It's better when it's simple

User Tools

Site Tools


Translations of this page?:

Learn about DokuWiki

Advanced Use

Corporate Use

Our Community

Follow us on Facebook, Twitter and other social networks.

Our Privacy Policy


This is an old revision of the document!

SimpleSAMLphp Authentication Backend

This authentication backend deals with a single sign on web authentication system based on SimpleSAMLphp and SAML2.


  • A Service Provider provided by the SimpleSAMLphp application in the same machine of the Dokuwiki installation
  • An Identity Provider installed on the same machine as the above or on a remote machine
  • SSL support on the server for production sites
  • Other requirements are possible depending on the configuration of SimpleSAMLphp


Save this under …/dokuwiki/inc/auth/ssp.class.php:

 * SimpleSAMLphp authentication backend
 * auth/ssp.class.php
 * @author  Jorge Hervás <>
 * @license GPL2
 * @version 0.1
 * @date    June 2011
class auth_ssp extends auth_basic {
  // declaration of the auth_simple object 
  var $as;
   * Constructor.
   * Sets additional capabilities and config strings
  function auth_ssp() {
    // we set the features of our authentication backend to TRUE, the base class defaults to FALSE the rest
    $this->cando['external'] = true;
    $this->cando['logoff']   = true;
    $this->success = true;
   * Do external authentication (SSO)
   * Params are not used
  function trustExternal($user,$pass,$sticky=false){
    global $USERINFO;
    global $conf;
    $sticky ? $sticky = true : $sticky = false; //sanity check
    // loading of simplesamlphp library
    require_once($conf['ssp_path'] . '/lib/_autoload.php');
    // create auth object and use api to require authentication and get attributes
    $this->as = new SimpleSAML_Auth_Simple('default-sp');
    // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation
    # if ($this->as->isAuthenticated()) {

    $attrs = $this->as->getAttributes();
    // check for valid attributes (not empty) and update USERINFO var from dokuwiki
    if (!isset($attrs[$conf['ssp_attr_name']][0])) {
    $USERINFO['name'] = $attrs[$conf['ssp_attr_name']][0];
    if (!isset($attrs[$conf['ssp_attr_mail']][0])) {
    $USERINFO['mail'] = $attrs[$conf['ssp_attr_mail']][0];
    // groups may be empty (by default any user belongs to the user group) don't perform empty check
    $USERINFO['grps'] = $attrs[$conf['ssp_attr_grps']];
    if (!isset($attrs[$conf['ssp_attr_user']][0])) {
    // assign user id to the user global information
    $_SERVER['REMOTE_USER'] = $attrs[$conf['ssp_attr_user']][0];
    // assign user id and the data from USERINFO to the DokuWiki session cookie
    $_SESSION[DOKU_COOKIE]['auth']['user'] = $attrs[$conf['ssp_attr_user']][0];
    $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
    # } // end if_isAuthenticated()

    return true;
   * exit printing info and logout link
  function exitMissingAttribute( $attribute ){
    // get logout link
    $url = $this->as->getLogoutURL();
    $logoutlink = '<a href="' . htmlspecialchars($url) . '">logout</a>';
    die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form');
   * Log off the current user from DokuWiki and IdP
  function logOff(){
    // use the simpleSAMLphp authentication object created in trustExternal to logout
//Setup VIM: ex: et ts=2 enc=utf-8 :


1. For configuring the SimpleSAMLphp application look at the online documentation of the project

2. For installing the new backend just save the above code under …/dokuwiki/inc/auth/ssp.class.php

3. Add the following lines in your DokuWiki configuration file (local.php):

// use the SimpleSAMLphp backend
$conf['authtype']   = 'ssp';
$conf['useacl'] = 1;
// path for the simplesamlphp installation root
$conf['ssp_path'] = '/var/simplesamlphp';
// configure attribute names to match the ones used by our authentication backend (IdP)
$conf['ssp_attr_name'] = 'cn';
$conf['ssp_attr_user'] = 'uid';
$conf['ssp_attr_mail'] = 'email';
$conf['ssp_attr_grps'] = 'eduPersonAffiliation';

4. Integrate SimpleSAMLphp and DokuWiki:

a) By changing SimpleSAMLphp in the default session store type in the config/config.php file: Change this line:

	'store.type' => 'phpsession'

To this:

	'store.type' => 'memcache'

b) OR by setting in the same file the value 'DokuWiki' to the php cookie name:

'session.phpsession.cookiename'  => 'DokuWiki',

and comment the lines that set the cookie params in the init.php file of DokuWiki,like this:

 if (version_compare(PHP_VERSION, '5.2.0', '>')) { 
        //session_set_cookie_params(0,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true); 
        //session_set_cookie_params(0,DOKU_REL,'',($conf['securecookie'] && is_ssl())); 

5. (optional) Comment out the lines starting by '#' in the authentication backend to allow guest users visit the site without requiring user and password credentials

In this case you should also modify the inc/template.php file to correct the behaviour of the login button, redirecting it to the IdP login form

//   $out .= html_btn('login',$ID,'',array('do' => 'login', 'sectok' => getSecurityToken()));
$as = new SimpleSAML_Auth_Simple('default-sp');
$link_as = $as->getLoginURL();
$out .= '<form class="button btn_login" method="post" action="' . $link_as . '"><div class="no"><input type="submit" value="Login" class="button" title="Login" /></div></form>';
auth/ssp.1307124249.txt.gz · Last modified: 2011-06-03 20:04 by