OpenID Connect

Last modified by Thomas Mortagne on 2018/08/02 17:31

Various tools to manipulate OpenID Connect protocol in XWiki


This project has two main goals:

  1. make as easy as possible to use an XWiki instance as identity provider for another XWiki instance
  2. make XWiki support what is becoming the most standard identity protocol on Internet both as a provider for other applications and as a client of reference identity providers

License: GNU Lesser General Public License 2.1

OpenID Connect


OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.

See for a set of answers to Frequently Asked Questions about OpenID Connect.

This project is relying on Nimbus OAuth 2.0 SDK with OpenID Connect extensions for its implementation which among other things offers parsers and processors for OpenID Connect request/responses in Java.

The modules

Release Notes

All release notes


  • Closed OIDC-51 Add support for group membership synchronization


  • Closed OIDC-48 Authenticator and provider default templates are not loaded anymore


  • Closed OIDC-47 Upgrade to XWiki 8.4.x
  • Closed OIDC-35 Upgrade to oauth2-oidc-sdk 5.44


  • Closed OIDC-45 Possible NullPointerException when the provider send user info without any email
  • Closed OIDC-44 oidc.user.nameFormater configuration is not taken into account


  • Closed OIDC-43 Provider sometime find consent coming from a different user


  • Closed OIDC-42 OpenID Connect clients might be wrongly recognized as simple OAuth2 clients


  • Closed OIDC-40 No mail information sent with OAuth2 client


  • Closed OIDC-39 Add support for OAuth 2 in the provider


  • Closed OIDC-37 Remove the workaround for XWIKI-13456
Created by Thomas Mortagne on 2016/06/03 16:45

Get Connected