Embecta MediaWiki SSO Installation Guide

1. Download saml.zip  & PluggableAuth.zip from
Unzip place folders PluggableAuth & saml in Mediawiki /extensions folder.


2. Edit LocalSettings.php and following lines at the bottom.
$wgGroupPermissions[‘*’][‘read’] = false;
$wgGroupPermissions[‘*’][‘createaccount’] = true;
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_EnableLocalProperties = false;
$wgPluggableAuth_ButtonLabel = ‘Login with Embecta SSO’;
$wgPluggableAuth_Config[‘Login with Embecta SSO’] = [
  ‘plugin’ => ‘Cas’,
  ‘data’ => []
$wgmediawiki_Home = ‘https://your-mediawiki-url.com‘;
wfLoadExtension( ‘PluggableAuth’ );
wfLoadExtension( ‘saml’ );


3. From Azure AD IdP Metadata configure extensions/saml/sso/settings.php
In this file –
$pluginBaseUrl : Update base path with your MediaWiki Url
$spBaseURL : Update base path with your MediaWiki Url
entityId : Update with IdP entityId
url : Update with Idp Single Sign-On Url
X509cert : Update this IdP cert


4. In Azure AD – 
a. Create SAML Application & Configure using Metadata File. 


b. In SAML Application set nameidentifier as user.mail