It's better when it's simple

User Tools

Site Tools


MantisBT Authentication Plugin

Compatible with DokuWiki

  • 2024-02-06 "Kaos" yes
  • 2023-04-04 "Jack Jackrum" yes
  • 2022-07-31 "Igor" yes
  • 2020-07-29 "Hogfather" yes

plugin Enables single sign-on to DokuWiki using MantisBT as authentication back-end.

Last updated on


This authentication plugin enables single sign-on to DokuWiki, using an external trust mechanism to authenticate users against MantisBT.

It is based upon the original authentication back-end written by Victor Boctor back in 2006.

More information about integrating MantisBT with DokuWiki can be found on the MantisBT Wiki.


This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.



This plugin requires access to a MantisBT instance located on the same server as DokuWiki.

DokuWiki compatibility

The plugin is compatible with DokuWiki release 2013-05-10 “Weatherwax” and later.

Older releases used authentication back-ends instead of plugins. This code is no longer supported, but still available in for use with DokuWiki releases before 2013-05-10 “Weatherwax”.

MantisBT compatibility

MantisBT releases 1.2.x or later and 2.x are fully supported. The plugin may work with earlier releases as well, but this has not been tested.

The MantisBT wiki relies on this plugin since 2013.


Install the plugin following the standard process, then proceed with the next 3 sections.

Access Control List Configuration

Setup ACL rules for groups as appropriate for your environment, by defining entries in acl.auth.php for each access level defined in your MantisBT instance.

For example, with default MantisBT access levels your setup could be:

# MantisBT access levels
*  @VIEWER         1
*  @REPORTER       2
*  @UPDATER        4
*  @DEVELOPER      8
*  @MANAGER        16

In addition to the above, if you want anonymous, read-only access to your wiki for everyone (i.e. including non logged-in users), you could add

*  @ALL            1

Please refer to Access Control Lists (ACL)s documentation for further information.

MantisBT Core Initialization

Add the following lines to your local.protected.php file, adjusting the path to the MantisBT root as appropriate:

# Path to the MantisBT root directory on the server
define( 'MANTIS_ROOT', '/path/to/mantisbt/' );
require_once( MANTIS_ROOT . 'core.php' );

Note that this can't be done in the plugin (i.e. with a configuration option), due to conflicts with the declaration of utf8 compatibility functions between MantisBT core and DokuWiki, so the only option for now is to initialize the MantisBT core from the DokuWiki config file.

Set the Authentication Back-End

Now the authmantis back-end can be enabled in the DokuWiki configuration:

  1. Open the DokuWiki Configuration Manager
  2. In the Authentication section:
    • Check Use access control lists
    • Select authmantis as Authentication backend
    • Add @ADMINISTRATOR in the Superuser field
  3. Save the changes.

Alternatively, you can manually edit the local.php (or local.protected.php) file:

$conf['useacl']      = 1;
$conf['authtype']    = 'authmantis';
$conf['superuser']   = '@ADMINISTRATOR';
$conf['plugin']['authmantis']['mantis_root'] = '/path/to/mantisbt/';

Content Security Policy

MantisBT enables Content Security Policy by default. This can cause issues and prevent DokuWiki from functioning properly1) when this plugin is installed.

To fix the problem, please install the cspheader plugin, and configure it as follows:

Directive Value
script-src 'self' 'unsafe-inline'
style-src 'self' 'unsafe-inline'
img-src 'self' data:

Other settings are left as default (specifically, default-src and base-uri set to 'self', all other directives empty).

The above settings have been confirmed working with DokuWiki's default template, but may need to be adapted if using a different template or to your sites' specifics.


Revision history (Github releases)

Recent commits

Full Git log.

Known Bugs and Issues

Please refer to the plugin's Issue tracker on Github.


This plugin is based on the Authentication back-end written by Victor Boctor, published in the MantisBT Wiki back in 2006.

In August 2013, Ventzy Kunev first published another version of this plugin here. His variant was based on the same original source code from the MantisBT Wiki, but considering that it was unmaintained since 2013 (with just a version bump in 2015), the MantisBT team decided to replace Ventzy's original plugin with the one used for the official MantisBT wiki, which differs slightly. At this occasion, this page was almost entirely rewritten.


I locked myself out, what do I do now?

  1. Edit your local configuration file ./conf/local.php
  2. Reset authentication to authplain
    $conf['authtype'] = 'authplain';
  3. Save the file
plugin/authmantis.txt · Last modified: 2024-03-29 20:54 by dregad

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki