 Release status: stable |
|
|---|---|
 |
|
| Implementation | User identity, User rights, Hook |
| Description | Allows to automatically authenticate users coming from certain network addresses |
| Author(s) | Olaf Lenz (Olenztalk) |
| Latest version | 2.1.2 (2020-03-17) |
| MediaWiki | 1.35+ |
| Database changes | No |
| License | GNU General Public License 2.0 or later |
| Download | Download extension Git [?]: |
|
Parameters
|
|
|
Hooks used
|
|
| Quarterly downloads | 18 (Ranked 152nd) |
| Translate the NetworkAuth extension if it is available at translatewiki.net | |
| Issues | Open tasks · Report a bug |
The NetworkAuth extension is intended to bind particular network addresses to specific users. When the wiki is accessed from a specific network address, they will be automatically logged in with the specified user name. When a wiki is configured not to allow anonymous read and/or write access, the extension can be used to grant read and write access for users from particular network addresses (e.g. from the intranet of a company).
Installation
- Download and place the file(s) in a directory called
NetworkAuthin yourextensions/folder. - Add the following code at the bottom of your LocalSettings.php file:
require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";
- Configure as described in this section.
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration
To configure the extension, set the configuration parameter $wgNetworkAuthUsers in LocalSettings.php, and optionally the configuration parameter $wgNetWorkAuthSpecialUsers.
Basic configuration
The configuration parameter $wgNetworkAuthUsers is an array that can contain one or several arrays to configure what user is logged in when a wiki page is loaded from a specific network address. NetworkAuth only becomes active when a user is not logged in already. When NetworkAuth detects an attempt to load a page by an anonymous user, it will check whether the source IP address of the request is matched by any of the records in $wgNetworkAuthUsers. If it is, it will log in the specified user.
The username defined in the configuration must be for a user that already exists in MediaWiki.
- Example
require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";
# Log-in unlogged users from these networks
$wgNetworkAuthUsers[] = [
'iprange' => [ '127.0.0.1',
'10.1.10.0/24',
'10.2.10.152/32' ],
'user' => 'NetworkAuthUser',
];
# Log-in unlogged users when IP matches this regular expression
$wgNetworkAuthUsers[] = [
'ippattern' => '/10\.1\.10\..*/',
'user' => 'NetworkAuthUser',
];
# Log-in unlogged users when IP’s reverse DNS lookup matches this domain
$wgNetworkAuthUsers[] = [
'hostpattern' => '/.*\.domain\.example\.com/i',
'user' => 'AdminComputer',
];
# To use the contents of the page MediaWiki:Networkauth-ips
# (Where the page is formatted as a '*' followed by either an IP or range)
$wgNetworkAuthUsers[] = [
'ipmsg' => 'networkauth-ips',
'user' => 'Foo',
];
Optional configuration
$wgNetWorkAuthSpecialUsersIt might be a good idea not to use NetworkAuth to log in a normal user account, but a special user account instead that exists exclusively for this purpose (e.g. "NetworkAuthUser"). In that case, one can add this account to the configuration parameter $wgNetWorkAuthSpecialUsers. Users in this list do not get the normal list of Personal Urls. Instead, the PersonalUrls show:
- that the user is logged via the NetworkAuth extension
- the IP address of the user
- a link to log out
- a link to log in
- Example
$wgNetworkAuthSpecialUsers[] = 'NetworkAuthUser';
 | This extension is included in the following wiki farms/hosts and/or packages: This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |