OpenID Connect Authenticator

Last modified by Thomas Mortagne on 2017/11/20 00:05

openid_connect_16x16.pngAllow an XWiki instance to authenticate on an OpenID Connect provider
Recommended
TypeJAR
CategoryAuthenticator
Developed by

Thomas Mortagne

Active Installs21
Rating
Rate!
1 Votes
LicenseGNU Lesser General Public License 2.1
Installable with the Extension Manager

Description

Allow an XWiki instance to authenticate on an OpenId Connect provider.

See also OpenID Connect Provider.

oidc_client_provider.png

Release notes can be found on OpenID Connect project page.

Main limitations

Configuration

xwiki.cfg

#-# The authentication management class.
xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl

xwiki.properties

#-# The OpenId Connect base URL of the XWiki instance to use as provider.
#-# See following endpoints properties if the provider is not an XWiki instance.
#-# If not indicated, it will be asked to the user.
# oidc.xwikiprovider=http://www.xwiki.org/xwiki/oidc

#-# The generic OpenId Connect endpoints to use to communicate with the provider.
#-# Not needed in case of XWiki based provider.
# oidc.endpoint.authorization=http://www.xwiki.org/xwiki/oidc/authorization
# oidc.endpoint.token=http://www.xwiki.org/xwiki/oidc/token
# oidc.endpoint.userinfo=http://www.xwiki.org/xwiki/oidc/userinfo

#-# The pattern to use to generate the XWiki user name
#-# The following variables are available:
#-# oidc.user.subject: the unique id of the user in the provider
#-# oidc.user.mail: the mail of the user
#-# oidc.user.familyName : the last name of the user
#-# oidc.user.givenName: the first name of the user
#-# oidc.provider: the URL of the XWiki provider (only when a XWiki provider is used)
#-# oidc.provider.host: the host of the provider URL
#-# oidc.provider.path: the path of the provider URL
#-# oidc.provider.protocol: the protocol (usually https) of the provider URL
#-# oidc.provider.port: the port of the provider URL
#-# oidc.issuer: the issuer URI
#-# oidc.issuer.host: the host of the issuer URI
#-# oidc.issuer.path: the path of the issuer URI
#-# oidc.issuer.scheme: the scheme (usually https) of the issuer URI
#-# oidc.issuer.port: the port of the issuer URI
#-#
#-# The suffix ".clean" can be added to the variable name to get a cleaned value
#-# where ".", ":", ",", "@", "^" characters and "\s" (all forms of white spaces) are removed. 
#-# 
#-# The default is: 
# oidc.user.nameFormater=${oidc.issuer.host.clean}-${oidc.user.subject.clean}

#-# The custom claims to request to the provider for the ID Token
#-#
#-# The default is: 
# oidc.idtokenclaims=xwiki_instance_id

#-# The custom claims to request to the provider for the UserInfo
#-# 
#-# The available custom claims are:
#-# xwiki_user_groups: the groups of a user
#-# xwiki_user_<fieldname>: the suffix to use to request any field in the user profile document 
#-# The default is:
# oidc.userinfoclaims=xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype

#-# The client identifier used by the authentication.
#-# The default is the identifier of the XWiki instance.
# oidc.clientid=

#-# Disable the OpenId Connect authenticator
# oidc.skipped=

Customization

Templates

The authenticator use a template to ask the user for the target provider when it's not provided in the configuration. This template can be overwritten trough the standard template system.

The name of the template is oidc/client/provider.vm.

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager). Note that installing Extensions when being offline is currently not supported and you'd need to use some complex manual method.

You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.


Once you installed the extension you will need to indicate you want to use it as authenticator with the property xwiki.authentication.authclass in xwiki.cfg file. See Configuration section for more details.

Dependencies

Dependencies for this extension (org.xwiki.contrib.oidc:oidc-authenticator 1.6.4):

Tags:
Created by Thomas Mortagne on 2016/05/27 16:29
    

Get Connected