Not logged in. · Lost password · Register
Forum: General Help and Support Server Setup RSS
SSO in Dokuwiki using auth_mellon
Avatar
cuteapples #1
Member since May 2019 · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: SSO in Dokuwiki using auth_mellon
HI,

Please help me as I'm using mod_auth_mellon SSO on my dokuwiki, unfortunately I don't know how to configure it, The dokuwiki is usig authldap plugin and acl. My objective is to autologin my account in DOKUWIKI without using the dokuwiki login form. With the use of SSO I can login to the DOKUWIKI.  I hope you can help me.


This is my mellon.conf


<Location />
    MellonEnable auth
    MellonEndpointPath /mellon/
    MellonSPMetadataFile  /etc/httpd/saml2/mellon_metadata.xml
    MellonSPPrivateKeyFile /etc/httpd/saml2/mellon.key
    MellonSPCertFile /etc/httpd/saml2/mellon.cert
    MellonIdPMetadataFile /etc/httpd/saml2/idp_test.vestasext.net_metadata.xml
</Location>


<Location /dokuwiki>
    AuthType Mellon
    MellonEnable auth
    Require valid-user
</Location>

This is my local.php

$conf['title'] = ' Admins';
$conf['template'] = 'dokubook';
$conf['savedir'] = '/data/dokuwiki/data/';
$conf['superuser'] = '@Admins';
$conf['jquerycdn'] = '0';
$conf['tpl']['dokubook']['closedwiki'] = 1;
$conf['tpl']['arctic']['left_sidebar_order'] = 'namespace,user,group,toolbox,main';
$conf['tpl']['arctic']['left_sidebar_content'] = 'toc,user,group,namespace,toolbox,index,trace,extra';
$conf['tpl']['arctic']['right_sidebar_content'] = 'toc,user,group,namespace,toolbox,index,trace,extra';
$conf['plugin']['groupmanager']['allow_add_user'] = '1';
$conf['plugin']['groupmanager']['allow_delete_user'] = '1';

// end auto-generated content

local.protected.php

<?php
/**
 * Protected settings
 * Do override DokuWiki default settings and local settings from Config Manager
 */
$conf['useacl'] = 1;
$conf['openregister']= 0;
#$conf['authtype'] = 'authplain';
$conf['authtype'] = 'authldap';
$conf['plugin']['authldap']['server'] = 'ldaps://=ldap.com:636';
$conf['plugin']['authldap']['usertree'] = 'ou=Users,dc=group,dc=com';
$conf['plugin']['authldap']['userfilter'] = '(&(objectClass=inetOrgPerson)(uid=%{user}))';
$conf['plugin']['authldap']['grouptree']   = 'cn=Roles,dc=group,dc=com';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=GroupOfNames)(member=%{dn}))';


# Optional bind user and password if anonymous bind is not allowed
$conf['plugin']['authldap']['sso']     = 1;
$conf['plugin']['authldap']['binddn']     = 'cn=svc-ldap-readonly';
$conf['plugin']['authldap']['bindpw']     = 'admin1234';
Avatar
schplurtz (Moderator) #2
Member since Nov 2009 · 470 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
welcome
please do not post the same question in all subforums you can think of. I deleted 3 other exactly identical posts.
Avatar
cuteapples #3
Member since May 2019 · 2 posts
Group memberships: Members
Show profile · Link to this post
can you help me on this issue?
Avatar
schplurtz (Moderator) #4
Member since Nov 2009 · 470 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
If "you" means me, the answer is no. I don't use SSO, so can't help.
If "you" means "someone on the forum", the answer is "wait and see".

One thing though. I may be completely wrong, but SSO is a generic term backed by various technologies (see Wikipedia arcticle on SSO) and I don't think the SSO offered by auth_ldap has anything to do with SSO as offered by mod_auth_mellon. auth_ldap SSO is about kerberos/windows-AD, while mod_auth_mellon is about SAML. You can't mix both (I think). There exists a SAML auth plugin for DokuWiki ; it's based on simpleSAMLphp though, not mod_auth_mellon.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-09-23, 20:04:55 (UTC +02:00)