Installing OpenID plugin for MediaWikiJan 12, 2014
This post is about setting up your wiki such that their users access the wiki only via an OpenID provider login (e.g. Google or Facebook login). This post assumes MediaWiki is already installed.
Assumptions, prerequisites and requirements
All of what this blogpost says has been tried on an Ubuntu machine, but it
should work well on other Linux distros too (except for the
installs, for which you’ll need to find alternatives on your favourite distro).
$IP is assumed to be the root of your wiki directory (which in my case is
Install all the required packages for the plugin to work
sudo apt-get install php5-mcrypt php5-gmp
Installing the plugin
Get the source code for the extension into
cd extensions git clone http://gerrit.wikimedia.org/r/p/mediawiki/extensions/OpenID.git
Check your mediawiki version by going to
<your_wiki_URL>/index.php?title=Special:Version. Say your version is 1.19.x.
Check out branch for the same version of OpenID code
git branch -a git checkout -b stable_REL1_19 origin/REL1_19
Add this line at the end of LocalSettings.php file
Now install Auth subdirectory as following:
cd $IP/extensions/OpenID git clone http://github.com/openid/php-openid.git mv php-openid/Auth Auth rm -r php-openid cd $IP php maintenance/update.php --conf LocalSettings.php
Restart apache server
Editing ‘Login required’ page.
By default, the main page of the wiki is not editable. Generally we would like to give some information to a user, e.g. what this wiki is all about, how to log into it, which OpenIDs are permitted, etc.
Now we’ll give any registered user the ability to edit the protected pages and the
‘interface’ pages, of which our special login page is a part of. Add these lines
$wgGroupPermissions['user']['editprotected'] = true; $wgGroupPermissions['user']['editinterface'] = true;
Now you can edit the
page which is presented when the user is not logged in.
Below you can see a snip of LocalSettings.php file, which contains many other fields which I used to customize my wiki. I allowed only the registered user an edit permission (which most of you would also want I guess). Also, I have disabled regular login, and made it mandatory users to login via only OpenID, and that too, only using their launchpad.net accounts (an issue tracking software from Canonical).
If you want to get more information regarding these (and more) configuration options, see this link.
# Disable reading by anonymous users $wgGroupPermissions['*']['read'] = false; # Disable anonymous editing too $wgGroupPermissions['*']['edit'] = false; # But allow them to access the OpenID login page or else there will be no way to log in! $wgWhitelistRead = array ("Special:OpenIDLogin", "Special:OpenIDFinish", "MediaWiki:Common.css", "MediaWiki:Common.js", "MediaWiki:Monobook.css", "MediaWiki:Monobook.js", "-"); # For registered users, allow editing protected pages $wgGroupPermissions['user']['editprotected'] = true; $wgGroupPermissions['user']['editinterface'] = true; # Only allow OpenIDs for login $wgOpenIDLoginOnly = true; $wgOpenIDOnly = true; # a value used with older versions. Optional # Your wiki web URL $wgOpenIDTrustRoot = "http://your.wiki.url.com/"; # By default, deny all OpenID $wgOpenIDConsumerDenyByDefault = true; # Then allow only launchpad.net OpenID (with and without HTTPS both) $wgOpenIDConsumerAllow = array("@^(https://)?launchpad.net/@");
If there are troubles uploading a file via the MediaWiki web interface, go to the wiki directory on the server and chown the
sudo chown -R www-data:www-data images/
Don’t forget to comment if you find the information presented here is outdated, or is not working for you.