I'm not sure if this is a bug or simply lack of understanding of how this extension works on my parts. I am trying to upgrade from an older generation of this extension and mediawiki (pre-1.27) that worked well with the REMOTE_USER/REMOTE_USER_DATA variables set by single-signon. However, I am having a hard time getting the current version of Auth_remoteuser working with mediawiki-1.31.0 to enable public wikis that require logins only for editing and admin functions. The setup I have consists of the same Special:UserLogin redirect to a SSO-protected Authentication page that seems to work fine as I see my user logged in on that particular page when I use a closure recommended by the Auth_remoteuser documentation shown below. However, the moment I navigate away from a SSO-protected page I see 'Log In' navigational link and cannot edit pages or perform any logged-in functions even though a review of cookies shows that there is a valid session and the correct username is stored in other relevant cookies. Here's my LocalSettings.php configuration pertitent to Auth_remoteuser:
wfLoadExtension( 'Auth_remoteuser' );
$wgSessionName = 'wikidb_main_session';
$wgAuthRemoteuserRemoveAuthPagesAndLinks = true;
$wgSessionsInObjectCache = true;
$wgAuthRemoteuserUserName = function() {
if ( isset ($_SERVER['REMOTE_USER_DATA']) ){
$credentials = explode( ':',$_SERVER['REMOTE_USER_DATA']);
$username = ucfirst($credentials[0]);
return $username ? $username : null;
}
};
Of course, on all non-protected pages the $_SERVER['REMOTE_USER_DATA'] is not set, so the user is considered logged-out, which is not the behavior I would expect from Auth_remoteuser.
Fully private wikis work well with Auth_remoteuser as REMOTE_USER and REMOTE_USER_DATA are set by the webserver for every URI.
Thank you,
Alex