DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authsplit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
plugin:authsplit [2013-07-07 11:58]
78.53.205.96 Synchronize with README rev 48e7cd87a7
plugin:authsplit [2017-02-27 15:37] (current)
88.128.80.16
Line 1: Line 1:
-====== Split authentication ​Plugin ======+====== Split Authentication ​Plugin ======
  
 ---- plugin ---- ---- plugin ----
Line 6: Line 6:
 email      : pieter@hollants.com email      : pieter@hollants.com
 type       : auth type       : auth
-lastupdate : 2013-07-07 +lastupdate : 2017-02-27 
-compatible : Weatherwax+compatible : Elenor of tsort, Ponder Stibbons, Hrun, Detritus, Frusterick Manners
 depends ​   :  depends ​   : 
 conflicts ​ :  conflicts ​ : 
Line 47: Line 47:
   * ''​logOff()'':​ DokuWiki documentation says this method is run //"in addition to the usual logOff. Useful with trustExternal() to initiate actions for the external backend, eg. use it to clear cookies or similar actions"​.//​\\ \\ authsplit just delegates the call to the //primary// auth plugin'​s ''​logOff()''​ method.\\ \\    * ''​logOff()'':​ DokuWiki documentation says this method is run //"in addition to the usual logOff. Useful with trustExternal() to initiate actions for the external backend, eg. use it to clear cookies or similar actions"​.//​\\ \\ authsplit just delegates the call to the //primary// auth plugin'​s ''​logOff()''​ method.\\ \\ 
   * ''​getUserData()'':​ this is the method DokuWiki uses eg. to retrieve the user's real name for display in the "​Logged in as" section in the upper right (if you use the default "​DokuWiki"​ template). authsplit will call the //primary// auth plugin'​s ''​getUserData()''​ method only to make sure the user exists there and then return the //​secondary//​ auth plugin'​s ''​getUserData()''​ information to DokuWiki. Thus, a user has to be known to both auth plugins, but the //​secondary//'​s user information matters. Any group membership information returned from the //primary// auth plugin will be silently ignored.\\ \\    * ''​getUserData()'':​ this is the method DokuWiki uses eg. to retrieve the user's real name for display in the "​Logged in as" section in the upper right (if you use the default "​DokuWiki"​ template). authsplit will call the //primary// auth plugin'​s ''​getUserData()''​ method only to make sure the user exists there and then return the //​secondary//​ auth plugin'​s ''​getUserData()''​ information to DokuWiki. Thus, a user has to be known to both auth plugins, but the //​secondary//'​s user information matters. Any group membership information returned from the //primary// auth plugin will be silently ignored.\\ \\ 
-  * ''​createUser()'':​ this is the method that gets called if users register themselves or the Admin uses DokuWiki'​s user manager to create an account for them.\\ \\ authhttp ​will first check if the user is not known to the //primary// auth plugin yet and whether it is capable of adding users. If so, it will try to create the user there, first. This is so that you can use DokuWiki to quickly create a user both in DokuWiki **and** your common authentication source without having to fire up whatever admin tool the //primary// auth plugin would otherwise require.\\ \\ If successful (or the //primary// auth plugin does not support adding users, as is the case for authhttp), the user is then created in the //​secondary//​ auth plugin but with an **empty** password. This is by intent since passwords are supposed to come from the //primary// auth plugin.\\ \\ This also means that an Admin can not specify a password in the user manager unless the //primary// auth plugin reports being capable of modifying passwords, too. If not (and this is the case eg. for [[plugin:​authhttp]]),​ this also means that in the user self-registration form, users should not be able to specify a password and DokuWiki should not try to generate one for them because it wouldn'​t be stored anywhere and the user would thus get irritated. [[plugin:​authhttp]] eg. comes with an action plugin that takes care of this.\\ \\+  * ''​createUser()'':​ this is the method that gets called if users register themselves or the Admin uses DokuWiki'​s user manager to create an account for them.\\ \\ authsplit ​will first check if the user is not known to the //primary// auth plugin yet and whether it is capable of adding users. If so, it will try to create the user there, first. This is so that you can use DokuWiki to quickly create a user both in DokuWiki **and** your common authentication source without having to fire up whatever admin tool the //primary// auth plugin would otherwise require.\\ \\ If successful (or the //primary// auth plugin does not support adding users, as is the case for authhttp), the user is then created in the //​secondary//​ auth plugin but with an **empty** password. This is by intent since passwords are supposed to come from the //primary// auth plugin.\\ \\ This also means that an Admin can not specify a password in the user manager unless the //primary// auth plugin reports being capable of modifying passwords, too. If not (and this is the case eg. for [[plugin:​authhttp]]),​ this also means that in the user self-registration form, users should not be able to specify a password and DokuWiki should not try to generate one for them because it wouldn'​t be stored anywhere and the user would thus get irritated. [[plugin:​authhttp]] eg. comes with an action plugin that takes care of this.\\ \\
   * ''​modifyUser()'':​ where authsplit routes a change depends on the actual change itself:   * ''​modifyUser()'':​ where authsplit routes a change depends on the actual change itself:
     * for login names, real names and email addresses, authsplit will try to modify in the //primary// auth plugin first (if that plugin reports being capable of modifying it, that is), then in the //​secondary//​ auth plugin.     * for login names, real names and email addresses, authsplit will try to modify in the //primary// auth plugin first (if that plugin reports being capable of modifying it, that is), then in the //​secondary//​ auth plugin.
Line 120: Line 120:
 ===== Credits ===== ===== Credits =====
  
-This plugin ​in based on ideas in [[auth:​ggauth|the ggauth auth backend]] by [[mailto:​grant@lastweekend.com.au|Grant Gardner]]. Grant does not actively maintain ggauth anymore, so an update for the new auth plugins concept is unlikely.+This plugin ​is based on ideas in [[auth:​ggauth|the ggauth auth backend]] by [[mailto:​grant@lastweekend.com.au|Grant Gardner]]. Grant does not actively maintain ggauth anymore, so an update for the new auth plugins concept is unlikely
 + 
 +Support for external authentication was contributed by [[mailto:​david.darras@univ-lille1.fr|David Darras]].
  
 ===== Discussion ===== ===== Discussion =====
plugin/authsplit.1373191103.txt.gz · Last modified: 2013-07-07 11:58 by 78.53.205.96