Planning for project down the track (the one after next one after I finished this one)
I looking at integrating a couple of blogs and a wiki with a matrix install. If my memory serves me at the Matrix Users Conference, someone (Avi?) mentioned that integration with WordPress is likely. Just wondering if/when that will happen.
Also will there be integration with wiki software, and if so which one and when?
You can integrate with WordPress already, using the DB Data Source.
... though it all depends on what you mean by integration. :) Can you give us some idea of how you want the systems to interact?
Would like seamless integration from 'users' point of view.
One username/password for matrix (though most will be just users not backend users), forum, wiki and blog/s.
Search would cover matrix site, forum/s, wiki and blog/s.
You can do this currently with Matrix and IP.Board (by using IP.Board users in Matrix). I don't know if any plan to further integrate with other third-party applications at an authentication level. Probably the easiest way to do this would be to externalise user accounts completely by having all of them use an LDAP directory as the source.
[quote]Search would cover matrix site, forum/s, wiki and blog/s.[/quote]
You would need a third-party search engine for this -- the Matrix search engine can only index/find content stored inside the Matrix system.
That was what I was hoping for with wordpress and a wiki.
[quote]but I don't know if any plan to further integrate with other third-party applications at an authentication level.[/quote]
That means time to start looking at alternatives.
[quote]Probably the easiest way to do this would be to externalise user accounts completely by having all of them use an LDAP directory as the source.[/quote]
Something that has been promised in our organisation for a long time. Time to start twisting some arms.
[quote]You would need a third-party search engine for this – the Matrix search engine can only index/find content stored inside the Matrix system.[/quote]
That means looking at alternative options. Should I wait till after the announcement Lee hinted at.
Dunno -- I don't know what Lee's hinting at. :)
However, authentication integration is the holy grail of any web property comprised of multiple systems, and things like LDAP can make that a lot easier. Having said that, I don't know which wiki/blog solutions actually support LDAP-based authentication. You'd also need a mechanism for users to register themselves in your LDAP server.
Many things as usual, but one involved search and a third party
[quote]However, authentication integration is the holy grail of any web property comprised of multiple systems, and things like LDAP can make that a lot easier. Having said that, I don't know which wiki/blog solutions actually support LDAP-based authentication. You'd also need a mechanism for users to register themselves in your LDAP server.[/quote]
And also the know how to setup and maintain an LDAP server which is missing at this end. Well I have got six months to get somebody up to speed.
Sounds like a good hint. :D
This is something I've wondered about - LDAP not being an option for me but an authenticating URL might be. For example (and this isn't the real world example as that is too much pain to inflict on people ;-) but if you had say an openID module in apache:
http://trac.butterfat.net/public/mod_auth_openid
You could setup a location directive to authenticate via URI
[codebox]<location "/openID">
(open ID stuff)
</location>
[/codebox]
If you then created users in the system with a match on username how could you use the openID auth? There seems to be two ways to try (I've not yet) one is the HTTP Authentication Variable (but that wouldn't work if you were presented with a matrix login screen at any point) OR on the URLs screen on a site there is that Authentication Redirects bit that I've read a million times but don't understand.
Thoughts?
K
Matrix is able to bypass the login screen and log a user in based on a username stored in a server var. The system config screen has HTTP authentication options to help you configure this.
The authentication redirect URL allows the Matrix to redirect the user to a particular URL instead of showing the login box. Matrix then assumes that URL it is redirecting to will somehow log the user in (an auth proxy) so that when the request comes back to Matrix, we will read a server var and log the user in automatically.
[quote]Matrix is able to bypass the login screen and log a user in based on a username stored in a server var. The system config screen has HTTP authentication options to help you configure this.
The authentication redirect URL allows the Matrix to redirect the user to a particular URL instead of showing the login box. Matrix then assumes that URL it is redirecting to will somehow log the user in (an auth proxy) so that when the request comes back to Matrix, we will read a server var and log the user in automatically.[/quote]
Hi I'm trying to get this working but struggling. The simplest way (I think it should work?) is by enabling the server var option:
Accept HTTP Authentication Yes
HTTP Authentication Variable REMOTE_USER
Then created a phpinfo() script outside of the matrix root and added to apache:
Alias "/info.php" "/var/www/html/info.php"
<location "/info.php">
AuthType Basic
AuthName "Test"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
</location>
Adding the user 'kjb' to the .htpasswd file (the user kjb exists within MSM as well)
That works when you login and you can see the server variable contains the username 'kjb' but when you go to /_edit or /_admin I am still prompted for a username and password? Have I forgotten to do something?
