Last modified by Andrey Sytchev on 2023/08/24 08:22

  • Dav Sel
    Dav Sel, 2020/12/21 11:44

    I did this. But what is my xwiki url for the redirection?
    I tried: https://mywiki/xwiki/oidc but I receive a page that this page is not available.

    How do I start the redirect process to the keycloak? The login dialog did not change and shows me still the login form.

  • Dav Sel
    Dav Sel, 2020/12/21 17:03

    Now, I am a step further :-)
    For the import in keycloak I had to remove the line
       "alwaysDisplayInConsole": false
    then the import was possible.

    In xwiki.properties I changed this:
      oidc.endpoint.token.auth_method=client_secret_basic
    to this
      oidc.endpoint.token.auth_method=client_secret_post

    Then the integration with keycloak works. But I have no idea how I setup the user roles/groups. At the moment all users have only the group "XWikiAllGroup". But I need at leastsome administrators.
    What must be configure in the user roles/groups in keycloak?

  • Dav Sel
    Dav Sel, 2020/12/21 17:04

    One more thing I had to configure. In xwiki.cfg I configure this line:
      xwiki.home=https://MYWIKIDOMAIN/
    without this, the redirect url pointed to http://localhost:8080/..... and the call failed on the keycloak server.

    • Jonas
      Jonas, 2021/02/22 08:49

      Thanks for the hint with xwiki.home! I had the same issue that a port 80 (:80) was added to my redirect_uri before (even though https-only) I had changed this...

      Have you figured out how to work out roles/groups to have user/admin roles?

      • Jonas
        Jonas, 2021/02/23 15:07

        I have figured it out: the way I have solved this: In Keycloak -> xwiki Client using a Mapper, User Realm Role, with claim xwiki_goups adds a node xwiki_goups to the access token JSON. It appears that all roles of the user (e.g. assigned trough a group in Keycloak) are added as a group in Xwiki and the user added to the Xwiki groups. The Scoper (within client) settings can be used to filter out any roles that are not to appear as XWiki groups...

  • Andrey Sytchev
    Andrey Sytchev, 2023/08/24 08:22

    Greetings
    From KC I see that authorization passes. At the same time, the user is redirected to an error page in which Tomcat swears at Proxy, but I do not use Proxy. xwiki installed on Ubuntu, Catalina, Tomcat9

Get Connected