authentication2Add my vote for this tag create new tag
, view all tags


Note: The text below is contained in the topic TWiki.LoginNameAliasesPluginDoc when the plugin is installed. The topic TWiki.LoginNameAliasesPlugin contains just the configuration settings for the plugin. This separation was done in order to avoid having to parse a long documentation topic each time the plugin is used.

See TWiki:Plugins.LoginNameAliasesPluginDev for bug reports, comments, etc.

In an intranet environment, access to TWiki may be controlled via external authentication mechanisms (PubCookie, for example) and users are identified to TWiki via a REMOTE_USER variable that is set by such a mechanism. This can lead to the following issues:

  • This remote user variable may not be suitable for direct use as a TWiki login name (e.g. it may contain special characters).
  • The same person may connect to TWiki via various authentication domains or methods. For example, JohnSmith may connect both as jsmith@DOMAIN1 and johns@DOMAIN2, and should be identified as the same user to TWiki.
  • Non-registered but identified users may connect to TWiki in this way and one may wish to map such users to a particular registered user.

These issues have been discussed in several TWiki support topics on http://twiki.org. Proposed solutions have often involved making small changes to TWiki source files. The LoginNameAliasesPlugin makes use of initializeUserHandler and attempts to provide a configurable, plugin-based solution to some of these problems. It was originally designed to be used in a intranet environment where all registered users have both a WikiName and a user name (which is often the same as a Unix or Windows username).


Behavior of this plugin is controlled through the following settings in the TWiki.LoginNameAliasesPlugin topic. Important: the settings topic will not be read if you have renamed your TWiki web or installed this topic in another web.

  • MAP_BLANK_USER = <user>
  • USE_ALIASES = <boolean>
  • REMOVE_PREFIX = <string>
  • REMOVE_SUFFIX = <string>
  • MAP_UNREGISTERED = <login name>
  • LOGGING = <boolean>
  • DEBUG = <boolean>

To activate the plugin: the variable $useLoginNameAliasesPlugin in TWiki.cfg must be set to a true value in order for the plugin to perform any actions.

In addition to the settings, the configuration page may contain aliases. An alias entry is a single line of the form:

<multiple of 3 spaces>*<space>ALIAS:<space><string><space><username>
For example:
   * ALIAS: johns@BAR.COM jsmith
If the user (as passed to the plugin) is an exact match for the first string, the plugin will return the given username.

How it works

When it runs, the plugin performs the following steps in succession to the username passed to initializeUserHandler. $TWiki::securityFilter is applied to all results before they are returned. Note that if $ENV{'REMOTE_ADDR'} is not set, the plugin will return "" after logging some debugging information (if DEBUG is set).

  1. If the username is blank or would be blank after applying $TWiki::securityFilter, return either "", or the value of MAP_BLANK_USER if it is set. Note: a username that would evaluate to false in Perl (e.g. the user "0") is treated as blank.
  2. If USE_ALIASES is set, the alias list is checked for a match and the first match found is returned.
  3. If REMOVE_PREFIX is set, an attempt is made to remove that string from the beginning of the username (quotemeta is applied to the string before it is used).
  4. If REMOVE_SUFFIX is set, an attempt is made to remove that string from the end of the username (quotemeta is applied to the string before it is used).
  5. The MAP_BLANK_USER check from step 1 is applied again, since steps 3 or 4 may have zapped the whole username.
  6. If MAP_UNREGISTERED is set, then check to see if the user has a WikiName. If not, then return the value of MAP_UNREGISTERED. If the user already has a WikiName, go to step 7. Note: This setting will not work unless doMapUserToWikiName is set to 1 in TWiki.cfg.
  7. If the username after the PREFIX/SUFFIX transformations is different from the one passed to us in the original username argument, the new name will be returned after being passed through the security filter. If it is the same as the original one, then "" will be returned if RETURN_NOTHING_IF_UNCHANGED is true, otherwise the original username will be returned.

If LOGGING is turned on, the following fields will be logged to to the file PubDir()/TWiki/LoginNameAliasesPlugin/_logfile.txt: timestamp, $ENV{'REMOTE_ADDR'}, $ENV{'REMOTE_USER'}, the username that was passed to the plugin, the username that the plugin returned. This is useful for debugging and keeping a record of user names before they are mapped. Note that the logfile must be writable by the web server (just like other TWiki log files).


