• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..Today-

auth/H27-Jul-2018-5329

conf/H27-Jul-2018-242

READMEH A D26-Jul-2018961 2819

README.mdH A D26-Jul-20183 KiB7445

auth.phpH A D26-Jul-20188.7 KiB285116

plugin.info.txtH A D26-Jul-2018244 87

README

1authsmartcard Plugin for DokuWiki
2
3Smartcard Authentication
4
5All documentation for this plugin can be found at
6https://github.com/sbbowman/dokuwiki-authsmartcard
7
8If you install this plugin manually, make sure it is installed in
9lib/plugins/authsmartcard/ - if the folder is called different it
10will not work!
11
12Please refer to http://www.dokuwiki.org/plugins for additional info
13on how to install plugins in DokuWiki.
14
15----
16Copyright (C) Stephen Bowman <sbbowman@gmail.com>
17
18This program is free software; you can redistribute it and/or modify
19it under the terms of the GNU General Public License as published by
20the Free Software Foundation; version 2 of the License
21
22This program is distributed in the hope that it will be useful,
23but WITHOUT ANY WARRANTY; without even the implied warranty of
24MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25GNU General Public License for more details.
26
27See the COPYING file in your DokuWiki folder for details
28

README.md

1dokuwiki-authsmartcard
2======================
3
4Dokuwiki plugin providing client certificate (smartcard) authentication.
5
6# Summary
7
8This plugin authenticates users to dokuwiki by comparing the user's client certificate's CN attribute with the group field for a user in the dokuwiki user database.
9
10For example, user John Doe needs access to the Wiki.  John has a client certificate (or smartcard with a certificate on it) that as a CN attribute of 'DOE.JOHN.99999'.  John Doe has is added to the dokuwiki user database by an administrator.  His username is 'jdoe'.  His groups are set to 'DOE.JOHN.99999, finance'.
11
12When John Doe access the Wiki with his browser configured to use a client certificate (or smartcard), this plugin will authenticate user 'jdoe' by comparing the CN of his certificate with the groups he is a member of in the dokuwiki user database.
13
14This is a rewrite of an old plugin by Margus Pärt (mxrguspxrt).  Much of the plugin structure and API changed with dokuwiki requiring a rewrite.
15
16# Prerequisites
17
18## Apache Configuration
19
20In addition to all the other SSL directives (SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile, etc.) you'll need to require client certificates:
21
22```
23    SSLVerifyClient require
24    SSLVerifyDepth 10
25    SSLOptions +StdEnvVars +ExportCertData
26```
27
28Depending on your version of Apache and virtual host configuration, you may also need (but should use carefully):
29
30```
31    SSLInsecureRenegotiation on
32```
33
34You will also need to allow htaccess for the virtual directory that contains the plugin.  Otherwise, integrate the entries in authsmartcard/.htaccess into your Apache configuration specific for that virtual directory.
35
36Redirect requests to the authentication plugin, so that requests to the first page of the wiki, e.g., https://YOUR_DOMAIN/DOKUWIKI_PATH/, are automatically authenticated.
37
38```
39    RedirectMatch ^/$ https://YOUR_DOMAIN/DOKUWIKI_PATH/lib/plugins/authsmartcard/auth/
40```
41
42If you don't do the above step, you'll need to edit your main wiki login page (YOUR_DOKUWIKI_INSTALLATION/inc/lang/YOUR_CHOSEN_LANGUAGE/login.txt) to have a link for users to authenticate themselves to the wiki.  Something like:
43
44To log on with your client certificate, follow this link: [[lib/plugins/authsmartcard/auth/|Authenticate with Certificate/Smartcard]]
45
46# Installation
47
48## Automatically
49
50You can install this by providing the URL to your Dokuwiki's Plugin Manager - https://github.com/sbbowman/dokuwiki-authsmartcard/zipball/master
51
52## Manually
53
54Unpack the plugin to DOKUWIKI_ROOT/lib/plugins/
55
56Ensure that DOKUWIKI_ROOT/lib/plugins/authsmartcard/* is readable by Apache.
57
58# Configuration
59
60Ensure that the authtype is set to authsmartcard in conf/local.php or conf/local.protected.php:
61
62```
63$conf['authtype'] = 'authsmartcard';
64```
65
66Available configuration options for the plugin are:
67
68```
69// Enable logging?
70$conf['log_to_file']		= true;
71// If log_to_file is enabled, where to log?  Make sure apache/php can write to this file
72$conf['logfile']		= "/full/path/to/logfile/writable/by/apache";
73```
74