Differences

This shows you the differences between two versions of the page.

--- auth [2012-01-10 21:58] – [Contributed Backends] 173.10.47.177
+++ auth [2023-09-20 21:49] (current) – [Authentication related Tips] see documentation of Auth Plugins instead Klap-in
@@ Line 1: / Line 1: @@
-====== Authentication Backends ======
+======= Authentication Plugins =======
-After you have enabled [[:ACL]] in the config file you need to decide how you like to store user data. DokuWiki supports various methods and creating a new one is pretty easy.
+After you have enabled [[:ACL]] in the config file you need to decide how you like to store user data. DokuWiki supports various methods and creating a new one is pretty easy. [[:DokuWiki]] uses so–called authentication plugins that provide certain methods to store user data and passwords. The user won't even see this plugin but you as an administrator have to set up your desired authentication plugin and configure it properly. The [[plugin:authplain|plain authentication plugin]] is DokuWikis default simple version.
-[[:DokuWiki]] uses so called authentication backends that provide certain methods to store user data and passwords. The user won't even see this backend but you as an administrator have to set up your desired authentication backend and configure it properly.
+  * Look for available [[plugintype>128#extension__table|Auth Plugins]] in the plugin repository.
-If the available backends does not fulfill the requirements, you can create your own backend. For details see [[devel:authentication_backends|How to write an Authentication Backend?]]
+The plugins can be installed using the [[plugin:Extension|Extension Manager]]. If the available plugins do not fulfill the requirements, you can create your own auth plugin. For details see [[devel:Auth Plugins|How to write an Authentication Plugin?]]
-===== Backends =====
-These are the backends you get with DokuWiki:
+===== Authentication related plugins =====
-  * [[auth:ad]] -- Active Directory authentication with optional Single Sign On (SSO)
+  * [[plugin:authchained|Chained Authentication]] -- Use a sequence of authentication backends (e.g. LDAP then plain )
-  * [[auth:ldap]]  -- authenticate users against a LDAP directory
+  * [[plugin:virtualgroup]] -- allows to assign groups to a user independently from the backend.
-  * [[auth:mysql]] -- access any MySQL database to authenticate users
+Some suggestions grouped by tags in the plugin repository:
-  * [[auth:pgsql]] -- access any Postgres database to authenticate users
+  * Plugins with [[plugintag>acl#extension__table|acl]]-tag
-  * [[auth:plain]] -- the default mechanisms which uses plain text files
+  * Plugins with [[plugintag>groups#extension__table|groups]]-tag
+  * Plugins with [[plugintag>users#extension__table|users]]-tag
+===== Authentication related Tips =====
-===== Contributed Backends =====
+Some relevant tips related to authentication backends
-These Backends aren't part of the distribution, but might be useful:
+  * [[tips:change_user_name_after_authentication|Change user name after authentication]] -- Suggestion how to change the username after authentication (e.g. you want to allow login via a unique id that could change sometime (e.g. email address), but use another unmodifiable unique id as permanent identifier in Dokuwiki)
-  * [[http://forum.dokuwiki.org/post/21725|Ban]] -- More secure login with ban option (rewritten plain.auth.php)
-  * [[http://site.goodboy01.com/cas/DokuWiki_CAS_Patch.html|CAS]] -- authenticate with a CAS server
-  * [[auth:cas]] -- another CAS authentication with ACL based on LDAP attributes
-  * [[auth:ggauth#chained]] -- chain more than one authentication method
-  * [[auth:cosign]] -- [[http://www.umich.edu/~umweb/software/cosign/|CoSign]] authentication for Single Sign On (SSO)
-  * [[auth:django]] -- Authenticates against a Django user database through a Django session cookie.
-  * [[http://www.byteflex.com/wiki/pub/dokuwiki_eventum|Eventum]] -- How to integrate DokuWiki with Eventum Issue Tracker
-  * [[http://www.coalface.net/node/22|drupal]] -- authenticate against a Drupal install
-  * [[auth:external]] -- Authentication through an external program -- to be used with PAM & shadow passwords
-  * [[http://docs.blackfin.uclinux.org/inc/auth/gforge.class.phps|gforge]] -- Authenticate against GForge session cookies
-  * [[auth:ggauth]] -- experimental thoughts on auth backends including chained, split as below plus HTTP basic, htaccess and PAM
-  * [[tips:htaccessauth#the_htaccess_class|htaccessauth]] -- identify users that already logged in using a Basic HTTP Authorization through .htaccess
-  * [[auth:imap]] -- authenticate users against an IMAP/POP3 server
-  * [[https://gist.github.com/804858|imap]] -- Another (**awesome**) IMAP authentication backend
-  * [[http://keeyai.com/projects-and-releases/dokuwiki-tools/dokuwiki-and-wordpress-integration/|keeyaiwp]] -- SSO with Wordpress
-  * [[http://www.tu-harburg.de/~psvkv/dokuwiki/ldaplocal.html|ldap_local]] -- LDAP authentication with local (plain text) ACLs
-  * [[auth:lemonldap]] -- authenticate users through a LemonLDAP SSO
-  * [[auth:mod_auth_tkt]] -- mod_auth_tkt authentication
-  * [[auth:motp]] -- basically like the plain backend but with added checks for Mobile-OTP tokens
-  * [[http://forum.dokuwiki.org/thread/1851|mybb]] -- authentication using the MyBB forum software
-  * [[auth:ning]] -- Ning ID authentication
-  * [[auth:ntlm]] -- NTLM (i.e. Windows NT-based) authentication
-  * [[auth:pam]] -- Experimental PAM authentication
-  * [[auth:cafu_phpbb3]] -- authenticate users against a PHPBB3 forum
-  * [[https://github.com/akehrer/dokuwiki_plainauthplus|plainplus]] -- extension to plaintext to limit bad password attempts and set expirations to passwords
-  * [[auth:punbb]] -- authenticate users against the PunBB forum (uses PunBB's cookies and database for SSO)
-  * [[auth:radius]] -- authenticate users against a RADIUS server
-  * [[http://wiki.debug.cz/dokuwiki/auth/shib|shibauth]] -- Shibboleth Authentication Backend
-  * [[auth:ggauth#split]] -- delegate login to one auth backend and groups management to another
-  * [[auth:smartcard]] -- use SmartCard for login (client certificate, developed for Estonian ID card). Supports multiple backends (plain, mysql and so on).
-  * [[auth:ssp]] -- SimpleSAMLphp authentication backend
-  * [[http://www.sympa.org/contribs/sympaauth|sympa auth]] -- Authenticate using sympa over SOAP
-  * [[auth:xmpp]] -- authenticate users against an XMPP/Jabber server
-  * [[http://cvpcs.org/projects/web/dokuwiki-auth-yubikey|yubikey]] -- Extension to the paintext auth module to allow use of a [[http://yubico.com|YubiKey]] OTP as the password
-  * [[http://n00bsys0p.co.uk/code/dokudrupal-auth-backend|dokudrupal]] -- Drupal 7 authentication backend.
-How to implement a new auth backend is described in the [[devel:authentication_backends|HOWTO]].
-===== Auth-related plugins =====
-  * [[plugin:fblogin]] -- Use Facebook as an authentication authority for your DokuWiki site
-  * [[plugin:openid]] -- lets register with an OpenID URL; lets already registered users add OpenID URLs to their profiles and then use OpenID to login.
-  * [[plugin:virtualgroup]] -- allows to assign groups to a user independently from the authn/authz-Backend.