Github mirror of MediaWiki extension SimpleSAMLphp - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing
MIT License
Add to the plugin to $wgPluggableAuth_Config
:
$wgPluggableAuth_Config['Log in using my SAML'] = [
'plugin' => 'SimpleSAMLphp',
'data' => [
'authSourceId' => 'default-sp',
'usernameAttribute' => 'username',
'realNameAttribute' => 'name',
'emailAttribute' => 'email'
]
];
data
Field name | Default | Description |
---|---|---|
authSourceId |
(mandatory) | |
usernameAttribute |
(mandatory) | |
realNameAttribute |
(mandatory) | |
emailAttribute |
(mandatory) | |
userinfoProviders |
[ 'username' => 'username', 'realname' => 'realname', 'email' => 'email'] |
By default the extension will normalize the value for username
to lowercase. If this is not desired, one can simply use the rawusername
provider. E.g.
$wgPluggableAuth_Config['Log in using my SAML'] = [
'plugin' => 'SimpleSAMLphp',
'data' => [
...
'userinfoProviders' => [
'username' => 'rawusername'
],
...
]
];
If you want to modify any of the fields username
, realname
or email
before login, you can
configure a custom callback for $wgSimpleSAMLphp_MandatoryUserInfoProviders
. The factory
method has the following signature:
factoryCallback(): MediaWiki\Extension\SimpleSAMLphp\IUserInfoProvider
For simple usecases one can use MediaWiki\Extension\SimpleSAMLphp\UserInfoProvider\GenericCallback
:
$wgSimpleSAMLphp_MandatoryUserInfoProviders['username'] = function() {
return new MediaWiki\Extension\SimpleSAMLphp\UserInfoProvider\GenericCallback( function( $attributes, $config ) {
if ( !isset( $attributes['mail'] ) ) {
throw new Exception( 'missing email address' );
}
$parts = explode( '@', $attributes['mail'][0] );
return strtolower( $parts[0] );
} );
};