Securing MediaWiki using Centrale KU Leuven Login

From ULYSSIS documentation
Revision as of 15:22, 18 September 2017 by Bert (talk | contribs)

About

MediaWikiShibboleth is the name of a MediaWiki extension created by ULYSSIS to allow for Shibboleth (Centrale KU Leuven) login. The extension disables editing and creating of (talk) pages by anonymous users, and requires Shibboleth account creation and login.

Prerequisites

Before installing, you need to have SSL and Shibboleth (Centrale KU Leuven) login enabled on your domain. For instructions on how to get SSL: https://docs.ulyssis.org/Getting_SSL Information about requesting Shibboleth: https://docs.ulyssis.org/Shibboleth Once you know everything is installed properly, you can proceed to install the extension.

Installation

First unzip the zip file in your <mediawiki root>/extensions/ directory. Then, add the following lines to your <mediawiki root>/LocalSettings.php:

wfLoadExtension('MediaWikiShibboleth');
include 'extensions/MediaWikiShibboleth/MediaWikiShibboleth_body.php';

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;

If you want to allow anonymous editing, you should not add the last 4 lines of the previous paragraph.

Operation

When the extension is installed successfully, anonymous users will not be able to create an account and the account creation page will be removed from the home page. On the log in page, a new image is added: if you click on this image, you will be logged in using Shibboleth. If you want to log in with an explicit username/password combination, you can click "Password Login" to expand a login menu.

The new log in page looks like this with "Password Login" expanded:

Login.png

Creating accounts

If you want to create password accounts, you can navigate to the CreateAccount special page (make sure you are logged in using an administrator account). This is necessary to create accounts for users without a KU Leuven login. You should select "Use a temporary random password and send it to the specified email address".

CreateAccount.png