Revision history for Webauth
Revision [19429]
Last edited on 2008-01-28 00:15:58 by JavaWoman [Modified links pointing to docs server]No Differences
Revision [17815]
Edited on 2007-12-12 11:03:17 by JavaWoman [prevent function references looking as page links]Additions:
Also comment out function ""GetUserName()"" and replace with
Deletions:
Additions:
Still to do: It's not possible to delete a page using /delete - (this may just be me being thick)
Additions:
Still to do: user settings page has the username wrong
Additions:
Still to do: You can edit pages fine, index pages works fine but recent pages says "There are no recently changed pages you have access to"
Additions:
Also comment out function GetUserName and replace with
function GetUserName() { $name=$_SERVER["REMOTE_USER"]; return $name;}
function GetUserName() { $name=$_SERVER["REMOTE_USER"]; return $name;}
Deletions:
Additions:
Still to do: It now appears to be recognising that the user is already authenticated (e.g. not asking them to login) however the usernames used by webauth (at this location) aren't valid Wiki Formatted names so a username of deptname01234 appears as "d" in the top right of the wiki page currently.
Still to do: For "webauth" I also just need to make the logout redirect to a specific url e.g. https://webauth.mycompany.somewhere/logout which will kill the kerberos session.
Still to do: For "webauth" I also just need to make the logout redirect to a specific url e.g. https://webauth.mycompany.somewhere/logout which will kill the kerberos session.
Deletions:
Additions:
The webauth Apache module, and any other apache authentication module should set $_SERVER[REMOTE_USER] once the user is authenticated.
E.g. to access the wiki directory Apache uses a module you have configured (basic auth via a .htaccess file, or auth via mod_webauth etc) challenges the user for a username and password, I think you will still need a users entry in the database.
It now appears to be recognising that the user is already authenticated (e.g. not asking them to login) however the usernames used by webauth (at this location) aren't valid Wiki Formatted names so a username of deptname01234 appears as "d" in the top right of the wiki page currently.
E.g. to access the wiki directory Apache uses a module you have configured (basic auth via a .htaccess file, or auth via mod_webauth etc) challenges the user for a username and password, I think you will still need a users entry in the database.
It now appears to be recognising that the user is already authenticated (e.g. not asking them to login) however the usernames used by webauth (at this location) aren't valid Wiki Formatted names so a username of deptname01234 appears as "d" in the top right of the wiki page currently.
Deletions:
It now appears to be authenticating the user however the usernames used by webauth (at this location) aren't valid Wiki Formatted names.
Additions:
so in approx line 808 in libs/Wakka.class.php
Deletions:
(approx line 808 in libs/Wakka.class.php)
Revision [16269]
Edited on 2007-03-09 05:37:32 by GuyEdwards [Got it working with one remaining issue]Additions:
The webauth Apache module, and any other apache authentication module should set $_SERVER[REMOTE_USER] once the user is authenticated.
so in
comment out the existing line and replace:
(approx line 808 in libs/Wakka.class.php)
// function GetUser() { return (isset($_SESSION["user"])) ? $_SESSION["user"] : NULL; }
function GetUser() { return (isset($_SERVER["REMOTE_USER"])) ? $_SERVER["REMOTE_USER"] : NULL; }
It now appears to be authenticating the user however the usernames used by webauth (at this location) aren't valid Wiki Formatted names.
so in
comment out the existing line and replace:
(approx line 808 in libs/Wakka.class.php)
// function GetUser() { return (isset($_SESSION["user"])) ? $_SESSION["user"] : NULL; }
function GetUser() { return (isset($_SERVER["REMOTE_USER"])) ? $_SERVER["REMOTE_USER"] : NULL; }
It now appears to be authenticating the user however the usernames used by webauth (at this location) aren't valid Wiki Formatted names.
Deletions:
=== Scenario ===
The user has already logged into your apache server after being authenticated by the webauth apache module. As per the ActiveDirectory page you still want to track chages however.
=== pre requisites ===
Working and tested webauth module
=== Solution ===
Working through http://wikkawiki.org/ActiveDirectory and applying the same changes, but in this case we know who the user is through use of another apache module, webauth: http://webauth.stanford.edu/obtain.html
1) Add a new field in the users database:
%%(sql)
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
2) Add the following code in wikka.config.php
%%(php)
"user_identification" => "webauth",
3) In libs/Wakka.class.php about line 985, just after:
%%(php)
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
Add the following code:
%%(php)
// Check if webauth is on and webauth user known
if (($this->config["user_identification"]=="webauth") && (!$this->GetUser()))
{
$idwebauth = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idwebauth)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
4) In libs/Wakka.class.php on line 806 we modify the function GetUserName() to use the WEBAUTH_USER server variable:
ref: http://www.stanford.edu/services/webauth/manual/mod/mod_webauth.html
%%(php)
function GetUserName() {
if ($user = $this->GetUser()){
//$name = $user["name"];
$name = $_SERVER["WEBAUTH_USER"];
// start of new code
}
else if (!$name = $_SERVER["WEBAUTH_USER"]) {
$name = $_SERVER["WEBAUTH_USER"];
// belts, braces, thermos, survival bag....
$name = trim(htmlentities(strip_tags($name)));
//end of new code
}
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"])) {
$name = $_SERVER["REMOTE_ADDR"];
}
return $name;
}
=== How to use it? ===
Added webauth username to the alias field
....not working will try again tomorrow
Additions:
function GetUserName() {
if ($user = $this->GetUser()){
//$name = $user["name"];
$name = $_SERVER["WEBAUTH_USER"];
// start of new code
}
else if (!$name = $_SERVER["WEBAUTH_USER"]) {
$name = $_SERVER["WEBAUTH_USER"];
// belts, braces, thermos, survival bag....
$name = trim(htmlentities(strip_tags($name)));
//end of new code
}
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"])) {
$name = $_SERVER["REMOTE_ADDR"];
}
return $name;
if ($user = $this->GetUser()){
//$name = $user["name"];
$name = $_SERVER["WEBAUTH_USER"];
// start of new code
}
else if (!$name = $_SERVER["WEBAUTH_USER"]) {
$name = $_SERVER["WEBAUTH_USER"];
// belts, braces, thermos, survival bag....
$name = trim(htmlentities(strip_tags($name)));
//end of new code
}
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"])) {
$name = $_SERVER["REMOTE_ADDR"];
}
return $name;
Deletions:
if ($user = $this->GetUser())
$name = $user["name"];
// start of new code
else if (!$name = $_SERVER["WEBAUTH_USER"])
$name = $_SERVER["WEBAUTH_USER"];
// belts, braces, thermos, survival bag....
$name = trim(htmlentities(strip_tags($name)));
//end of new code
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"]))
$name = $_SERVER["REMOTE_ADDR"];
return $name;
Additions:
Added webauth username to the alias field
....not working will try again tomorrow
....not working will try again tomorrow
