Authentication framework
In REL1_27[1] MediaWiki gained a complete rewrite of it's authentication and authorization system. SessionManager and AuthManager classes were introduced to MediaWiki to replace the "there can only be one!" nature of AuthPlugin [2]. Thanks to Cindy Cicalese and others, the Pluggable Auth framework was also completely rewritten to be compatible with the changes introduced. It provides the ability to layer in a variety of authentication systems. For example, RedHat develops the FreeIPA system which provides Identity, Policy and Trusts. FreeIPA is an Open Source [3] Identity Management Solution that [4]
provides unified installation and management tools for the following components:
- LDAP Server - based on the 389 project
- KDC - based on MIT Kerberos implementation
- PKI based on Dogtag project
- Samba libraries for Active Directory integration
- DNS Server based on BIND and the Bind-DynDB-LDAP plugin
In turn, the FreeIPA wiki website [5] is integrated with the Fedora Central Login via MediaWiki's Pluggable Auth and OpenID Connect [6]
- ↑ https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/243223/58/RELEASE-NOTES-1.27
- ↑ https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager
- ↑ note that much of the code is GPL licensed, however since there are multiple components, each has it's own license. See the license page for FreeIPA.
- ↑ quote from the code hosting site (Pagure) for FreeIPA: https://pagure.io/freeipa
- ↑ uses an interesting skin called strapping-mediawiki. Code is hosted at https://github.com/OSAS/strapping-mediawiki as part of the "Open Source And Standards" group. Seems undermaintained with several pull requests and issues. MediaWiki was interested in distributing it back when MAH was release manager.
- ↑ The Special:Version page of the wiki shows what's installed: https://www.freeipa.org/page/Special:Version