DokuWiki

It's better when it's simple

User Tools

Site Tools


auth:cosign

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
auth:cosign [2009-06-05 22:27] – Added a notice about it not working on save 128.118.231.140auth:cosign [2021-08-18 00:28] (current) Klap-in
Line 1: Line 1:
 +====== CoSign Authentication Backend ======
 +
 +| :!: This is an old authentication backend and works with dokuwiki up to Andora Belle 2012-10-13\\ \\ For **newer** dokuwiki releases an [[devel:auth plugins|auth plugin]] is required. \\ \\ You have to probably convert this backend to an auth plugin (as there is no successor or alternative known for [[auth:cosign]]) |
 +
 +[[http://www.umich.edu/~umweb/software/cosign/|CoSign]] is an open source single sign on web authentication system developed by the University of Michigan. If your group uses [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] for web application authentication, you can use it to authenticate your dokuwiki accounts.
 +
 +Since [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] only handles authentication and NOT authorization, this solution still uses the user-manager plug-in for setting up users authorized to access the dokuwiki and the groups that they belong too. The passwords set in the user-manager plug-in are ignored.
 +
 +
 +===== Requirements =====
 +
 +  * a [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] server
 +  * configuration parameters for your web server (apache)
 +
 +
 +
 +===== Code =====
 +
 +Save this under .../dokuwiki/inc/auth/cosign.class.php:
 +
 +<code php cosign.class.php>
 +<?php
 +/**
 + * Cosign authentication backend
 + *
 + * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 + * @author     Paul Rentschler <par117@psu.edu>
 + * Version: 1.0
 + * last modified: 2009-06-18 15:54
 + *
 + * Work based on the plaintext authentication backend:
 + * @author     Andreas Gohr <andi@splitbrain.org>
 + * @author     Chris Smith <chris@jalakai.co.uk>
 + */
 +
 +define('DOKU_AUTH', dirname(__FILE__));
 +require_once(DOKU_AUTH.'/plain.class.php');
 +
 +define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
 +
 +// we only accept page ids for auth_plain
 +if(isset($_REQUEST['u']))
 +  $_REQUEST['u'] = cleanID($_REQUEST['u']);
 +if(isset($_REQUEST['acl_user']))
 +  $_REQUEST['acl_user'] = cleanID($_REQUEST['acl_user']);
 +// the same goes for password reset requests
 +if(isset($_POST['login'])){
 +  $_POST['login'] = cleanID($_POST['login']);
 +}
 +
 +class auth_cosign extends auth_plain {
 +
 +    /**
 +     * Constructor
 +     *
 +     * Carry out sanity checks to ensure the object is
 +     * able to operate. Set capabilities.
 +     *
 +     * @author  Paul Rentschler <par117@psu.edu>
 +     */
 +    function auth_cosign() {
 +      // call the parent constructor
 +      parent::auth_plain();
 +
 +      // indicate we should be trusting an external auth checker
 +      $this->cando['external'] = true;
 +    }
 +
 +
 +
 +    /**
 +     * Trust External AuthN
 +     *
 +     * @author  Paul Rentschler <par117@psu.edu>
 +     * @return  bool
 +     */
 +    function trustExternal($user,$pass,$sticky=false) {
 +      global $USERINFO;
 +
 +      $result = false;
 +
 +      if (!empty($user)) {
 +        // verify the user is logged in through WebAccess
 +        if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] <> '' && $_SERVER['REMOTE_USER'] == $user) {
 +          $userinfo = $this->getUserData($user);
 +          if ($userinfo !== false) {
 +            $result = true;
 +          }
 +        }
 +
 +      } else {
 +        // regular session auth check
 +        if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] <> '') {
 +          $userinfo = $this->getUserData($_SERVER['REMOTE_USER']);
 +          if ($userinfo !== false) {
 +            $result = true;
 +          }
 +        }
 +      }
 +
 +      // set the necessary global variables
 +      if ($result) {
 +        $USERINFO = $userinfo;
 +
 +        // set session
 +        $_SESSION[DOKU_COOKIE]['auth']['user'] = $_SERVER['REMOTE_USER'];
 +        $_SESSION[DOKU_COOKIE]['auth']['pass'] = '';
 +        $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
 +        $_SESSION[DOKU_COOKIE]['auth']['info'] = $userinfo;
 +        $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
 +      }
 +
 +      return $result;
 +    }
 +
 +}
 +
 +//Setup VIM: ex: et ts=2 enc=utf-8 :
 +</code>
 +
 +
 +===== Configuration =====
 +
 +Configure apache to use [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] for authentication and preferably do it over SSL. See the [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] documentation for how to set this up.
 +
 +Authorized users can be managed via the user-manager plugin now. The passwords in users.auth.php is ignored. Just put a dummy value in there.
 +
 +You may want to remove the Login and Logout buttons from the template as well since they have no use. Logout is accomplished by closing the browser window or by the timeout specified by the [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] server.
 +
 +
 +===== Discussion =====
 +> 2009/06/05: Currently experiencing a problem that the authentication does not work when saving changes. Am working on a fix.
 +>> 2009/06/18: Reworked the authentication class and resolved the problem of being logged out when saving changes.
 +
 +
 +This is awesome. Thank you. 
  
auth/cosign.txt · Last modified: 2021-08-18 00:28 by Klap-in

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki