Single sign-on: EventManager and MediaWiki

Any web application should strive to keep out of the user’s way: different pieces of software should work together, giving the impression that they fit together like pieces of a jigsaw. One of the stumbling blocks to that is when a user is asked to log in to one piece of software, and then asked to log in again when they visit a different portion of the interface.

We’ve been spending some time at Kent House to make sure that this doesn’t happen, and a part of that is to transparently carry logins across from the EventManager administrative interface to the documentation and support wiki, which runs on the same software as Wikipedia. The key to this is to stop the documentation wiki from asking for user information again, but instead for EventManager to hand the authentication data over.

It turns out that the process is simple: using strong encryption, a request containing the website and user details is handed to the index script of MediaWiki, which runs it through an authentication model. It’s there that the code can check the user details provided, and grant access based on whatever permissions model you wish.

Just one of the ways we’re improving the user experience for EventManager clients.