1 [[!meta title="How do I authenticate users with certificates?"]]
2 Please note that this method requires **all** users to authenticate
3 with certificates. Password login is disabled.
5 \1) Configure your site for certificate authentication. For
6 example, if you just want to make your site accessible to any MIT
7 user with certificates, add the following to `.htaccess` in your
12 ErrorDocument 401 /__scripts/needcerts
14 For further information and options, including restricting access
15 to specific people, see our full
16 [FAQ on certificate authentication on scripts.](http://scripts.mit.edu/faq/15/)
19 [SSLAuthPlugin.php](http://www.mediawiki.org/wiki/Extension:SSL_authentication#SSLAuthPlugin.php_.28MW_1.15.29)
20 from the MediaWiki project.
22 \3) Add the following to `LocalSettings.php`:
24 require_once('extensions/SSLAuthPlugin.php');
26 $ssl_RN = $_SERVER['SSL_CLIENT_S_CN'];
27 $ssl_UN = $_SERVER['SSL_CLIENT_S_DN_Email'];
28 $atmit = '@mit.edu'; $atmit_len = strlen($atmit);
29 if ( strcasecmp( $atmit, substr($ssl_UN,-$atmit_len) ) == 0 )
30 $ssl_UN = substr($ssl_UN, 0, -$atmit_len);
31 $ssl_UN = str_replace('_', ' ', $ssl_UN);
32 $ssl_email = $_SERVER['SSL_CLIENT_S_DN_Email'];