Loading...
 

Remote Tiki Autologin


This is a feature introduced in Tiki15 which allows for users from another Tiki to login to this Tiki using their credentials there. This provides a quick way to create a sub-site or sister site.



Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma-separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma-separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to log out of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to log in URL of autologin page on remote Tiki to redirect user to log in, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user if not registered in Tiki Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user account if autologin user does not exist Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None
Option Description Default
Enable autologin from remote Tiki Used with autologin_remotetiki in the redirect plugin Disabled
System username to use to initiate autologin from remote Tiki Specified user must exist and be configured in Settings...Tools...DSN/Content Authentication on remote Tiki. Used with autologin_remotetiki in the redirect plugin. None
System groupname to use for auto login token For security, please create a group that has no users and no permissions and specify its name here. None
Create user account if autologin user does not exist Create a new user account if the user that is trying to autologin does not exist on this Tiki. Enabled
Allowed groups from remote Tiki to autologin. Comma separated list of groups to allow autologin from remote Tiki. If empty, will allow everyone. None
Sync these groups from remote Tiki on autologin. Comma separated list of groups to sync from remote Tiki on autologin. Group membership will be added or removed accordingly. None
Automatically logout remote Tiki after logout. When the user logs out of this Tiki, redirect the user to logout of the other Tiki as well. Enabled
Redirect direct logins to this site to remote Tiki Redirect direct logins to this site to remote Tiki Disabled
URL of autologin page on remote Tiki to redirect user to login URL of autologin page on remote Tiki to redirect user to login, e.g. https://www.remotetiki.com/PageWithRedirectPlugin None


Limitations

  • There is no password synchronization. Users are expected to always be logging on to the main Tiki site first and then autologging into the sub-site or sister site from there. You can however, set it to redirect users that try to login to the main Tiki site to login from there - the redirection back and forth is automatic. If you need the sister site to be independent and therefore need password synchronization, then you will need to use Intertiki or other External Authentication instead.

Terms

To avoid confusion, we will be using the terms:

  • Main Tiki to refer to the site on which you first need to login, and
  • Sub-Tiki to refer to the sub-site to which you are auto-logged in.

Configuration steps

On the Sub-Tiki

  1. Create a Tiki user that will be used to run the auto-login. (It is recommended that this user be solely used for this purpose. eg. tikiconnector)
  2. Create a Tiki group (e.g. Autologin. There is no need to assign any users or permissions to this group)
  3. In Security>Token, turn on the dependency Token Access feature.
  4. In Security>General Security, turn on HTTP Basic Authentication. This is needed to allow the Main Tiki from connecting to this Sub-Tiki.
  5. In Login>Remote Tiki Autologin, Turn on the Autologin feature, and specify the above 2 configurations (user and group).

Optional

  1. Specify the groups from the remote Tiki that is allowed to autologin here (comma separated list) If nothing is specified, all registered users in the other Tiki can autologin here.
  2. Specify groups memberships that will be synced with the Tiki from which users are autologging in from (comma separated list)).
  3. Specify that you want to redirect users that attempt to log into the Sub-Tiki directly, back to the Main Tiki so that they may log in there. The page that you should redirect the users back to should be the wiki page which contains the PluginRedirect in the Main Tiki (this will be covered in "On the Main Tiki").
  4. Set up user tracker field synchronization. (more info below)

On the Main Tiki

  1. Setup Content Authentication, at tiki-admin_dsn.php (more info below).
  2. Setup a wiki page with a PluginRedirect on it and use the autologin_remotetiki parameter to specify the Tiki base url, e.g. https://othertiki.com/". You can also set the page parameter if you wish to redirect users to a particular page in the Sub-Tiki. After doing this, you can create a link or button (linking to this page) for users to click on to initiate the autologin process.

SSL is strongly recommended

Very strongly recommended to use SSL encryption (i.e. HTTPS) for both servers, and also for the server-side backend connection between the two servers as secure tokens are being transmitted.

System username and password

This is a user account that is used to connect server-side from the Tiki where users are autologging in from to the Tiki where they are autologging in to. The server side exchange retrieves a short-lived single-use token URL that the user is then redirected to to login automatically.

System group

This is a group that is used to identify the validity of the token that users present upon autologging in. There should be no actual users placed in this group and this group should *not* inherit any permissions from any groups, i.e. it should simply have the basic Registered level of permissions.

Groups syncing

The list of groups set here will be synced when users auto-login from the remote Tiki. For example, if you specify "Group A, Group B", and the user in the other Tiki is in only Group A but not Group B, when the user auto-logs in here, they will be placed in Group A and removed from Group B.

User creation

Unless this preference is disabled, users that are attempting to autologin will have a new account created automatically if their user account does not not exist. The password is set to a random password.

Setting up Content Authentication


Content Authentication needs to be setup on the Tiki where you are connecting from. For example, enable HTTP Basic Auth on the Tiki where users are autologging into and setup on the Tiki where users are autologging in from as follows:

Httpbasicauth

or alternatively

Contentauth

Setting up User Tracker Field Synchronization

When auto-logging in a user, you may want to also pass some fields from the Main Tiki's User Tracker to the Sub-Tiki.

To do this, in Login > Remote Tiki Autologin:

  1. Check User Tracker Sync
  2. Identify the permName of the "User" field in the User tracker.
  3. Identify the fields that you want to pass from the Main Tiki to the Sub-Tiki in a comma-separated list. If the fields do not have the same permname, you can translate them with =>.
  • Ex: 'firstname,lastname,title,city=>location' would pass the firstname, lastname, and title from the Main Tiki to the Sub-Tiki. Then it would pass the "city" field of the Main Tiki into the "location" field of the Sub-Tiki.

Example Remote Tiki Autologin Page

Click to expand
Click to expand

User information

What is synced

Right now, the real name and email is synced from the Tiki from which users are auto logging in from. The feature could be expanded in future to sync other user information as well.

User Tracker Synchronization

User Tracker Synchronization is not part of this feature. However, you can use Tracker Synchronization.

Links to user profiles etc

In the future, there should be an option(s) to automatically convert links to things such as User Profile pages to point back to the Tiki from which users are auto logging in from.

Note to developers: This should be achievable by checking if the feature is active and changing links to use $_SESSION['autologin_baseurl'] if activated. This session variable is set as part of the token exchange autologging process. You cannot simply use a hardcoded domain as the domain might not be exactly the same depending on where the user logged in from, e.g. othertiki.com and www.othertiki.com would be different and the user is typically not logged on to both simultaneously.

Created by: Last Modification: Thursday 24 August, 2017 22:17:17 GMT-0000 by drsassafras
List Slides
Show PHP error messages