Extension:CentralAuth

This extension runs on a separate database (default centralauth) and can also be safely deactivated. Read also documentations:

• https://www.mediawiki.org/wiki/Extension:CentralAuth
• https://www.mediawiki.org/wiki/Extension:CentralAuth/Walkthrough

General steps to install:

1. Have the appropriate extension version of CentralAuth ready in your extensions directory.
2. Pick a database and create the CentralAuth database tables. You can use an existing database or create a new one; the extension by default uses a database named centralauth (see $wgCentralAuthDatabase below). use this database then run central-auth.sql.
3. prepare the configuration (see below configuration section)
   1. set up configurations (global $wgConf)
   2. set up CentralAuth configuration variables
4. Add require_once "$IP/extensions/CentralAuth/CentralAuth.php"; to /var/www/MediaWikiCommonSettings_REL1_26.php that is included in LocalSettings.php on each of your wikis.
   1. run CentralAuth’ maintenance scripts to gather user data into centralauth database
5. The extension should be now active.

Create and Modify Database centralauth

cd /var/www/metawiki/extensions/CentralAuth/
mysql -u wikiadmin -p
# (enter password for wikiadmin SQL user)

In mysql terminal:

CREATE DATABASE centralauth;
USE centralauth;
SOURCE central-auth.sql
GRANT all on centralauth.* to 'wikiuser'@'localhost';
quit

Add global group permission for steward:

INSERT INTO global_group_permissions (ggp_group,ggp_permission) VALUES ('steward','globalgrouppermissions'), ('steward','globalgroupmembership');

If $wgMainCacheType = CACHE_DB; is used create table objectcache:

CREATE TABLE centralauth.objectcache LIKE metawiki.objectcache;

If extension:AntiSpoof is used:

$ mysqldump -u $wgDBuser -p $wgDbName spoofuser > /tmp/spoofuser.temp
$ mysql -u $wgDBuser -p centralauth < /tmp/spoofuser.temp

Configuration of CentralAuth

Familiarize yourself with the following (code) documentations:

• extension/CentralAuth.php (global, default settings)
• https://www.mediawiki.org/wiki/Extension:CentralAuth/Walkthrough

In Common settings:

require_once "$IP/extensions/CentralAuth/CentralAuth.php";
# General CentralAuth configuration
$wgCentralAuthAutoNew = true; // Parameter deleted from MediaWiki 1.27
# $wgCentralAuthDatabase = 'centralauth'; // use default: 'centralauth'
$wgCentralAuthAutoMigrate = true; // If true, existing unattached accounts will be automatically migrated if possible at first login.
# $wgCentralAuthCookieDomain = '.example.org'; // Domain to set global cookies for

/**
 * List of wiki IDs which should be called on login to try to set third-party
 * cookies for the global session state.
 * Mapping from domain name to wiki id for other wikis to automatically login into.
 * The wiki ID is typically the database name
 * The key should be set to the cookie domain name.
 */
switch ($wgDBname) {
  default:
    $wgCentralAuthAutoLoginWikis = array(
      "openmedia",
      "specialmedia",
      "onwiki",
    );
}// $wgCentralAuthAutoLoginWikis

# Create the local account on pageview, set false to require a local login to create it.
$wgCentralAuthCreateOnView = true;

# Activates the redirect to the "central login wiki"
$wgCentralAuthLoginWiki = 'metawiki'; // This requires $wgCentralAuthCookies.
$wgCentralAuthLoginIcon = "/var/www/metawiki/media/logo/favicon32.png";// in MW 1.26.2 code allows you only to have a single string
$wgCentralAuthCookies = true;// $wgCentralAuthLoginWiki requires this

# Skips the "login success" page
$wgCentralAuthSilentLogin = true;// not available yet in MW 1.26

# Deprecated, will be removed soon.
$wgCentralAuthUseOldAutoLogin = false;// not available yet in MW 1.26

Let the maintenance scripts of CentralAuth read in login and configuration data after set up, do this one time:

cd /var/www/metawiki/extensions/CentralAuth/
php maintenance/migratePass0.php
php maintenance/migratePass1.php

Open Issues

The extension is still not working (20171103) and has open issues to be resolved:

• it does not log in to Wikis declared in $wgCentralAuthAutoLoginWikis
  • solution approach: cookie issue?
  • solution approach: branch REL1_26 goes until Oct 28 2016 (https://phabricator.wikimedia.org/diffusion/ECAU/history/REL1_26/); update biowikifarm git of extension:CentralAuth and try again

    update done, but no effect to $wgCentralAuthAutoLoginWikis, no single log-in

• log in problems and has to be tested still by others if working or not; for me, AP, it worked (no exception):
  • http://diversityworkbench.net/w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=DiversityCollection causes (by Markus Weiss SNSB IT)
    Exception encountered, of type "Exception"
  • guessing the cause (AP): I did run php maintenance/migratePass….php multiple times while changing CentralAuth settings and maintenance/migratePass1.php ended up by reporting an exception, this may be the cause of the above exception. After emptying centralauth database and re-ran migratePass0.php and migratePass1.php it ran through smoothly.
• I (AP) tested Cache issues (https://www.mediawiki.org/w/index.php?title=Extension:CentralAuth&oldid=2545898#Cache_issues)
  • $wgMainCacheType = CACHE_DB; no effect to $wgCentralAuthAutoLoginWikis
  • $wgSharedTables = array( …, 'objectcache' ); no effect to $wgCentralAuthAutoLoginWikis
  • $wgSharedDB = 'centralauth'; not tested but $wgSharedDB = 'metawiki'; had no effect to $wgCentralAuthAutoLoginWikis
  • see also the talk on https://www.mediawiki.org/wiki/Extension_talk:CentralAuth#Cache_Issues,_SUL,_$wgCentralAuthAutoLoginWikis

Possible solutions

• server settings (https://www.mediawiki.org/wiki/Manual:CORS)
• cache issues ($wgMainCacheType = CACHE_DB ?)
• …