From version 19.6
edited by Thomas Mortagne
on 2018/12/24 00:21
To version 20.1
edited by Thomas Mortagne
on 2019/01/04 17:21
Change comment: There is no comment for this version

Summary

Details

ExtensionCode.ExtensionClass[0]
Description
... ... @@ -62,10 +62,15 @@
62 62  #-# The default is the automatically generated unique id of the XWiki instance.
63 63  # oidc.idtokenclaims=xwiki_instance_id
64 64  
65 +#-# The name of the claim used to get the list of group the user belong to
66 +#-#
67 +#-# The default is:
68 +# oidc.groups.claim=xwiki_groups
69 +
65 65  #-# The custom claims to request to the provider for the UserInfo
66 66  #-#
67 67  #-# The available custom claims are:
68 -#-# xwiki_groups: the groups a user belong to in the provider (see "Group synchronization" section for more details)
73 +#-# xwiki_groups (or whatever you indicated in oidc.groups.claim): the groups a user belong to in the provider (see "Group synchronization" section for more details)
69 69  #-# xwiki_user_<fieldname>: the suffix to use to request any field in the user profile document (generally when the provider is XWiki)
70 70  #-# The default is:
71 71  # oidc.userinfoclaims=xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype
... ... @@ -74,7 +74,23 @@
74 74  #-# The default is the identifier of the XWiki instance.
75 75  # oidc.clientid=
76 76  
82 +#-# Receiving a groups list is enough to enable group synchronization but you might need to configure XWiki groups names different from the remote groups names.
83 +#-#
84 +# oidc.groups.mapping=MyXWikiGroup=my-oidc-group
85 +# oidc.groups.mapping=MyXWikiGroup2=my-oidc-group2
86 +# oidc.groups.mapping=MyXWikiGroup2=my-oidc-group3
87 +
88 +#-# The groups the user need to belong to be allowed to authenticate.
89 +#-# Not taken into account if not set or empty.
90 +#-#
91 +# oidc.groups.allowed=
92 +
93 +#-# If the user belong to one of these groups it won't be allowed to authenticate
94 +#-#
95 +# oidc.groups.forbidden=
96 +
77 77  #-# Disable the OpenId Connect authenticator
98 +#-#
78 78  #-# The default is:
79 79  # oidc.skipped=false
80 80  {{/code}}

Get Connected