There are obvious security risks with allowing arbitrary user names to get mapped to arbitrary TWiki users. To mitigate these risks:
  • The plugin does not do anything unless $useLoginNameAliasesPlugin is set in TWiki.cfg.
  • The plugin configuration topic, TWiki.LoginNameAliasesPlugin, should have access permissions set such that only people in the TWikiAdminGroup (or other people who can be trusted) can change it. By default, the topic is distributed with this access restriction.


Misconfiguration of this plugin could cause problems for TWiki operation, and/or create various security problems. (I have tested this on 4.1.2 for removing the domain name suffix. It works. Have not tested the alias. I have attached the dakar version of the plugin from LoginNameAliasesPluginDev to this topic - ChengappaCB)

Syntax Rules

See documentation above


See documentation above

Plugin Settings

Plugin settings are stored in the TWiki.LoginNameAliasesPlugin topic as either preferences variables or "ALIAS:" settings. See the documentation above for details.

Some Plugin settings for this plugin are stored as preferences variables. Others are stored as special "ALIAS" settings. See the documentation above for details. To reference a preferences variables plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

  • One line description, shown in the TextFormattingRules topic:
    • Set SHORTDESCRIPTION = Maintain multiple aliases of login names

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

  • Download the ZIP file from the Plugin web (see below)
  • Unzip LoginNameAliasesPlugin.zip in your twiki installation directory. Content:
    File: Description:
    data/TWiki/LoginNameAliasesPlugin.txt Plugin topic (by default editable only by TWikiAdminGroup)
    data/TWiki/LoginNameAliasesPlugin.txt,v Plugin topic repository
    data/TWiki/LoginNameAliasesPluginDoc.txt Plugin documentation topic
    lib/TWiki/Plugins/LoginNameAliasesPlugin.pm Plugin Perl module
    pub/TWiki/LoginNameAliasesPlugin/_logfile.txt Default logfile

Plugin Info

Plugin Author: TWiki:Main/ClaussStrauch
Plugin Version: 23 Jul 2004 (V1.000)
Change History:  
23 Jul 2004: Initial version
TWiki Dependency: $TWiki::Plugins::VERSION 1.024
CPAN Dependencies: none
Other Dependencies: none
Perl Version: 5.005
TWiki:Plugins/Benchmark: GoodStyle 98%, FormattedSearch nn%, LoginNameAliasesPlugin nn%
Plugin Home: http://TWiki.org/cgi-bin/view/Plugins/LoginNameAliasesPlugin
Feedback: http://TWiki.org/cgi-bin/view/Plugins/LoginNameAliasesPluginDev
Appraisal: http://TWiki.org/cgi-bin/view/Plugins/LoginNameAliasesPluginAppraisal

Related Topics: TWikiPreferences, TWikiPlugins

-- TWiki:Main/ClaussStrauch - 23 Jul 2004

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatmd5 LoginNameAliasesPlugin.md5 r2 r1 manage 0.2 K 2008-12-12 - 11:43 SopanShewale checksum file , Uploaded as a part of Release Process
Compressed Zip archivetgz LoginNameAliasesPlugin.tgz r2 r1 manage 7.3 K 2008-12-12 - 11:42 SopanShewale See LoginNameAliasesPlugin for details. Untar and run the installer script, Uploaded as a part of Release Process
Compressed Zip archivezip LoginNameAliasesPlugin.zip r4 r3 r2 r1 manage 9.4 K 2008-12-12 - 11:43 SopanShewale See LoginNameAliasesPlugin for details. Unzip and run the installer script , Uploaded as a part of Release Process
Unknown file formatgz LoginNameAliasesPluginDakar.tar.gz r1 manage 6.5 K 2008-01-10 - 13:37 ChengappaCB Dakar version.
Unknown file formatEXT LoginNameAliasesPlugin_installer r2 r1 manage 3.5 K 2008-12-12 - 11:43 SopanShewale Installer Script, Uploaded as a part of Release Process
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2008-12-12 - SopanShewale
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.