This is an old revision of the document!
Table of Contents
authenvvars Plugin
Compatible with DokuWiki
Frusterick Manners, 2017-02-19
This extension has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues.
Motivation
Many webserver provide modules for authentication. For example, Apache provides mod_authn_dbd, mod_authnz_ldap or mod_auth_basic for different database types. One can configure these modules, to set environment variables after successful authentication (e.g AUTHENTICATE_attributename after ldap-authentication or the well known REMOTE_USER environment variable).
Another Apache authentication module is mod-auth-openidc for authentication against the openid connect protocol. The module places authentication and user information in OIDC_CLAIM_ environment variables.
The goal of this plugin is to bypass the dokuwiki authentication mechanisms an use the webserver environment variables for user information. Not dokuwiki ist responseable for authentication but the webserver.
Installation
Download the zip-file from github an copy the containig directory into the lib/plugins directory
of your dokuwiki installation. Rename it to authenvvars
.
Or
Install the plugin using the Plugin Manager and the download URL above, which points to latest version of the plugin.
Usage
In PHP the environment variables are stored in the global $_SERVER variable. To get the user information, the administrator has to inform the plugin, which environment variable stands for the username. This has to be done in the conf/local.php settings.
$conf['plugin']['authenvvars']['useridvar'] = 'REMOTE_USER'; $conf['plugin']['authenvvars']['usernamevar'] = 'AUTHENTICATE_GECOS'; $conf['plugin']['authenvvars']['emailvar'] = 'AUTHENTICATE_MAIL'; $conf['plugin']['authenvvars']['groupsvar'] = 'AUTHENTICATE_MEMBERUID'; $conf['plugin']['authenvvars']['groupattr'] = '';
The correct environment variable depends on the webserver modul. Consult the webserver module documentation for the provided environment variables.
Sometimes it would be helpful to call phpinfo().
Examples
Let's take a look on two Apache-modules and how to use this dokuwiki module to get the user information into dokuwiki. The possible Apache configuration is shown in conjunction with the plugin configuration.
Apache: mod-authnz-ldap
vhost.conf of the webserver:
<VirtualHost *:443> SSLCertificateFile /etc/ssl/path/to/cert SSLCertificateKeyFile /etc/ssl/path/to/key SSLCertificateChainFile /etc/ssl/path/to/bundle ServerName myvhost.server DocumentRoot /var/www/html/mydocroot AuthLDAPUrl "ldaps://ldap.server/dc=ldap,dc=server?gecos,mail?sub?(objectClass=inetOrgPerson)" AuthLDAPBindDN cn=search,ou=dn,ou=to,dc=ldap,dc=server AuthLDAPBindPassword secret-for-binddn AuthLDAPGroupAttribute memberUid Require ldap-group cn=valid,ou=groups,dc=ldap,dc=server </VirtualHost>
conf/local.php of dokuwiki:
$conf['plugin']['authenvvars']['useridvar'] = 'REMOTE_USER'; $conf['plugin']['authenvvars']['usernamevar'] = 'AUTHENTICATE_GECOS'; $conf['plugin']['authenvvars']['emailvar'] = 'AUTHENTICATE_MAIL'; $conf['plugin']['authenvvars']['groupsvar'] = ''; $conf['plugin']['authenvvars']['groupattr'] = '';
Apache: mod-auth-openidc
vhost.conf of the webserver:
<VirtualHost *:443> SSLCertificateFile /etc/ssl/path/to/cert SSLCertificateKeyFile /etc/ssl/path/to/key SSLCertificateChainFile /etc/ssl/path/to/bundle ServerName myvhost.server DocumentRoot /var/www/html/mydocroot OIDCProviderMetadataURL https://authorization.server/.well-known/openid-configuration OIDCProviderIssuer https://authorization.server OIDCClientID idfromauthorizationserver OIDCClientSecret secretfromauthorizationserver OIDCScope "openid profile email groups" OIDCRedirectURI http://myvhost.server/redirecturi OIDCCryptoPassphrase arandomstring </VirtualHost>
conf/local.php of dokuwiki:
$conf['plugin']['authenvvars']['useridvar'] = 'OIDC_CLAIM_preferred_username'; $conf['plugin']['authenvvars']['usernamevar'] = 'OIDC_CLAIM_name'; $conf['plugin']['authenvvars']['emailvar'] = 'OIDC_CLAIM_email'; $conf['plugin']['authenvvars']['groupsvar'] = 'OIDC_CLAIM_groups'; $conf['plugin']['authenvvars']['groupattr'] = 'act';
Configuration and Settings
parameter | meaning |
---|---|
useridvar | The environment varibale which contains the userid. |