Skip to content Skip to navigation

Anonymous Read / WebAuth Editing with MediaWiki


When you install a Mediawiki instance through the collaboration tools installer you are given the option of either using "No WebAuth" or "Full WebAuth". The first option lets MediaWiki handle user accounts as it would normally do, using its own authentication system. The second option locks down the wiki so that it's available only to people who log in using WebAuth, even for viewing.

If you want to keep your wiki open to a wider community (perhaps open to the world), but use WebAuth to authenticate users before they are allowed to edit, here's how:

  1. Install MediaWiki using the collaboration tools installer and choose Full WebAuth as your option. If you have already installed a wiki with the No WebAuth option, don't worry, the process will work for that setup as well.
  2. Copy the login.txt file attached to this post at the root level of your installation (the same place where index.php is). Rename it to login.php. This is the page we'll send people to when they want to log in.
  3. Create a myextensions directory alongside the existing extensions directory.
  4. Place the WebAuth extension attached to this post in the new myextensions directory. Rename it from WebAuth.txt to WebAuth.php
  5. Update LocalSettings.php by commenting out (adding #'s at the beginning) the following two lines (they might already be commented out if you chose No WebAuth as an option):

    #$wgAuth = new Auth_remoteuser();
  6. Update LocalSettings.php by adding the following line which will call the newly installed extension:require_once("myextensions/WebAuth.php");
  7. Update or create an .htaccess file so that it protects the login.php file using WebAuth (modify the require statement based on your needs) that reads:
    <Files login.php>
    AuthType WebAuth
    require privgroup stanford:stanford

You should now see a "Login with WebAuth" link at the top right of the page and clicking on it should log you in. IT Services will test this new configuration (so let us know how well it works for you) and we'll incorporate it as a third option, alongside the "No WebAuth" and "Full WebAuth" options.