How to setup single sign-on between MediaWiki and JSP website

Question

This is it: I have a website using JSP and deployed on tomcat. What I want to do now is to setup a MediaWiki with a sso system. Ie I want users to access my first site and my MediaWiki with the same account, and don't need to login again when moving from one to the other.

Currently the two systems share the account list using a Ldap system ( setup with openldap ). When connecting on the JSP, it stores a JSESSIONID parameter in a cookie, and when connecting to MediaWiki, it seems to store 3 parameters: wikidb_session, wikidbUserID and wikidbUserName.

What's the best way to make the two systems sharing the session cookie?

Alexis

Answer 1

You can't share the session cookie because each applications (Mediawiki and your JSP site) have its own.

What you can do it's to have a single sign on module that woud be used by each of your applications.

You can look at JASIG CAS (Central Authentication Service) http://www.jasig.org/cas .

Steps :

1. install the CAS Server application that will handle authentication. It's a java web application that you can install on your same servlet engine that already run your JSP site. CAS Server has multiple authentication handler like LDAP.

2. add the CAS Client to your JSP site. CAS Client is available as a servlet filter that will redirect non authenticated users to CAS Server where users will authenticate, then CAS Server will redirect users to the initial application with a special parameter (service ticket). The CAS Client filter will use the parameter to contact the CAS Server to get the login of the user. It could require a little work for you, as you have to move the authentication part in your JSP site to the CAS Server.

3. add the CAS Client to your Mediawiki. CAS Client is also available as a PHP Client (PHPCas). Mediawiki seems to be CAS ready : http://www.mediawiki.org/wiki/Extension:CASAuthentication