1. Download saml.zip & PluggableAuth.zip from
Unzip place folders PluggableAuth & saml in Mediawiki /extensions folder.
extensions/PluggableAuth
extensions/saml
2. Edit LocalSettings.php and following lines at the bottom.
$wgGroupPermissions[‘*’][‘read’] = false;
$wgGroupPermissions[‘*’][‘createaccount’] = true;
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_EnableLocalProperties = false;
$wgPluggableAuth_ButtonLabel = ‘Login with Embecta SSO’;
$wgPluggableAuth_Config[‘Login with Embecta SSO’] = [
‘plugin’ => ‘Cas’,
‘data’ => []
];
$wgmediawiki_Home = ‘https://your-mediawiki-url.com‘;
wfLoadExtension( ‘PluggableAuth’ );
wfLoadExtension( ‘saml’ );
3. From Azure AD IdP Metadata configure extensions/saml/sso/settings.php
In this file –
$pluginBaseUrl : Update base path with your MediaWiki Url
$spBaseURL : Update base path with your MediaWiki Url
entityId : Update with IdP entityId
url : Update with Idp Single Sign-On Url
X509cert : Update this IdP cert
4. In Azure AD –
a. Create SAML Application & Configure using Metadata File.
b. In SAML Application set nameidentifier as user.mail
