MediawikiShibAuthWithPersistentID

=Extension:Shibboleth Authentication with persistent-id support=

This extension is based on the original Extension:Shibboleth Authentication, the basic information will not be copied, here you can find the differences and the explanation of these differences.

The main object of this development is to make the extension support opaque persistent-id. Persistent-id could come from the Identity Provider (IdP), where the user has been authenticated, as value of persistent nameid, or as value of eduPersonTargetedID attribute. From the view of the mediawiki the route is, how the persistent-id is coming, irrelevant, for the mediawiki it is given by the Service Provider (SP). More about persistent-id

The main point is that persistent-id meets the privacy requirements much better than e.g. if the mediawiki gets e-mail address of the user, and it is used as local username.

Preparation
You have to add an SQL table to be able to pair persistent-id and the local-id of the user.

LocalSettings.php
I made only a little change to make easier to configure the modul with different Shibboleth variable names, and set a working logout link.

ShibAuthPlugin.php
I rewrote the  function, extended with a few new function, and comments. :) I did not change ShibAuthPlugin class, and made only a little changes in SetupShibAuth function.

I did not change the version information neither.

After login
If the user only has persistent-id, and it is the first time to login, he is given a temporary username, so he will be supposed to change it. To change username mediawiki needs an extension, called RenameUser.

We have to make a small modification on the extension. You can see the patch below, and download from here for the.

ToDo

 * Testing - I tested only on MediaWiki 1.15.3, it worked properly
 * Bugfix - If I modify UserLoadFromSession to UserLoadAfterLoadFromSession, the "reload bug" is still with us :S
 * Cleaning the code
 * Write SQL install script
 * Anything else?