Plexcel MediaWiki Plugin

The Plexcel MediaWiki Plugin seamlessly adds Active Directory authentication and access control to MediaWiki. This plugin has the following features.

Active Directory SPNEGO Single Sign-On (SSO)
User Information Populated from Active Directory
Explicit Login with Username and Password
Configurable Username Canonicalization
Windows Group Based Access Control List (ACL)
Windows Group Mapping
Automatic Directory Location
No setup on Windows side required
Superior Security of Kerberos
Internationalization (I18N)

Authentication

The Plexcel MediaWiki Plugin can authenticate clients against Active Directory using Single Sign-On (SSO) or by explicit login using the standard login form.

The default behavior is to authenticate clients using SSO. Users will not need to enter their username or password. Just visiting the site will trigger the browser to automatically authenticate the client and pass the user's information to the web server.

Alternatively users may choose to use the standard login form. If the client does cannot perform SSO (e.g. because they are not logged into the domain) authentication will fall-back to the login form.

Windows Group Based Authentication Control and Windows Group Mapping

The Plexcel MediaWiki Plugin employs an authentication ACL that can be used to restrict who can authenticate with MediaWiki to specific Windows groups. The plugin also allows mapping Windows groups into MediaWiki groups (e.g. users in ACME\Wiki Bureaucrats will automatically be added to the MediaWiki bureaucrat group). These features allow operators to push wiki access controls into AD and leverage existing IT infrastructure.

The full range of Windows group name forms may be used (no awkward LDAP DN strings). These access checks are very fast. Once the group names in your ACL have been resolved, no communication with the domain is required for subsequent requests.

Automatic Directory Location

Plexcel will automatically locate AD servers using standard Microsoft Sites & Services DNS lookups. Very little configuration of the Plexcel module is necessary. If you have multiple AD servers in different geographical locations, these features are a big plus.

Easy Installation

Plexcel comes with an easy to use web-based installer that will locate your AD server, create the necessary HTTP service account and set it's password. After restarting Apache, just copy the PlexcelAuth directory from the MediaWiki plugin package into the MediaWiki extensions directory and add a few lines to your LocalSettings.php. No direct modifications on the Windows side are necessary. Installation takes only a few minutes.

Please read the Plexcel MediaWiki Plugin Manual available on the Support page for detailed requirements and installation instructions.

To download this package, please visit the Downloads page.