XWiki

XWiki Configuration

  • Note: the following applies to Windows configuration

  • Log into your XWiki admin account and go to the Administer Wiki section

  • Go to the Extensions tab and install the OpenID Connect Authenticator extension

  • Edit the XWiki.cfg file and write the following line :

xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
  • Edit the XWiki.properties file and write the following lines:
oidc.xwikiprovider=https://mydomain.trustelem.com/app/150XXX
oidc.endpoint.authorization=https://mydomain.trustelem.com/app/150XXX/auth
oidc.endpoint.token=https://mydomain.trustelem.com/app/150XXX/token
oidc.endpoint.userinfo=https://mydomain.trustelem.com/app/150XXX/userinfo
oidc.scope=openid,profile,email
oidc.endpoint.userinfo.method=GET

oidc.user.nameFormater=${oidc.user.email}
oidc.user.subjectFormater=${oidc.user.subject}

oidc.clientid=trustelem.oidc.gvsteodb
oidc.secret=v0x8W4Gx97uycjBs18xeA5f6fkp2wyIY
oidc.endpoint.token.auth_method=client_secret_basic
oidc.skipped=false
  • Reboot your XWiki server to take modifications into account

Notes

  • This documentation applies if you have the standard flavor. If you have another flavor, the graphical user interface may differ

  • oidc.scope parameter can be adapted to suit your needs

  • For SSO to work with existing users, the field User on XWiki has to match their Trustelem email

  • To disable Single Sign-On, change the oidc.skipped=false line to oidc.skipped=true

Trustelem Configuration

  • On Trustelem, write your XWiki server URL in the corresponding field

Roles Configuration

  • If you want to map your Trustelem roles with XWiki’s ones you need to edit the XWiki.properties file and add these lines:
oidc.userinfoclaims=xwiki_groups
oidc.groups.mapping=YourXWikiGroup=YourTrustelemGroup
  • The second line must be added for each mapping you want to do

  • On Trustelem, you need to add these lines in the Custom claims script section:

const xwikiGroups: string[]= [];
for(let g in groups) {
  xwikiGroups.push(g);
}
claims["xwiki_groups"] = xwikiGroups;
  • You can also send more attributes to XWiki by adding these lines in the Custom claims script section (one line per attribute sent):
claims["name1"] = user.getAttr("attribute1");
  • These attributes can then be used in XWiki, for example if you want to change usernames to email-attribute1, you’ll need to edit xwiki.properties and write:
oidc.user.nameFormatter=${oidc.user.email}-${oidc.user.name1}