WPMu Single Sign-on is a package of extensions for MediaWiki that creates a single, shared login system for MediaWiki and WordPress Multi-User.
Developed and customized by Cast Iron Coding for the CUNY Academic Commons, and released under a GNU General Public License, this package includes and builds on the following extensions:
AuthWP.php, by Ciaran Gultnieks
LockDown.php, by Daniel Kinzler
and
LogoutLoginWP.php by Cast Iron Coding and The CUNY Academic Commons
Download the WPMu Single Sign-on package here. (zip file)
WordPress Multi-User/MediaWiki Single Sign On Setup Instructions
Tested on:
MediaWiki version 1.13.4
Wordpress Multiuser Version 2.7.1
Assumptions:
Wordpress Multiuser and MediaWiki are installed on the same server, in the same webroot. WPMu is installed in the webroot and MW is installed in a folder called wiki/. The locations of the applications relative to the webroot could be changed, but changes to several of the extensions and the htaccess configuration may be required to make it work.
MediaWiki Extensions
Lockdown
Lockdown is a MW extension which serves here to restrict user access to “Special” pages, in this case the Preferences page. Logout will continue to serve as the login, and Login will be redirected to WP using the LoginLogoutWP extension below.
Lockdown configuration
Add the following code to LocalSettings.php:
require_once( $IP.'/extensions/Lockdown/Lockdown.php');
$wgSpecialPageLockdown['Preferences'] = array('');
AuthWP
AuthWP is a MW extension that was created to create a single-sign on between WPmu and MW.
AuthWP Modifications
I found I needed to change require() calls to require_once(): [lines 38-39]
require_once($WP_relpath.'/wp-load.php');
require_once($WP_relpath.'/wp-includes/registration.php');
AuthWP configuration (in LocalSettings.php)
# Include the AuthWP.php extension
require_once('extensions/AuthWP/AuthWP.php');
$wgAuth = new AuthWP();
LogoutLoginWP
The LogoutLoginWP is a custom extension inspired partially by the RedirectAfterLogout extension. It’s purpose is to tie up some loose ends in the login / logout process. Specifically, it consists of two functions registered as MW hooks. The UserLogout hook is called after the user has logged out. Since some of our logouts will come from WP (via a mod_rewrite rule, see below), we want to continue to redirect back to the redirect_to URL from the query string. The UserLoginForm hook is called before the login page is displayed. Our code redirects the user to the WP sign in page at this point.
LogoutLoginWP configuration (in LocalSettings.php)
# Include the redirection extension for WP
require_once($IP.'/extensions/LogoutLoginWP/LogoutLoginWP.php');
.htaccess Configuration
The following mod_rewrite rule is added to the .htaccess file at the site root:
# Rewrite a WP logout request to logout from Mediawiki instead, which takes care of both.
RewriteCond %{QUERY_STRING} ^action=logout.*$
RewriteCond %{REQUEST_URI} wp-login.php$
RewriteRule ^.*$ wiki/index.php?title=Special:UserLogout [QSA,L]
MediaWiki Sysop
When these extensions are activated, the admin account of the WPMu installation must be manually set as the administrator of the MediaWiki installation. Admins can do this by manually editing the MySQL database. In the MediaWiki table “user,” set the user_name field of the WikiSysop user to the account username of the admin in WPmu. However, the first letter of the admin name must be capitalized in the MediaWiki user record.