Difference between revisions of "Authentication framework"
(Created page with "In REL1_27 MediaWiki gained a complete rewrite of it's authentication and authorization system. Thanks to Cindy Cicalese and others, the Pluggable Auth fr...") |
|||
Line 1: | Line 1: | ||
− | In REL1_27 MediaWiki gained a complete rewrite of it's authentication and authorization system. Thanks to Cindy Cicalese and others, the [[mw:PluggableAuth|Pluggable Auth]] framework was introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the [https://www.freeipa.org/page/Main_Page FreeIPA] system which provides Identity, Policy and Trusts. FreeIPA is an Open Source <ref>note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the [https://www.freeipa.org/page/License license page for FreeIPA]. </ref> Identity Management Solution that <ref>quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa</ref> | + | In REL1_27<ref>https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/243223/58/RELEASE-NOTES-1.27</ref> MediaWiki gained a complete rewrite of it's authentication and authorization system. [https://gerrit.wikimedia.org/r/243223 SessionManager] and [https://gerrit.wikimedia.org/r/195297 AuthManager] classes were introduced to MediaWiki to replace the "there can only be one!" nature of AuthPlugin <ref>https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager</ref>. Thanks to Cindy Cicalese and others, the [[mw:Extension:PluggableAuth|Pluggable Auth]] framework was also completely rewritten to be compatible with the changes introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the [https://www.freeipa.org/page/Main_Page FreeIPA] system which provides Identity, Policy and Trusts. FreeIPA is an Open Source <ref>note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the [https://www.freeipa.org/page/License license page for FreeIPA]. </ref> Identity Management Solution that <ref>quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa</ref> |
<blockquote> | <blockquote> | ||
provides unified installation and management tools for the following components: | provides unified installation and management tools for the following components: | ||
Line 9: | Line 9: | ||
</blockquote> | </blockquote> | ||
− | In turn, the FreeIPA wiki website is integrated with the Fedora Central Login via MediaWiki's Pluggable Auth and OpenID Connect <ref>The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version</ref> | + | In turn, the FreeIPA wiki website <ref>uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.</ref> is integrated with the Fedora Central Login via MediaWiki's Pluggable Auth and OpenID Connect <ref>The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version</ref> |
[[Category:Infrastructure]] | [[Category:Infrastructure]] |
Revision as of 13:25, 12 June 2018
In REL1_27[1] MediaWiki gained a complete rewrite of it's authentication and authorization system. SessionManager and AuthManager classes were introduced to MediaWiki to replace the "there can only be one!" nature of AuthPlugin [2]. Thanks to Cindy Cicalese and others, the Pluggable Auth framework was also completely rewritten to be compatible with the changes introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the FreeIPA system which provides Identity, Policy and Trusts. FreeIPA is an Open Source [3] Identity Management Solution that [4]
provides unified installation and management tools for the following components:
- LDAP Server - based on the 389 project
- KDC - based on MIT Kerberos implementation
- PKI based on Dogtag project
- Samba libraries for Active Directory integration
- DNS Server based on BIND and the Bind-DynDB-LDAP plugin
In turn, the FreeIPA wiki website [5] is integrated with the Fedora Central Login via MediaWiki's Pluggable Auth and OpenID Connect [6]
- ↑ https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/243223/58/RELEASE-NOTES-1.27
- ↑ https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager
- ↑ note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the license page for FreeIPA.
- ↑ quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa
- ↑ uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.
- ↑ The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version