Difference between revisions of "Authentication framework"
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Starting with efforts at least as early as 2013 in the [https://www.mediawiki.org/wiki/Requests_for_comment/AuthManager AuthManager RfC], MediaWiki gained a complete rewrite of its authentication and authorization system in June 2016 with the LTS stable release of REL1_27<ref>https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/243223/58/RELEASE-NOTES-1.27</ref><ref>https://www.mediawiki.org/wiki/MediaWiki_1.27</ref> [https://gerrit.wikimedia.org/r/243223 SessionManager] and [https://gerrit.wikimedia.org/r/195297 AuthManager] classes were introduced to MediaWiki to replace the "there can only be one!" nature of AuthPlugin <ref>https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager</ref>. Thanks to Cindy Cicalese and others, the [[mw:Extension:PluggableAuth|Pluggable Auth]] framework was also completely rewritten to be compatible with the changes introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the [https://www.freeipa.org/page/Main_Page FreeIPA] system which provides Identity, Policy and Trusts. FreeIPA is an Open Source <ref>note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the [https://www.freeipa.org/page/License license page for FreeIPA]. </ref> Identity Management Solution that <ref>quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa</ref> | |
<blockquote> | <blockquote> | ||
provides unified installation and management tools for the following components: | provides unified installation and management tools for the following components: | ||
Line 9: | Line 9: | ||
</blockquote> | </blockquote> | ||
− | In turn, the FreeIPA wiki website <ref>uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.</ref> is integrated with the Fedora | + | In turn, the FreeIPA wiki website <ref>uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.</ref> is integrated with the Fedora Account System (FAS) <ref>https://fedoraproject.org/wiki/Account_System</ref> via MediaWiki's Pluggable Auth and OpenID Connect <ref>The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version</ref> |
+ | |||
+ | {{References}} | ||
[[Category:Infrastructure]] | [[Category:Infrastructure]] |
Latest revision as of 13:47, 12 June 2018
Starting with efforts at least as early as 2013 in the AuthManager RfC, MediaWiki gained a complete rewrite of its authentication and authorization system in June 2016 with the LTS stable release of REL1_27[1][2]SessionManager and AuthManager classes were introduced to MediaWiki to replace the "there can only be one!" nature of AuthPlugin [3]. Thanks to Cindy Cicalese and others, the Pluggable Auth framework was also completely rewritten to be compatible with the changes introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the FreeIPA system which provides Identity, Policy and Trusts. FreeIPA is an Open Source [4] Identity Management Solution that [5]
provides unified installation and management tools for the following components:
- LDAP Server - based on the 389 project
- KDC - based on MIT Kerberos implementation
- PKI based on Dogtag project
- Samba libraries for Active Directory integration
- DNS Server based on BIND and the Bind-DynDB-LDAP plugin
In turn, the FreeIPA wiki website [6] is integrated with the Fedora Account System (FAS) [7] via MediaWiki's Pluggable Auth and OpenID Connect [8]
References[edit source]
- ↑ https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/243223/58/RELEASE-NOTES-1.27
- ↑ https://www.mediawiki.org/wiki/MediaWiki_1.27
- ↑ https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager
- ↑ note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the license page for FreeIPA.
- ↑ quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa
- ↑ uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.
- ↑ https://fedoraproject.org/wiki/Account_System
- ↑ The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version