Supporting the UW Web » sso authentication

Web Auth via Pubcookie and Basic Auth

agraf — Fri, 01 Aug 2008 17:35:56 +0000

I get a significant number of requests for information on how to do this. It’s a pretty bad kludge, but it does seem to work.

Basically, you make three directories:

one containing the content and an .htaccess file denying all access
one containing an .htaccess file allowing access via basic auth
one containing an .htaccess file allowing access via pubcookie

The directories with access via the different authentication methods will also contain symbolic links to either files in the content directory(if the files are not going to change much) or to another directory in the content directory so that you can change the files around without redoing the symbolic links.

You can take a look at an example implementation of this scheme in the multi-auth directory on my staff Web site.

WordPress 2.5.1 works with http-auth 2.0

agraf — Fri, 25 Apr 2008 17:28:38 +0000

WordPress 2.5.1 was released today, which means that I will now edit the WordPress installation documentation to use the latest WordPress release again, since version 2.5.1 works with the new http-authentication 2.0 plugin.

It is a relief to have the WordPress documentation using the latest, more secure version of WordPress again. Of course this blog is using WordPress 2.5.1 and the new http-authentication plugin now.

WordPress 2.5 and HTTP auth

agraf — Tue, 15 Apr 2008 21:26:30 +0000

The http-authentication plugin required for the fancy Pubcookie authentication instructions for WordPress does not function with the new WordPress 2.5.

I have changed the WordPress instructions to use the old 2.0.11 version of WordPress until the plugin gets fixed.

MediaWiki Instructions Revision

agraf — Mon, 14 Apr 2008 23:32:14 +0000

For probably at least a year I have had instructions for installing MediaWiki on the UA Web servers.

Installing MediaWiki
http://www.washington.edu/computing/web/publishing/mediawiki.html

These instructions include a default installation that uses the MediaWiki user and authentication system, as well as an option for using the Pubcookie SSO authentication system that is used for most UW Technology applications at the University of Washington. The problem with the way those instructions say to set things up is that you need to log in with Pubcookie before you can even view the wiki. This isn’t always what’s desired.

A couple weeks ago two users requested a means of setting up MediaWiki so that it could be anonymously read, but users would need to log in using Pubcookie in order to edit a page. I came up with a solution which they were both happy with, and which seems to work. I am not sure if there are ways of breaking MediaWiki when it is configured in this manner, but it seems to be working fine so far.

Here is a copy of MediaWiki configured with the new anonymous read/Pubcookie required for edits configuration:

Test Wiki

The instructions have now been updated to include the new section called “Requiring UW NetID Authentication only for Editing“.

The next thing to work on is changing the MediaWiki documentation to inform users that they should probably use the MyISAM storage engine on MediaWiki installations backed by MySQL on the UA Web servers. This is because InnoDB databases will not come back automatically if ovid is restarted without shutting down MySQL first. The culprit is NFS, which is used to serve all the files in user Web and home directories on the UA system.