Ideally I'd finally like to have something like:
<LocationMatch "/_login$">
CosignProtected On
AuthType Cosign
Require valid-user
</LocationMatch>
As we use mod_cosign (http://weblogin.org/) across a number of web based systems…
Thanks in advance
K
[quote]Accept HTTP Authentication Yes
HTTP Authentication Variable REMOTE_USER[/quote]
I just setup Basic authentication on my development Matrix install and got the username in the PHP_AUTH_USER variable, not REMOTE_USER. You'd have to check once Cosign is installed and working to see exactly what name PHP sees the HTTP Header variable as.
I must still be doing something else wrong. Switched to PHP_AUTH_USER , login using basic auth and looked at the phpinfo() script and the username appears in that variable correctly but when I append /_edit (or /_admin) it still prompts for the username/password. I did wonder about it maybe being that squid is in front of the CMS but its setup to pass any '/_edit' URL straight though...
Cosign is straight forward... it does set some variable of its own BUT also sets the REMOTE_USER and PHP_AUTH_USER variables with the username.. so If I get basic working it should also work with cosign
K
…tried the whole thing again on a fresh system - avi could you give me a step by step as to what exactly you've done?
K
Is Squid perhaps killing the HTTP header somehow, though? Can you try without Squid to see if that works?
I will post my configuration when I get back home tonight -- I did it on my home PC. :)
[quote]Is Squid perhaps killing the HTTP header somehow, though? Can you try without Squid to see if that works?
I will post my configuration when I get back home tonight – I did it on my home PC. :)[/quote]
yeah the fresh install was on a non-squid box… thanks for when you have time.
K
I must admit, I didn't do anything special -- I setup Basic Authentication across my entire virtual host that runs Matrix, added a user into .htpasswd with the same name as a Matrix user, then enabled PHP_AUTH_USER and "Allow HTTP Authentication" in Matrix. Once I did that, Matrix logged me in using my HTTP credentials.
Hi Avi,
[quote]I must admit, I didn’t do anything special – I setup Basic Authentication across my entire virtual host that runs Matrix, added a user into .htpasswd with the same name as a Matrix user, then enabled PHP_AUTH_USER and “Allow HTTP Authentication” in Matrix. Once I did that, Matrix logged me in using my HTTP credentials.[/quote]
Ok tried again brand spanking new 3.18.1… Squid not running…
Create backend user ‘kjb’ (set live - Checked I can login from /_admin)
Set Allow HTTP Authentication to yes
change the HTTP Authentication Variable to PHP_AUTH_USER
Set up the virtual host:
[codebox]<VirtualHost *:80>
DocumentRoot /var/www/mysource_matrix/core/web
ServerName my.server.dns
<Directory “/var/www/mysource_matrix”>
Options -Indexes FollowSymLinks
Order deny,allow
Deny from all
</Directory>
<Directory “/var/www/mysource_matrix/core/web”>
Options -Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
<Directory “/var/www/mysource_matrix/core/lib”>
Options -Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
<Directory “/var/www/mysource_matrix/data/public”>
Options -Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
<Directory “/var/www/mysource_matrix/fudge”>
Options -Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
Alias “/info.php” “/var/www/html/info.php”
<Directory “/var/www/mysource_matrix”>
AuthType Basic
AuthName “Test”
AuthUserFile /var/www/html/.htpasswd
Require valid-user
</Directory>
Alias “/__data” “/var/www/mysource_matrix/data/public”
Alias “/__lib” “/var/www/mysource_matrix/core/lib”
Alias “/__fudge” “/var/www/mysource_matrix/fudge”
Alias “/” “/var/www/mysource_matrix/core/web/index.php/”
</VirtualHost>[/codebox]
Restart apache
goto:
http://my.server.dns/_admin
Get prompted for the username / password by apache (enter them)
Get the matrix login prompt (can again login)
Goto:
http://my.server.dns/_admin
and it reports that the PHP_AUTH_USER variable is set to kjb as expected.
Anything I’ve missed? Or do I just give up and put this down to mystery?
K