Loading...
 
Shibboleth Authentication for TikiWiki



To Enable Shibboleth Authentication you will need to Do 2 main Steps.

Shibboleth Step 1: Update the Wiki


To enable Shibboleth authentication within the Wiki goto the Admin page and in dropdown box select Shibboleth

When Selected Goto the bottom to the Shibboleth Seettings.

Below is a table of the options and what they do.



Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth
Option Description Default
Create user if not registered in Tiki If a user was externally authenticated, but not found in the Tiki user database, Tiki will create an entry in its user database. Disabled
Use Tiki authentication for Admin log-in The user “admin” will be authenticated by only using Tiki’s user database. This option has no effect on users other than “admin”. Disabled
Valid affiliations A list of affiliations which will allow users to log in to this wiki
Separate multiple affiliations with commas
None
Create with default group Disabled
Default group The name of the default group Shibboleth



When the above is completed the wiki is ready to use shibboleth as an authentication source. You will now need to ensure that shibboleth is setup correctly.

Below are the files that were modified to enable Shibboleth Authentication;

  • lib/userslib.php
  • templates/modules/mod-login_box.tpl
  • templates/tiki-admin-include-login.tpl
  • tiki-admin_include_login.php
  • tiki-setup_base.php


Below is a table of these files and a description of the changes;

File nameDescription
userslib.phpThis is used to validate a shibboleth user, changes have been made to the validate_user function.
tiki-admin-include-login.tplThis file needs to be changed to display “Login through Shibboleth�? login box when not loged in.
tiki-admin-include-login.tplThis file needs to be changed to display the Shibboleth options in the Login Admin page
tiki-admin_include_login.phpThis file changes will process the new values in the Login Admin page above.
tiki-setup_base.phpThis page will need to be changed to ensure the shibboleth user is validated.

Shibboleth step 2:Update Shibboleth


To enable the wiki to be protected by Shibboleth you will need to add a the following to you apache conf.

<Location /tikiwiki/tiki-login_scr.php>
   AuthType shibboleth
   ShibRequireSession On
   ShibRequireAll On
   require valid-user
</Location>

The other thing you will need to do is update your Shibboleth Service Providers AAP (Attribute Assertion Policy) AAP.XML.

Below are the Attributes required by the Tikiwiki Auth and the required Header values;


<AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" Scoped="false" Header="REMOTE_USER">
   <AnySite>
      <!-- Ensure the value is unscoped so all IDs are unique-->
      <Value Type="regexp">.*@.*</Value>
   </AnySite>
</AttributeRule>

<AttributeRule Name="urn:mace:dir:attribute-def:mail" Header="MAIL">
   <AnySite>
      <AnyValue/>
   </AnySite>
</AttributeRule>

<AttributeRule Name="urn:mace:dir:attribute-def:eduPersonAffiliation" Header="Shib-EP-UnscopedAffiliation">
   <AnySite>
      <AnyValue/>
   </AnySite>
</AttributeRule>

doc.tiki.org

Get Started

Admin Guide User Guide

Keywords

Keywords serve as "hubs" for navigation within the Tiki documentation. They correspond to development keywords (bug reports and feature requests):

Accessibility (WAI and 508)
Accounting
Articles and Submissions
Backlinks
Banners
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Link Cache
Calendar
Category
Chat
Clean URLs
Comments
Communication Center
Compression (gzip)
Contacts (Address Book)
Contact us
Content Templates
Contribution
Cookie
Copyright
Credit
Custom Home and Group Home Page
Date and Time
Debugger Console
Directory of hyperlinks
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
Draw
Dynamic Content
Dynamic Variable
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Gmap Google maps
Groups
Hotword
HTML Page
i18n (Multilingual, l10n)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
Kaltura video management
Karma
Live Support
Login
Logs (system & action)
Look and Feel
Mail-in
Map with Mapserver
Menu
Meta Elements
Mobile Tiki and Voice Tiki
Module
MultiTiki
MyTiki
Newsletter
Notepad
Payment
Performance Speed / Load
Permissions
Platform independence (Linux-Apache, Windows/IIS, Mac, BSD)
Polls
Profiles
Profile Manager
Report
Toolbar
Quiz
Rating
Feeds
Score
Search engine optimization
Search
Search and Replace
Security
Semantic links
Shadowbox
Shadow Layers
Share
Shopping cart
Shoutbox
Slideshow
Smiley
Social Networks
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Stats
Surveys
Tags
Task
Tell a Friend, alert + Social Bookmarking
TikiTests
Theme CSS & Smarty
Tiki Manager
Trackers
Transitions
User Administration including registration and banning
User Files
User Menu
Watch
WebDAV
Webmail
Web Services
Wiki History, page rename, etc
Wiki Syntax
Wiki structure (book and table of content)
Workspace
WSOD
WYSIWYCA
WYSIWYG
XMLRPC

Tiki Newsletter

Delivered fresh to your email inbox!
Newsletter subscribe icon
Don't miss major announcements and other news!
Contribute to Tiki