DokuWiki Shibboleth Authentication Plugin
DokuWiki is a flexible and simple wiki system written in PHP. Shibboleth is widely used open-source implementation of SAML. DokuWiki supports different authentication plugins and it is easy to write an alternative authentication plugin to integrate your own authentication mechanism within DokuWiki.
This plugin uses a Shibboleth session to authenticate users. It just takes all required information from the environment variables injected by Shibboleth (user's attributes sent by the identity provider).
The plugin requires DokuWiki version 2013-05-10 Weatherwax or newer. The older versions have different authentication structure - authentication backends. In case you have an older version and you don't want to upgrade, you may use the Shibboleth authentication backend.
- PHP >= 5.x
- Shibboleth SP 2.x instance
- DokuWiki 2013-05-10 Weatherwax or newer
- highly configurable
- includes an action plugin to handle login actions
- different group sources
- logging and debugging
You need Shibboleth SP 2.x installed and running. In Apache you have to configure Shibboleth to "know" about your DokuWiki directory:
<Directory "/var/www/sites/dokuwiki/"> AuthType shibboleth require shibboleth </Directory>
Plugin installation and configuration
Clone the repository anywhere on your system. Copy the
plugin/authshibboleth directory to
DOKUWIKI_HOME/conf/local.conf set the
$conf['authtype'] = 'authshibboleth';
Alternatively, you can use the configuration manager.
Now, in most cases, the Shibboleth authentication should work out-of-the-box. But if that is not the case or you need to tune something, there is a bunch of configuration options you can set.
The best way to do this is to copy the
conf/authshibboleth.conf.php file from the repository to
DOKUWIKI_HOME/conf and include it in your
DOKUWIKI_HOME/conf/local.protected.php file (it doesn't exist by default, you have to create it yourself):
include __DIR__ . '/authshibboleth.conf.php';
It's better to use
local.protected.php instead of
local.php may be overwritten if you use the configuration manager.
authshibboleth.conf.php file contains all available directives, set to their default values and commented out. If you need to change a directive, just uncomment it and change its value.