I have my WordPress install and MediaWiki sharing the same login information. Unfortunately, users need to log into both separately, but at least they use the same credentials.
What I would like to do is cause a successful login on the WordPress blog to also cause a login for MediaWiki (ideally both directions). There are two ways this could happen:
- Logging in causes a login on the other application (writes the cookie and creates the session in the DB)
- Accessing an application checks for the cookie of the other and then automatically logs in.
Since the usernames are shared it seems like the latter should be pretty easy to do. Any tips would be great.
The primary problem you are going to run into is that you’ll have two login forms, and two logout methods. What you need to do is pick one of the login forms as the default, and redirect the other one over to it.
I’ve been able to successfully integrate bbPress + MediaWiki + WordPress + WordPress MU, but I wrote a lot of custom code to do it.
I’m using the bbPress login page as the default (and .htaccess rewrite to /login/), and then I created my own MediaWiki authentication plugin (which looks a lot like the one you are using), except my plugin checks the WordPress/bbPress cookie for the login information and automatically logs the user in.
I created a customized /logout/ link that runs the bbPress logout, and also kills the MediaWiki cookies at the same time.
Then the last step was to redirect all of the other logout / login links for bbpress, mediawiki, etc, over to my consolidated one. I used .htaccess rewrites for this rather than mess with core code.
Still a work in progress, but it works fairly well.
You could consider some kind of single-sign-on software. I am unaware of any that are free and I’ve only ever used SiteMinder which is neither free nor good. Crowd may be better (but is again not free).
I’ve seen a setup going through Invision Power Board, using IpbWiki and a WordPress integration mod. Mind you, it’s expensive and excessive.
They both support OpenId now.
There are probably other options for using OpenId, but I think that is the best solution available.