MediaWiki Restful Authentication
PHP Shell
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


MediaWiki Restful Auth

MediaWiki Restful Auth (MWRA) provides bare-bones SSO that works with standalone web apps.

MWRA is a MW extension that replaces the global $wgAuth authentication instance to take complete control of the user authentication.

MWRA features include Login, Logout, and MW-User auto-creation.

Installing MWRA


MWRA is maintained on a public repository at To install MWRA, first clone the repository into <MediaWikiDir>/extensions, then update LocalSettings.php.

Required Software

MWRA depends on these packages:

  • PHP5
  • Apache2
  • MediaWiki

Cloning the MWRA Repo

> cd <MediaWikiDir>/extensions
> git clone

Updating LocalSettings.php

Place the following two lines in your LocalSettings.php file:

$wgAuth = new MW_Restful_Auth();

Disabling Login/Logout Links

Since login is handled by MWRA, you can disable the pages Special:UserLogin and Special:UserLogout, and remove the login and logout links. Add the following code to LocalSettings.php.

function RemoveSpecialPages(&$list) {
  unset( $list['Userlogout'] );
  unset( $list['Userlogin'] );
  return true;
$wgHooks['SpecialPage_initList'][] = 'RemoveSpecialPages';

function RemoveLogoutLink(&$personal_urls, &$wgTitle) {  
  unset( $personal_urls["logout"] );
  return true;
$wgHooks['PersonalUrls'][] = 'RemoveLogoutLink';

More Information:

How MWRA Works

The authenticate_user function

Every time a MW page renders, the authenticate_user function is called. If the user is logged in, the page renders normally. If the user is not logged in, the function looks for a username passed in the url (?username=My.Name). If a valid username was found, a MW session is created for the user, a MWRA session is created, and the page renders.

Remote authentication

If a valid username is not found, MWRA redirects to a third party web-app. This web-app can authenticate the user, then return the user to MW with the username parameter (?username=My.Name).

Changing users / Logging out

To log in as another user, send the username parameter with the new name (?username=New.Name). To log out, send the username parameter with a blank name (?username=).

Related Auth Extensions

Debugging MWRA

This section is for MediaWiki/PHP newbies...

Log Files

Log file location (most linux systems): /var/log/apache2

View the access log and error log:

> cd <log file directory>
> tail -f access.log
> tail -f error.log

To generate log file output: error_log("your string");

Browsing the MediaWiki Source using Vim

Using ctags, Vim does an OK job of jumping to MW function definitions.

MWRA Tests

MWRA comes with a set of unit tests built using PHPUnit. These tests are used by developers who maintain or extend MWRA.

Developers who are experienced in languages like Ruby or Python may find PHPUnit to be crude and complicated. But PHPUnit has already been integrated with MediaWiki, and even crude testing is better than no testing.

The Test Environment

MediaWiki Tests depend on these software packages.

  • Pear - for installing PhpUnit
  • PhpUnit - for running the MWRA tests
  • MediaWiki/Phase3 - a special MediaWiki distribution for developers

Sudo is required to install Pear and PhpUnit.

MediaWiki has a distribution for developers with test support. Get it using:

svn checkout

MediaWiki Tests

Before running MWRA tests, make sure you can run MediaWiki tests.

cd <MediaWikiDir>/tests/phpunit
make help

Running MWRA Tests

Once the MediaWiki tests run, you can run the MWRA tests.

cd <MediaWikiDir>/extensions/mwra

MediaWiki Testing References