DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
plugin:authenvvars

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
plugin:authenvvars [2020-05-03 12:45] – [Configuration and Settings] physiklehrerplugin:authenvvars [2021-09-05 10:28] (current) physiklehrer
Line 7: Line 7:
 type       : action, auth type       : action, auth
 lastupdate : 2020-05-02 lastupdate : 2020-05-02
-compatible : Frusterick Manners, 2017-02-19+compatible : Frusterick Manners, Hogfather
 depends    :  depends    : 
 conflicts  conflicts 
Line 29: Line 29:
 protocol. The module places authentication and user information in OIDC_CLAIM_ environment variables. protocol. The module places authentication and user information in OIDC_CLAIM_ environment variables.
  
-The goal of this plugin is to bypass the dokuwiki authentication mechanisms an use the webserver+The goal of this plugin is to bypass the dokuwiki authentication mechanisms and use the webserver
 environment variables for user information. Not dokuwiki ist responseable for authentication but environment variables for user information. Not dokuwiki ist responseable for authentication but
 the webserver. the webserver.
Line 41: Line 41:
  
 Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin. Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin.
 +
 +Be sure to enable authennvars by setting $conf['authtype'] = 'authenvvars' in conf/dokuwiki.php.
  
 ===== Usage ===== ===== Usage =====
Line 50: Line 52:
 $conf['plugin']['authenvvars']['emailvar'   = 'AUTHENTICATE_MAIL'; $conf['plugin']['authenvvars']['emailvar'   = 'AUTHENTICATE_MAIL';
 $conf['plugin']['authenvvars']['groupsvar'  = 'AUTHENTICATE_MEMBERUID'; $conf['plugin']['authenvvars']['groupsvar'  = 'AUTHENTICATE_MEMBERUID';
 +$conf['plugin']['authenvvars']['groupformat'] = 'json';
 $conf['plugin']['authenvvars']['groupattr'  = ''; $conf['plugin']['authenvvars']['groupattr'  = '';
 +$conf['plugin']['authenvvars']['groupsep'   = ';';
 </code> </code>
 The correct environment variable depends on the webserver modul. Consult the webserver module documentation for the provided environment variables. The correct environment variable depends on the webserver modul. Consult the webserver module documentation for the provided environment variables.
Line 61: Line 65:
 The possible Apache configuration is shown in conjunction with the plugin configuration. The possible Apache configuration is shown in conjunction with the plugin configuration.
 ==== Apache: mod-authnz-ldap ==== ==== Apache: mod-authnz-ldap ====
-vhost.conf of the webserver:+''vhost.conf'' of the webserver:
 <code apache> <code apache>
 <VirtualHost *:443> <VirtualHost *:443>
Line 71: Line 75:
     DocumentRoot /var/www/html/mydocroot     DocumentRoot /var/www/html/mydocroot
  
-    AuthLDAPUrl "ldaps://ldap.server/dc=ldap,dc=server?gecos,mail?sub?(objectClass=inetOrgPerson)"+    AuthLDAPUrl "ldaps://ldap.server/dc=ldap,dc=server?gecos,mail,memberuid?sub?(objectClass=inetOrgPerson)"
     AuthLDAPBindDN cn=search,ou=dn,ou=to,dc=ldap,dc=server     AuthLDAPBindDN cn=search,ou=dn,ou=to,dc=ldap,dc=server
     AuthLDAPBindPassword secret-for-binddn     AuthLDAPBindPassword secret-for-binddn
Line 79: Line 83:
 </code> </code>
  
-conf/local.php of dokuwiki:+''conf/local.php'' of dokuwiki:
 <code php> <code php>
 $conf['plugin']['authenvvars']['useridvar'  = 'REMOTE_USER'; $conf['plugin']['authenvvars']['useridvar'  = 'REMOTE_USER';
 $conf['plugin']['authenvvars']['usernamevar'] = 'AUTHENTICATE_GECOS'; $conf['plugin']['authenvvars']['usernamevar'] = 'AUTHENTICATE_GECOS';
 $conf['plugin']['authenvvars']['emailvar'   = 'AUTHENTICATE_MAIL'; $conf['plugin']['authenvvars']['emailvar'   = 'AUTHENTICATE_MAIL';
-$conf['plugin']['authenvvars']['groupsvar'  = ''; +$conf['plugin']['authenvvars']['groupsvar'  = 'AUTHENTICATE_MEMBERUID'; 
-$conf['plugin']['authenvvars']['groupattr'  = '';+$conf['plugin']['authenvvars']['groupformat'] = 'csv'; 
 +$conf['plugin']['authenvvars']['groupattr'  = '';  // Not used in case of groupformat = csv 
 +$conf['plugin']['authenvvars']['groupsep'   = ';';
 </code> </code>
 ==== Apache: mod-auth-openidc ==== ==== Apache: mod-auth-openidc ====
Line 114: Line 120:
 $conf['plugin']['authenvvars']['emailvar'   = 'OIDC_CLAIM_email'; $conf['plugin']['authenvvars']['emailvar'   = 'OIDC_CLAIM_email';
 $conf['plugin']['authenvvars']['groupsvar'  = 'OIDC_CLAIM_groups'; $conf['plugin']['authenvvars']['groupsvar'  = 'OIDC_CLAIM_groups';
 +$conf['plugin']['authenvvars']['groupformat'] = 'json';
 $conf['plugin']['authenvvars']['groupattr'  = 'act'; $conf['plugin']['authenvvars']['groupattr'  = 'act';
 +$conf['plugin']['authenvvars']['groupsep'   = ';'; // Not used in case of groupformat = json
 </code> </code>
 ===== Configuration and Settings ===== ===== Configuration and Settings =====
Line 122: Line 130:
 | ''usernamevar''  | The environment varibale which contains the users name.                                                                                                                                     | | ''usernamevar''  | The environment varibale which contains the users name.                                                                                                                                     |
 | ''emailvar''     | The environment varibale which contains the users email address.                                                                                                                            | | ''emailvar''     | The environment varibale which contains the users email address.                                                                                                                            |
-| ''groupsvar''    | The environment varibale which contains the groups. This plugin expects an array or an object in form of a valid JSON-String. json_decode() decodes the string into an (associated) array. Only the values of that array are important.  +| ''groupsvar''    | The environment varibale which contains the groups. This plugin expects in case of ''groupformat=json'' an array or an object in form of a valid JSON-String. json_decode() decodes the string into an (associated) array. Only the values of that array are important. Or this plugin expects a comma-separated String of groupnames in case of ''groupformat=csv'' 
-| ''groupsattr''   | Contains the required key if the values of the group array are (associative) arrays.                                                                                                        +| ''groupformat'' | Possible values are json or csv | 
 +| ''groupattr''   In case of ''groupformat=json'':Contains the required key if the values of the group array are (associative) arrays.                                                                                                       
 +| ''groupsep'' | Field seperator in case of ''groupformat=csv''|
plugin/authenvvars.1588502730.txt.gz · Last modified: 2020-05-03 12:45 by physiklehrer
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links