1authsmartcard Plugin for DokuWiki
5All documentation for this plugin can be found at
8If you install this plugin manually, make sure it is installed in
9lib/plugins/authsmartcard/ - if the folder is called different it
10will not work!
12Please refer to http://www.dokuwiki.org/plugins for additional info
13on how to install plugins in DokuWiki.
16Copyright (C) Stephen Bowman <firstname.lastname@example.org>
18This program is free software; you can redistribute it and/or modify
19it under the terms of the GNU General Public License as published by
20the Free Software Foundation; version 2 of the License
22This program is distributed in the hope that it will be useful,
23but WITHOUT ANY WARRANTY; without even the implied warranty of
24MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25GNU General Public License for more details.
27See the COPYING file in your DokuWiki folder for details
4Dokuwiki plugin providing client certificate (smartcard) authentication.
8This plugin authenticates users to dokuwiki by comparing the user's client certificate's CN attribute with the group field for a user in the dokuwiki user database.
10For example, user John Doe needs access to the Wiki. John has a client certificate (or smartcard with a certificate on it) that as a CN attribute of 'DOE.JOHN.99999'. John Doe has is added to the dokuwiki user database by an administrator. His username is 'jdoe'. His groups are set to 'DOE.JOHN.99999, finance'.
12When John Doe access the Wiki with his browser configured to use a client certificate (or smartcard), this plugin will authenticate user 'jdoe' by comparing the CN of his certificate with the groups he is a member of in the dokuwiki user database.
14This is a rewrite of an old plugin by Margus Pärt (mxrguspxrt). Much of the plugin structure and API changed with dokuwiki requiring a rewrite.
18## Apache Configuration
20In addition to all the other SSL directives (SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile, etc.) you'll need to require client certificates:
23 SSLVerifyClient require
24 SSLVerifyDepth 10
25 SSLOptions +StdEnvVars +ExportCertData
28Depending on your version of Apache and virtual host configuration, you may also need (but should use carefully):
31 SSLInsecureRenegotiation on
34You will also need to allow htaccess for the virtual directory that contains the plugin. Otherwise, integrate the entries in authsmartcard/.htaccess into your Apache configuration specific for that virtual directory.
36Redirect requests to the authentication plugin, so that requests to the first page of the wiki, e.g., https://YOUR_DOMAIN/DOKUWIKI_PATH/, are automatically authenticated.
39 RedirectMatch ^/$ https://YOUR_DOMAIN/DOKUWIKI_PATH/lib/plugins/authsmartcard/auth/
42If you don't do the above step, you'll need to edit your main wiki login page (YOUR_DOKUWIKI_INSTALLATION/inc/lang/YOUR_CHOSEN_LANGUAGE/login.txt) to have a link for users to authenticate themselves to the wiki. Something like:
44To log on with your client certificate, follow this link: [[lib/plugins/authsmartcard/auth/|Authenticate with Certificate/Smartcard]]
50You can install this by providing the URL to your Dokuwiki's Plugin Manager - https://github.com/sbbowman/dokuwiki-authsmartcard/zipball/master
54Unpack the plugin to DOKUWIKI_ROOT/lib/plugins/
56Ensure that DOKUWIKI_ROOT/lib/plugins/authsmartcard/* is readable by Apache.
60Ensure that the authtype is set to authsmartcard in conf/local.php or conf/local.protected.php:
63$conf['authtype'] = 'authsmartcard';
66Available configuration options for the plugin are:
69// Enable logging?
70$conf['log_to_file'] = true;
71// If log_to_file is enabled, where to log? Make sure apache/php can write to this file
72$conf['logfile'] = "/full/path/to/logfile/writable/by/apache";