1dokuwiki-authsmartcard 2====================== 3 4Dokuwiki plugin providing client certificate (smartcard) authentication. 5 6# Summary 7 8This plugin authenticates users to dokuwiki by comparing the user's client certificate's CN attribute with the group field for a user in the dokuwiki user database. 9 10For example, user John Doe needs access to the Wiki. John has a client certificate (or smartcard with a certificate on it) that as a CN attribute of 'DOE.JOHN.99999'. John Doe has is added to the dokuwiki user database by an administrator. His username is 'jdoe'. His groups are set to 'DOE.JOHN.99999, finance'. 11 12When John Doe access the Wiki with his browser configured to use a client certificate (or smartcard), this plugin will authenticate user 'jdoe' by comparing the CN of his certificate with the groups he is a member of in the dokuwiki user database. 13 14This is a rewrite of an old plugin by Margus Pärt (mxrguspxrt). Much of the plugin structure and API changed with dokuwiki requiring a rewrite. 15 16# Prerequisites 17 18## Apache Configuration 19 20In addition to all the other SSL directives (SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile, etc.) you'll need to require client certificates: 21 22``` 23 SSLVerifyClient require 24 SSLVerifyDepth 10 25 SSLOptions +StdEnvVars +ExportCertData 26``` 27 28Depending on your version of Apache and virtual host configuration, you may also need (but should use carefully): 29 30``` 31 SSLInsecureRenegotiation on 32``` 33 34You will also need to allow htaccess for the virtual directory that contains the plugin. Otherwise, integrate the entries in authsmartcard/.htaccess into your Apache configuration specific for that virtual directory. 35 36Redirect requests to the authentication plugin, so that requests to the first page of the wiki, e.g., https://YOUR_DOMAIN/DOKUWIKI_PATH/, are automatically authenticated. 37 38``` 39 RedirectMatch ^/$ https://YOUR_DOMAIN/DOKUWIKI_PATH/lib/plugins/authsmartcard/auth/ 40``` 41 42If you don't do the above step, you'll need to edit your main wiki login page (YOUR_DOKUWIKI_INSTALLATION/inc/lang/YOUR_CHOSEN_LANGUAGE/login.txt) to have a link for users to authenticate themselves to the wiki. Something like: 43 44To log on with your client certificate, follow this link: [[lib/plugins/authsmartcard/auth/|Authenticate with Certificate/Smartcard]] 45 46# Installation 47 48## Automatically 49 50You can install this by providing the URL to your Dokuwiki's Plugin Manager - https://github.com/sbbowman/dokuwiki-authsmartcard/zipball/master 51 52## Manually 53 54Unpack the plugin to DOKUWIKI_ROOT/lib/plugins/ 55 56Ensure that DOKUWIKI_ROOT/lib/plugins/authsmartcard/* is readable by Apache. 57 58# Configuration 59 60Ensure that the authtype is set to authsmartcard in conf/local.php or conf/local.protected.php: 61 62``` 63$conf['authtype'] = 'authsmartcard'; 64``` 65 66Available configuration options for the plugin are: 67 68``` 69// Enable logging? 70$conf['log_to_file'] = true; 71// If log_to_file is enabled, where to log? Make sure apache/php can write to this file 72$conf['logfile'] = "/full/path/to/logfile/writable/by/apache"; 73``` 74