This is an old revision of the document!
Table of Contents
Authentication Backends & Plugins
After you have enabled ACL in the config file you need to decide how you like to store user data. DokuWiki supports various methods and creating a new one is pretty easy.
DokuWiki uses so–called authentication plugins that provide certain methods to store user data and passwords. The user won't even see this plugin but you as an administrator have to set up your desired authentication plugin and configure it properly.
If the available plugins do not fulfill the requirements, you can create your own auth plugin. For details see How to write an Authentication Plugin?
Since the release 2013-05-10 “Weatherwax” DokuWiki uses Authentication Plugins instead of Authentication Backends. This requires action from the administrator when upgrading the wiki.
Summary of the resources of the old authentication backends and the new authentication plugins:
Since the release 2013-05-10 “Weatherwax”
- Look for available Auth Plugins in the plugin repository.
- Documentation about developing Auth Plugins
FAQ
- I cannot login anymore after DokuWiki upgrade, how to update from this old auth backend?
- How do I remove the message about deprecated setting?
Your authtype setting is deprecated. You must set $conf['authtype'] = "authldap" in your config (see Authentication Backends)
Go to your Configuration Manager and search for the authtype setting. Set this setting to the
auth…
backend of your need.
(btw:$conf['authconfig']
in the message was a spelling mistake, it should be$conf['authtype']
.)
Releases 2012-10-13 “Adora Belle” and older
- The available authentication backends are listed below
- Documentation about developing Authentication Backends
The authentication backends below are for DokuWiki releases 2012-10-13 “Adora Belle” and older.
Backends
Up to releases 2012-10-13 “Adora Belle” and older you could use the backends below.
These are the backends you get with DokuWiki:
Contributed Backends
These Backends aren't part of the distribution, but might be useful:
- Ban – More secure login with ban option (rewritten plain.auth.php)
- CAS – authenticate with a CAS server
- cas – another CAS authentication with ACL based on LDAP attributes
- plaincas – another CAS authentication with ACL based on CAS attributes and a corresponding login-plugin
- chained – chain more than one authentication method
- django – Authenticates against a Django user database through a Django session cookie.
- extdjango – Same as above, but uses HTTP for DW↔Django communication
- Eventum – How to integrate DokuWiki with Eventum Issue Tracker
- drupal – For backend authentication integration with Drupal 7.x.
- external – Authentication through an external program – to be used with PAM & shadow passwords
- gforge – Authenticate against GForge session cookies
- ggauth – experimental thoughts on auth backends including chained, split as below plus HTTP basic, htaccess and PAM
- htaccessauth – identify users that already logged in using a Basic HTTP Authorization through .htaccess
- imap – authenticate users against an IMAP/POP3 server
- imap – Another (awesome) IMAP authentication backend
- keeyaiwp – SSO with Wordpress
- ldap_local – LDAP authentication with local (plain text) ACLs
- lemonldap – authenticate users through a LemonLDAP SSO
- mod_auth_tkt – mod_auth_tkt authentication
- motp – basically like the plain backend but with added checks for Mobile-OTP tokens
- mybb – authentication using the MyBB forum software
- ning – Ning ID authentication
- ntlm – NTLM (i.e. Windows NT-based) authentication
- oauth – oauth1/2 to connect authentication with Ruby on Rails/Doorkeeper, github, Google+, Facebook, Yahoo, …
- pam – Experimental PAM authentication
- cafu_phpbb3 – authenticate users against a PHPBB3 forum
- phpbb3 – authenticate users against a PHPBB3.0.x forum - another take on the matter
- plainplus – extension to plaintext to limit bad password attempts and set expirations to passwords
- punbb – authenticate users against the PunBB forum (uses PunBB's cookies and database for SSO)
- radius – authenticate users against a RADIUS server
- dokushib – Shibboleth Authentication Backend
- split – delegate login to one auth backend and groups management to another
- smartcard – use SmartCard for login (client certificate, developed for Estonian ID card). Supports multiple backends (plain, mysql and so on).
- ssp – SimpleSAMLphp authentication backend
- simplesamldokuwiki – authenticate via simpleSAMLphp (SAML 2.0, Shibboleth, …)
- sympa auth – Authenticate using sympa over SOAP
- xmpp – authenticate users against an XMPP/Jabber server
- dokudrupal – Drupal 7 authentication backend.
- Ucenter – Discuz Ucenter Authentication backend.
- Joomla 1.5 – Joomla 1.5 Authentication backend.
- sfauth - Salesforce as authentication backend
How to implement a new auth backend is described in the HOWTO.
Auth-related plugins
- fblogin – Use Facebook as an authentication authority for your DokuWiki site
- openid – lets register with an OpenID URL; lets already registered users add OpenID URLs to their profiles and then use OpenID to login.
- virtualgroup – allows to assign groups to a user independently from the authn/authz-Backend.
Auth-related Tips
Some relevant tips related to authentication backends
- commonlogin – Sharing authentication data between wikis on the same server
- .htaccess authentication – Use .htaccess authentication instead of the login form
- .htaccess authentication 2 – As above with support for UserManager
- HTTP-Auth Passthru – Adding http-auth-functionality to your existing ACL-setup
- Chained Authentication – Use a sequence of authentication backends (e.g. LDAP then plain )
- usermanager and chained auth – Manage each authentication method used by the chained method through the usermanager
- Separate Admin Login – Use a special admin login, which cannot read or edit pages
- list of integrations in other software – explaining integration with other software, often authentication included.
- Change user name after authentication – Change the username after authentication (e.g. you want to allow login via a unique id that could change sometime (e.g. email address), but use another unmodifiable unique id as permanent identifier in Dokuwiki)