DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authsplit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
plugin:authsplit [2013-07-07 11:59] – Synchronize with README rev c6e55445c6 78.53.205.96plugin:authsplit [2023-09-20 20:51] (current) – docs of the old auth backends is removed Klap-in
Line 1: Line 1:
-====== Split authentication Plugin ======+====== Split Authentication Plugin ======
  
 ---- plugin ---- ---- plugin ----
Line 6: Line 6:
 email      : pieter@hollants.com email      : pieter@hollants.com
 type       : auth type       : auth
-lastupdate : 2013-07-07 +lastupdate : 2023-07-28 
-compatible : Weatherwax+compatible : Elenor of tsort, Ponder Stibbons, Hrun, Detritus, Frusterick Manners, greebo, hogfather, igor,  jack jackrum
 depends    :  depends    : 
 conflicts  conflicts 
-similar    : +similar    : authchained
 tags       : authentication split tags       : authentication split
  
Line 21: Line 21:
 ---- ----
  
-:!: This is an authentication plugin for DokuWiki Weatherwax (2013-05-10a) and later! For a solution for earlier DokuWiki versions please refer to [[auth:ggauth|ggauth]]. 
  
 ===== Description ===== ===== Description =====
Line 47: Line 46:
   * ''logOff()'': DokuWiki documentation says this method is run //"in addition to the usual logOff. Useful with trustExternal() to initiate actions for the external backend, eg. use it to clear cookies or similar actions".//\\ \\ authsplit just delegates the call to the //primary// auth plugin's ''logOff()'' method.\\ \\    * ''logOff()'': DokuWiki documentation says this method is run //"in addition to the usual logOff. Useful with trustExternal() to initiate actions for the external backend, eg. use it to clear cookies or similar actions".//\\ \\ authsplit just delegates the call to the //primary// auth plugin's ''logOff()'' method.\\ \\ 
   * ''getUserData()'': this is the method DokuWiki uses eg. to retrieve the user's real name for display in the "Logged in as" section in the upper right (if you use the default "DokuWiki" template). authsplit will call the //primary// auth plugin's ''getUserData()'' method only to make sure the user exists there and then return the //secondary// auth plugin's ''getUserData()'' information to DokuWiki. Thus, a user has to be known to both auth plugins, but the //secondary//'s user information matters. Any group membership information returned from the //primary// auth plugin will be silently ignored.\\ \\    * ''getUserData()'': this is the method DokuWiki uses eg. to retrieve the user's real name for display in the "Logged in as" section in the upper right (if you use the default "DokuWiki" template). authsplit will call the //primary// auth plugin's ''getUserData()'' method only to make sure the user exists there and then return the //secondary// auth plugin's ''getUserData()'' information to DokuWiki. Thus, a user has to be known to both auth plugins, but the //secondary//'s user information matters. Any group membership information returned from the //primary// auth plugin will be silently ignored.\\ \\ 
-  * ''createUser()'': this is the method that gets called if users register themselves or the Admin uses DokuWiki's user manager to create an account for them.\\ \\ authsplit will first check if the user is not known to the //primary// auth plugin yet and whether it is capable of adding users. If so, it will try to create the user there, first. This is so that you can use DokuWiki to quickly create a user both in DokuWiki **and** your common authentication source without having to fire up whatever admin tool the //primary// auth plugin would otherwise require.\\ \\ If successful (or the //primary// auth plugin does not support adding users, as is the case for authhttp), the user is then created in the //secondary// auth plugin but with an **empty** password. This is by intent since passwords are supposed to come from the //primary// auth plugin.\\ \\ This also means that an Admin can not specify a password in the user manager unless the //primary// auth plugin reports being capable of modifying passwords, too. If not (and this is the case eg. for [[plugin:authhttp]]), this also means that in the user self-registration form, users should not be able to specify a password and DokuWiki should not try to generate one for them because it wouldn't be stored anywhere and the user would thus get irritated. [[plugin:authhttp]] eg. comes with an action plugin that takes care of this.\\ \\+  * ''createUser()'': this is the method that gets called if users register themselves or the Admin uses DokuWiki's user manager to create an account for them.\\ \\ authsplit will first check if the user is not known to the //primary// auth plugin yet and whether it is capable of adding users. If so, it will try to create the user there, first. This is so that you can use DokuWiki to quickly create a user both in DokuWiki **and** your common authentication source without having to fire up whatever admin tool the //primary// auth plugin would otherwise require.\\ \\ If successful (or the //primary// auth plugin does not support adding users, as is the case for [[plugin:authhttp]]), the user is then created in the //secondary// auth plugin but with an **empty** password. This is by intent since passwords are supposed to come from the //primary// auth plugin.\\ \\ This also means that an Admin can not specify a password in the user manager unless the //primary// auth plugin reports being capable of modifying passwords, too. If not (and this is the case eg. for [[plugin:authhttp]]), this also means that in the user self-registration form, users should not be able to specify a password and DokuWiki should not try to generate one for them because it wouldn't be stored anywhere and the user would thus get irritated. [[plugin:authhttp]] eg. comes with an action plugin that takes care of this.\\ \\
   * ''modifyUser()'': where authsplit routes a change depends on the actual change itself:   * ''modifyUser()'': where authsplit routes a change depends on the actual change itself:
     * for login names, real names and email addresses, authsplit will try to modify in the //primary// auth plugin first (if that plugin reports being capable of modifying it, that is), then in the //secondary// auth plugin.     * for login names, real names and email addresses, authsplit will try to modify in the //primary// auth plugin first (if that plugin reports being capable of modifying it, that is), then in the //secondary// auth plugin.
Line 60: Line 59:
 So to summarize which auth plugins are involved in which method calls: So to summarize which auth plugins are involved in which method calls:
  
