# AuthRemoteUser #
This *DokuWiki*
plugin provides Single Sign On authentication via an
environment variable of the web server which is set through authentication
systems like
* HTTP-Auth,
* LDAP,
* CAS,
* Cosign,
* NTLM,
* PAM,
* WebAuth,
* SSPI,
* and so on.
Default variable name is `REMOTE_USER`.
It uses the default plain text file `conf/users.auth.php` to store user
information.
## Installation ##
1. Enable an authentication system which sets (domain and) username in an
environment variable on your web server (`_SERVER[...]`) (and disable
anonymous authentication) on your web server.
2. Search and install the plugin using the
Extension Manager. Refer to
Plugin Installation Instructions on how to install
plugins manually.
## Usage ##
1. Determine the variable name your authentication system uses:
1. Default is `REMOTE_USER`.
2. If your authentication system uses another variable name notice this
name.
2. Determine your username:
1. Save file `phpinfo.php` on your web server:
```php
```
2. Open `phpinfo.php` in your web browser and search for the (domain and)
username in `_SERVER[...]` whereby `...` is the variable name of your
authentication system.
3. Add this value as new user ID to your user list if it is missing and
add them groups `admin` and `user`.[^1]
4. Remove file `phpinfo.php`.
3. In your *DokuWiki* login as superuser, click *Admin*, choose
*Configuration Settings*, and configure these settings:
1. Disable action `profile`.
2. If enabled, disable option `subscribers` temporarily.
3. Enable `authtype` *AuthRemoteUser*.
4. Disable `rememberme`.
5. If your authentication system doesn't use variable name `REMOTE_USER`
set the name (see also topic 1.2) in `server_var_name_of_auth_system`.
5. Save this configuration.
4. Remove *DokuWiki* cookie from your browser or close and restart your
browser.
5. Reload your *DokuWiki* installation. Your login should be automatically
detected.
6. Now, you can re-enable option `subscribers` again (see above).
Copy the configuration settings to the `conf/local.protected.php` file to
protect the settings against changes via *Config Manager*.
Administration of users and its groups is done in the *User Manager* which is
fully supported by this plugin.
## Storage ##
*AuthRemoteUser* uses the same storage backend like *authplain* that is
`conf/users.auth.php`. Users which are added after switching to
*AuthRemoteUser*, won't contain an encrypted password.
That is: You can switch back to *authplain* (and enable `profile` setting)
whenever you want, and all your users which were already added before are still
able to login using their (hopefully yet known) password. All other users can
use the *forget my password* link.
### File Format ###
Empty lines, and everything after a `#` character are ignored. Each line
contains a colon separated array of five fields:
```txt
loginname:password:Real Name:email:groups
```
* `loginname`:
This has to be a valid page name.
* `password`:
Encrypted password if user id was added using *authplain*, otherwise empty.
* `Real Name`:
Real name of the user.
* `email`:
Email address of user.
* `groups`:
Comma separated list of groups a user is member of. The group names must
follow the rules of valid page names.
### Editing ###
Since `conf/users.auth.php` is a plain text file, it can be edited with any
text editor.
[^1]: Don't be surprised: The user ID is converted to a valid page name.