Installing OpenID plugin for MediaWiki

This post is about setting up your wiki such that their users access the wiki only via an OpenID provider login (e.g. Google or Facebook login). This post assumes MediaWiki is already installed.

Assumptions, prerequisites and requirements

All of what this blogpost says has been tried on an Ubuntu machine, but it should work well on other Linux distros too (except for the apt-get package installs, for which you’ll need to find alternatives on your favourite distro).

$IP is assumed to be the root of your wiki directory (which in my case is /var/www/wikis/<my_wiki>/.

Install all the required packages for the plugin to work

sudo apt-get install php5-mcrypt php5-gmp

Installing the plugin

Get the source code for the extension into $IP/extensions directory

	cd extensions
	git clone http://gerrit.wikimedia.org/r/p/mediawiki/extensions/OpenID.git 

Check your mediawiki version by going to <your_wiki_URL>/index.php?title=Special:Version. Say your version is 1.19.x. Check out branch for the same version of OpenID code

	git branch -a 
	git checkout -b stable_REL1_19 origin/REL1_19 

Add this line at the end of LocalSettings.php file

require_once "$IP/extensions/OpenID/OpenID.php"; 

Now install Auth subdirectory as following:

	cd $IP/extensions/OpenID 
	git clone http://github.com/openid/php-openid.git 
	mv php-openid/Auth Auth 
	rm -r php-openid 
	cd $IP 
	php maintenance/update.php --conf LocalSettings.php 

Restart apache server

	/etc/init.d/apache2 restart 

Editing ‘Login required’ page.

By default, the main page of the wiki is not editable. Generally we would like to give some information to a user, e.g. what this wiki is all about, how to log into it, which OpenIDs are permitted, etc.

Now we’ll give any registered user the ability to edit the protected pages and the ‘interface’ pages, of which our special login page is a part of. Add these lines to $IP/LocalSettings.php:

	$wgGroupPermissions['user']['editprotected'] = true; 
	$wgGroupPermissions['user']['editinterface'] = true; 

Now you can edit the <your_wiki_URL>/jiocloud/index.phpmediawiki:loginreqpagetext page which is presented when the user is not logged in.

Other settings

Below you can see a snip of LocalSettings.php file, which contains many other fields which I used to customize my wiki. I allowed only the registered user an edit permission (which most of you would also want I guess). Also, I have disabled regular login, and made it mandatory users to login via only OpenID, and that too, only using their launchpad.net accounts (an issue tracking software from Canonical).

If you want to get more information regarding these (and more) configuration options, see this link.

# Disable reading by anonymous users
$wgGroupPermissions['*']['read'] = false;

# Disable anonymous editing too
$wgGroupPermissions['*']['edit'] = false;
 
# But allow them to access the OpenID login page or else there will be no way to log in!
$wgWhitelistRead = array ("Special:OpenIDLogin", "Special:OpenIDFinish", 
"MediaWiki:Common.css", "MediaWiki:Common.js", "MediaWiki:Monobook.css", 
"MediaWiki:Monobook.js", "-");
 
# For registered users, allow editing protected pages
$wgGroupPermissions['user']['editprotected'] = true;
$wgGroupPermissions['user']['editinterface'] = true;

# Only allow OpenIDs for login
$wgOpenIDLoginOnly = true;
$wgOpenIDOnly = true;       # a value used with older versions. Optional

# Your wiki web URL
$wgOpenIDTrustRoot = "http://your.wiki.url.com/";

# By default, deny all OpenID
$wgOpenIDConsumerDenyByDefault = true;

# Then allow only launchpad.net OpenID (with and without HTTPS both)
$wgOpenIDConsumerAllow = array("@^(https://)?launchpad.net/@");

Troubleshooting

If there are troubles uploading a file via the MediaWiki web interface, go to the wiki directory on the server and chown the images folder.

sudo chown -R www-data:www-data images/

Don’t forget to comment if you find the information presented here is outdated, or is not working for you.

Cheers, Rushi

w