-| || **Primary auth plugin** | **Secondary auth plugin** |+^ method  ^^ Primary auth plugin Secondary auth plugin ^
 | ''checkPass()'' || Authenticated here | User existance required\\ //(Can create if ''autocreate_users'' == 1)// | | ''checkPass()'' || Authenticated here | User existance required\\ //(Can create if ''autocreate_users'' == 1)// |
 | ''trustExternal()'' || Authenticated here | User existance required\\ //(Can create if ''autocreate_users'' == 1)// | | ''trustExternal()'' || Authenticated here | User existance required\\ //(Can create if ''autocreate_users'' == 1)// |
Line 93: Line 92:
 ===== Installation ===== ===== Installation =====
  
-Download the latest version from [[https://github.com/pief/authsplit/zipball/master|Github]] and rename the extracted directory to ''authsplit'', otherwise the plugin won't work.+Search and install the plugin using the [[plugin:extension|Extension Manager]]. 
  
-Please refer to [[:Plugins]] for additional info on how to install plugins in DokuWiki.+Alternatively, download the latest version from [[https://github.com/pief/authsplit/zipball/master|Github]] to ''lib/plugins'' and rename the extracted directory to ''authsplit'', otherwise the plugin won't work. Please refer to [[:Plugins]] for additional info on how to install plugins in DokuWiki.
  
 ===== Configuration and Settings ===== ===== Configuration and Settings =====
Line 102: Line 101:
   * ''primary_authplugin'': This is the DokuWiki auth plugin that will be used to validate login names and passwords. An example candidate is my authhttp plugin.   * ''primary_authplugin'': This is the DokuWiki auth plugin that will be used to validate login names and passwords. An example candidate is my authhttp plugin.
   * ''secondary_authplugin'': This is the DokuWiki auth plugin that will be used to store additional user information such as real names, email addresses and groups.   * ''secondary_authplugin'': This is the DokuWiki auth plugin that will be used to store additional user information such as real names, email addresses and groups.
 +  * ''username_caseconversion'': If one of the two auth plugins used is case-sensitive, it may be necessary to enable this setting to let authsplit convert the username to either uppercase or lowercase (eg. when combining authldap which is case-insensitive with authsplit which is not).
   * ''autocreate_users'': If enabled, authsplit will automatically create user accounts for any users that exist in the //primary// auth plugin, but are yet unknown in the //secondary// auth plugin. If disabled, users will either have to register themselves or created by the admin (eg. if registration has been disabled).   * ''autocreate_users'': If enabled, authsplit will automatically create user accounts for any users that exist in the //primary// auth plugin, but are yet unknown in the //secondary// auth plugin. If disabled, users will either have to register themselves or created by the admin (eg. if registration has been disabled).
- +  * ''debug'': If enabled, authsplit will flood the screen with debugging messages meant to aid in troubleshooting its operation. This setting should not be enabled in productive setups.
-Sample settings for using authhttp and authplain, without automatic user creation: +
- +
-<code php> +
-$conf['authtype'] = 'authsplit'; +
-$conf['plugin']['authsplit']['primary_authplugin'] = 'authhttp'; +
-$conf['plugin']['authsplit']['secondary_authplugin'] = 'authplain'; +
-$conf['plugin']['authsplit']['autocreate_users'] = 0; +
-</code>+
  
 Note that you'll have to take some of the used auth plugin's settings into consideration whereas some may not apply any longer due to the way authsplit works. For example, when using [[plugin:authhttp]] as the //primary// auth plugin, [[plugin:authhttp]]'s configuration settings no longer have any effect since all email addresses and group information come from the //secondary// auth plugin instead. Note that you'll have to take some of the used auth plugin's settings into consideration whereas some may not apply any longer due to the way authsplit works. For example, when using [[plugin:authhttp]] as the //primary// auth plugin, [[plugin:authhttp]]'s configuration settings no longer have any effect since all email addresses and group information come from the //secondary// auth plugin instead.
Line 120: Line 112:
 ===== Credits ===== ===== Credits =====
  
-This plugin in based on ideas in [[auth:ggauth|the ggauth auth backend]] by [[mailto:grant@lastweekend.com.au|Grant Gardner]]. Grant does not actively maintain ggauth anymore, so an update for the new auth plugins concept is unlikely.+This plugin is based on ideas in the "ggauthauth backend by [[mailto:grant@lastweekend.com.au|Grant Gardner]]. Grant does not actively maintain ggauth anymore, so an update for the new auth plugins concept is unlikely
 + 
 +Support for external authentication was contributed by [[mailto:david.darras@univ-lille1.fr|David Darras]].
  
 ===== Discussion ===== ===== Discussion =====
plugin/authsplit.1373191147.txt.gz · Last modified: 2013-07-07 11:59 by 78.53.205.96

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki