Learn about DokuWiki
Advanced Use
Corporate Use
Our Community
Follow us on Facebook, Twitter and other social networks.
Learn about DokuWiki
Advanced Use
Corporate Use
Our Community
Follow us on Facebook, Twitter and other social networks.
![]() See for development documentation about the new authentications plugins on Auth Plugins Please UPDATE/REWRITE to the new Auth Plugins (these old Auth Backends are not supported anymore) |
---|
DokuWiki's authentication system is highly modular and can, generally speaking, authenticate using anything that is accessible from PHP.
If none of the provided auth does what you want, you can simply create your own. Backends are:
inc/auth/
folder <backend>.class.php
where <backend> is the name of your authentication backend. auth_<backend>
. auth_basic
class defined in inc/auth/basic.class.php
.In your class you need to override a few methods and set some public fields from the base class. Some descriptions follow, but for the doing the implementation you need to have a look at base class' comments!
If you write a new backend be sure to share your code with the community!
$success
$cando
$cando
field is an associative array of booleans. You need to set the array fields to true for all functions your backend provides. Here is a list of keys in $cando and their meaning:addUser | can Users be created? |
delUser | can Users be deleted? |
modLogin | can login names be changed? |
modPass | can passwords be changed? |
modName | can real names be changed? |
modMail | can emails be changed? |
modGroups | can groups be changed? |
getUsers | can a (filtered) list of users be retrieved? |
getUserCount | can the number of users be retrieved? |
getGroups | can a list of available groups be retrieved? |
external | does the module do external auth checking? |
logoff | has the module some special logoff method? |
Only a few functions need to be implemented. But the more you do the more the frontend will be able to do.
See inc/auth/basic.class.php for the methods' arguments and return values.
__construct()
$success
and $cando
mentioned above here.checkPass($user, $pass)
$user
exists and the given plaintext password $pass
is correct.getUserData($user)
$user
array( 'name' => string, 'mail' => string, 'grps' => array() )
All these methods are optional and will only be called if the appropriate $cando fields are set
trustExternal()
(replaces DokuWiki authentication functions)auth_login()
function from inc/auth.php
. getUserData()
so DokuWiki can display your users nicely and logoff()
to permit DokuWiki to communicate the logoff to your backend. The other functions are only needed when you like that some internals of DokuWiki interact with your backend. Search the source code or browse on http://xref.dokuwiki.org/ to check out the connections. auth_basic
class the trustExternal() function has to set the global variables: $USERINFO, $SERVER and _SESSION[DOKU_COOKIE] for the indicated fields. function trustExternal($user, $pass, $sticky=false) { global $USERINFO; // someone used the login form if(!empty($user)){ //situation: there are user credentials, lets check them if( ...try to authenticate again your backend...) // here you can handle additional post login actions // for your backend }else{ //invalid credentials - log off msg($lang['badlogin'],-1); auth_logoff(); // needs implementation of logOff() method return false; } } //situation: no login form used or logged in successful // check where if there is a logged in user e.g from session, // $_SERVER or what your auth backend supplies... if( ...check here if there is a logged in user...) { $USERINFO['name'] = string $USERINFO['mail'] = string $USERINFO['grps'] = array() $_SERVER['REMOTE_USER'] = $user; //userid $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; //userid $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; return true; }else{ //when needed, logoff explicitly. }
For a description of the $USERINFO
variables see the documentation of the getUserData()
function. Do not forget to add global $USERINFO
to the start of this function, to make the variable accessible.
Another thing to keep in mind if you're implementing Single Sign On based on a cookie, is that if you want to be able to use DokuWiki's login form when SSO cookie is not present, you need to set that cookie once you verify the credentials, so on next page load you can authenticate based on that SSO cookie as $user and $pass variables will be empty since login form is not submitted. In punbb this is done with pun_setcookie()
function call.
Dokuwiki will not show any message if the login failed, therefore this method shall show some information using msg().
Examples
See also this working example of trustExternal().
Some backends using this function are: punbb, cas, cosign, plaincas, django, extdjango, gforge, http version of ggauth, keeyaiwp, mod_auth_tkt, ssp
logOff()
(only when required/possible)createUser($user,$pass,$name,$mail,$grps=null)
(only when required/possible)modifyUser($user, $changes)
(only when required/possible)deleteUsers($users)
(only when required/possible)getUserCount($filter=array()
(needed when retrieveUsers() is implemented)retrieveUsers($start=0,$limit=-1,$filter=null)
(only when required/possible)addGroup($group)
(only when required/possible)retrieveGroups($start=0,$limit=0)
(only when required/possible)isCaseSensitive()
(optional)cleanUser($user)
(optional)cleanGroup($group)
(optional)useSessionCache($user)
(only when required)session_destroy()
in the backend constructor and start your own session then (Note: not fully tested for side effects, yet!).