Difference between revisions of "Extension:CentralAuth"

Revision as of 12:29, 3 November 2017

This extension runs on a separate database (default centralauth) and can also be safely deactivated. Read also documentations:

• https://www.mediawiki.org/wiki/Extension:CentralAuth
• https://www.mediawiki.org/wiki/Extension:CentralAuth/Walkthrough

General steps to install:

1. Have the appropriate extension version of CentralAuth ready in your extensions directory.
2. Pick a database and create the CentralAuth database tables. You can use an existing database or create a new one; the extension by default uses a database named centralauth (see $wgCentralAuthDatabase below). use this database then run central-auth.sql.
3. prepare the configuration (see below configuration section)
   1. set up configurations (global $wgConf)
   2. set up CentralAuth configuration variables
4. Add require_once "$IP/extensions/CentralAuth/CentralAuth.php"; to /var/www/MediaWikiCommonSettings_REL1_26.php that is included in LocalSettings.php on each of your wikis.
   1. run CentralAuth’ maintenance scripts to gather user data into centralauth database
5. The extension should be now active.

Create and Modify Database centralauth

cd /var/www/metawiki/extensions/CentralAuth/
mysql -u wikiadmin -p
# (enter password for wikiadmin SQL user)

In mysql terminal:

CREATE DATABASE centralauth;
USE centralauth;
SOURCE central-auth.sql
GRANT all on centralauth.* to 'wikiuser'@'localhost';
quit

Add global group permission for steward:

INSERT INTO global_group_permissions (ggp_group,ggp_permission) VALUES ('steward','globalgrouppermissions'), ('steward','globalgroupmembership');

If $wgMainCacheType = CACHE_DB; is used create table objectcache:

CREATE TABLE centralauth.objectcache LIKE metawiki.objectcache;

If extension:AntiSpoof is used:

$ mysqldump -u $wgDBuser -p $wgDbName spoofuser > /tmp/spoofuser.temp
$ mysql -u $wgDBuser -p centralauth < /tmp/spoofuser.temp

Configuration of CentralAuth

Familiarize yourself with the following (code) documentations:

• extension/CentralAuth.php (global, default settings)
• https://www.mediawiki.org/wiki/Extension:CentralAuth/Walkthrough

In Common settings:

require_once "$IP/extensions/CentralAuth/CentralAuth.php";
# General CentralAuth configuration
$wgCentralAuthAutoNew = true; // Parameter deleted from MediaWiki 1.27
# $wgCentralAuthDatabase = 'centralauth'; // use default: 'centralauth'
$wgCentralAuthAutoMigrate = true; // If true, existing unattached accounts will be automatically migrated if possible at first login.
# $wgCentralAuthCookieDomain = '.example.org'; // Domain to set global cookies for

/**
 * List of wiki IDs which should be called on login to try to set third-party
 * cookies for the global session state.
 * Mapping from domain name to wiki id for other wikis to automatically login into.
 * The wiki ID is typically the database name
 * The key should be set to the cookie domain name.
 */
switch ($wgDBname) {
  default:
    $wgCentralAuthAutoLoginWikis = array(
      "openmedia",
      "specialmedia",
      "onwiki",
    );
}// $wgCentralAuthAutoLoginWikis

# Create the local account on pageview, set false to require a local login to create it.
$wgCentralAuthCreateOnView = true;

# Activates the redirect to the "central login wiki"
$wgCentralAuthLoginWiki = 'metawiki'; // This requires $wgCentralAuthCookies.
$wgCentralAuthLoginIcon = "/var/www/metawiki/media/logo/favicon32.png";// in MW 1.26.2 code allows you only to have a single string
$wgCentralAuthCookies = true;// $wgCentralAuthLoginWiki requires this

# Skips the "login success" page
$wgCentralAuthSilentLogin = true;// not available yet in MW 1.26

# Deprecated, will be removed soon.
$wgCentralAuthUseOldAutoLogin = false;// not available yet in MW 1.26

Let the maintenance scripts of CentralAuth read in login and configuration data after set up, do this one time:

cd /var/www/metawiki/extensions/CentralAuth/
php maintenance/migratePass0.php
php maintenance/migratePass1.php

Open Issues

The extension is still not working (20171103) and has open issues to be resolved:

• it does not log in to Wikis declared in $wgCentralAuthAutoLoginWikis
  • solution approach: cookie issue?
• log in problems and has to be tested still by others if working or not; for me, AP, it worked (no exception):
  • http://diversityworkbench.net/w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=DiversityCollection causes (by Markus Weiss SNSB IT)
    Exception encountered, of type "Exception"
  • guessing the cause (AP): I did run php maintenance/migratePass….php multiple times while changing CentralAuth settings and maintenance/migratePass1.php ended up by reporting an exception, this may be the cause of the above exception. After emptying centralauth database and re-run migratePass0.php and migratePass1.php it run through smoothly.
• I (AP) tested Cache issues (https://www.mediawiki.org/w/index.php?title=Extension:CentralAuth&oldid=2545898#Cache_issues)
  • $wgMainCacheType = CACHE_DB; no effect to $wgCentralAuthAutoLoginWikis
  • $wgSharedTables = array( …, 'objectcache' ); no effect to $wgCentralAuthAutoLoginWikis
  • not tested to switch to: $wgSharedDB = 'centralauth'; but $wgSharedDB = 'metawiki'; had no effect to $wgCentralAuthAutoLoginWikis