagged with authentication, split

:!: This is an authentication plugin for DokuWiki Weatherwax (2013-05-10a) and later! For a solution for earlier DokuWiki versions please refer to ggauth.

Description

authsplit, while technically being an auth plugin, does not do any authentication itself. Instead, it splits DokuWiki's different authentication method calls among two other auth plugins that will do the actual work:

This suggests using authsplit to combine a rather primitive, yet for some reason particularly useful auth plugin with an auth plugin that is more powerful, yet for some reason not useful enough if used on its own.

The example that comes to mind is to use authhttp as primary auth plugin and authplain as secondary auth plugin, thereby combining the advantages of reusing HTTP authentication information with an auth plugin that supplements everything HTTP authentication can't offer, such as email addresses. This is the scenario authsplit has been tested with, but in theory it should work with other auth plugin combinations as well. Feel free to give me feedback on other working combinations.

As authsplit has to orchestrate two auth plugins and the user's state in them, it is possible that a user is known to one of the two plugins only or stored with different data. This may lead to the effect that while one auth plugin knows about him or her, (s)he is still being reported to DokuWiki as being unknown. Since these effects may not be particularly intuitive at first sight, you should read the following explanations carefully. It is essential to really understand how authsplit works in order to prevent accidental lockout or security breaches due to improper configuration and/or unexpected behavior!

How it works

In order to understand how authsplit works one doesn't really get around learning about DokuWiki's authentication system. Please refer to Auth plugins for fundamental basics.

authsplit maps DokuWiki's authentication method calls as follows:

So to summarize which auth plugins are involved in which method calls:

Primary auth plugin Secondary auth plugin
checkPass() Authenticated here User existance required
(Can create if autocreate_users == 1)
trustExternal() Authenticated here User existance required
(Can create if autocreate_users == 1)
logOff() Done here -
getUserData() User existance required Stored here
createUser() Created here
(If supported by the auth plugin)
Created here
modifyUser() Depends on the information being modified:
Login names Modified here
(If supported by the auth plugin)
Modified here
Real names Modified here
(If supported by the auth plugin)
Modified here
eMail addresses Modified here
(If supported by the auth plugin)
Modified here
Passwords Modified here -
Group memberships - Modified here
deleteUser() - Deleted here
retrieveUsers() - Retrieved here
getUserCount() - Counted here
addGroup() - Created here
retrieveGroups() - Retrieved here
isCaseSensitive() Determined here -
cleanUser() Determined here -
cleanGroup() - Determined here

This theory tells you, for example, that if you combine authplain as primary auth plugin with authmysql as secondary auth plugin:

Of course, this example is not a particular useful combination. After all, why would you want to store users in a DokuWiki-specific textfile and put additional information in a MySQL database…

As mentioned above, using authhttp as the primary auth plugin and authplain as the secondary auth plugin is the prime use case. You could of course also try to combine authhttp with authmysql, or authldap with authplain etc. In effect, just try things out and give me feedback on working combinations and their particular use cases.

Installation

Download the latest version from Github and rename the extracted directory to authsplit, otherwise the plugin won't work.

Please refer to Plugins for additional info on how to install plugins in DokuWiki.

Configuration and Settings

authsplit itself uses the following configuration settings:

Note that you'll have to take some of the used auth plugin's settings into consideration whereas some may not apply any longer due to the way authsplit works. For example, when using authhttp as the primary auth plugin, authhttp's configuration settings no longer have any effect since all email addresses and group information come from the secondary auth plugin instead.

Change Log

Credits

This plugin is based on ideas in the ggauth auth backend by Grant Gardner. Grant does not actively maintain ggauth anymore, so an update for the new auth plugins concept is unlikely.

Support for external authentication was contributed by David Darras.

Discussion

Please use the Discussion page for user comments.