Loading...
Skip to main content
Navigation and related functionality and content
Features
Requirements
Download
Install
Backup
Upgrade
Help
FAQs
Need Assistance ? Join-us live this Thursday, click for info !
Related content
Find
Note
This page is to document "what Tiki does". For "what Tiki
should
do", please see
corresponding page on dev site
History: External Authentication
View published page
Source of version: 54
(current)
See also: ((Two-factor authentication)) ! Login & External Authentication !! Overview of Login Methods Tiki allows you to use several different login authentication methods. For standalone sites (not connected to a central authentication server), you can use "Just Tiki" or "Web Server". For sites that are part of a larger environment Tiki offers Apache (basic HTTP auth), LDAP (Active Directory), CAS, and Shibboleth authentication. The installation environment plays a role in determining the authentication method to be used. On a fully accessible server, an administrator has a choice of any/all of the authentication methods listed on this page. !! Authentication With Shared Hosting In a shared hosting environment (FTP access only) the authentication options become severely limited. While it is possible to setup an OpenID server with FTP access (Community-ID is one such project) it is not well documented. As of 4/09, setting up OpenLDAP, Shibboleth, or CAS are effectively impossible with FTP access only and may be impossible (depending on access rights) with a shell access account. !! Just Tiki The __Just Tiki__ authentication method uses the usernames and passwords stored in the Tiki database for authentication. This is best used for sites that are not part of a larger intranet. !! Web Server (HTTP) A common way of protecting webpages is through Basic HTTP authentication. The web server sends a "401 Authentication Required" header when a protected page is requested. The browser would then prompt the user for a username and password. Access is allowed if the username password pair are valid; else, the web server sends a HTTP 401 error, meaning "access denied." HTTP authentication is usually used by creating a .htaccess file. (Only in Apache?) Tiki is able to detect when a visitor to the site is currently logged in using Basic HTTP Authentication. If the username of the user matches a username within Tiki's database, Tiki will automatically log the user in and, of course, grant all the assigned permissions. Using Web Server authentication can be convenient for a shared hosting installation of Tiki. User management becomes more of a challenge if multiple Tiki's are to be installed. However, in Tiki 3.0 group information and users will still need to be added to each and every sub-Tiki inside the authorized domain. !! Options !!! LDAP (Active Directory) ((LDAP authentication)) !!! OpenID Connect ((OpenID Connect)) !!! SAML * ((SAML)) !!! Hybridauth Social Sign On Library * ((Hybridauth social login)) supports dozens of providers: https://hybridauth.github.io/providers.html !!! IMAP ((IMAP Authentication)) !!! POP3 POP3 Authentication !!! Vpopmail Vpopmail Authentication !!! Tiki and Pam ((PAM authentication)) !!! CAS ((CAS Authentication)) !!! Shibboleth ((Shibboleth Authentication)) !!! phpBB ((phpBB Authentication)) !! Future Plans (please help!) * [https://cacert.org/|CACert (or other) Client Certificates] * [http://www.gnupg.org/|GPG]/PGP PKI, including tools such as [https://webpg.org/WebPG|WebPG] * Post-Login Security Question? Like when logging into a bank website. !! Future Delusions * [http://www.yubico.com/yubikey|YubiKey] or, egads, [https://store.yubico.com/store/catalog/product_info.php?products_id=56&osCsid=fbc8790cd428b8e949bdf4497c53145b|YubiHSM!] * [http://directory.apache.org/triplesec/|Apache TripleSec] !! Deprecated !!! OpenID * ((OpenID)) -=alias=- * (alias(Login Authentication Methods)) * (alias(Login Authentication Method))
Related content