OpenID Connect Provider
 | Allow XWiki to act as an OpenID Connect provider |
| Type | JAR |
| Category | |
| Developed by | |
| Support |
XWiki SAS
Community:
|
| Active Installs | 49 |
| Rating | |
| License | GNU Lesser General Public License 2.1 |
| Compatibility | XWiki 14.10.2+ is required. |
Table of contents
Description
Allow XWiki to act as an OpenID Connect provider.
See also OpenID Connect Authenticator.
Token-based access
See Token Authenticator.
Endpoints
Provider metadata
path: /oidc/ or /oidc/.well-known/openid-configuration
Authorization
path: /oidc/authorization
The entry point to authenticate a user and authorize the client to access the provider.
Supported methods:
Token
path: /oidc/token
Supported grand types:
- authorization_code: generate an access token from the authorization code provided by the authorization endpoint
UserInfo
path: /oidc/userinfo
Return information about the user.
Supported claims:
- core OpenID Connect claims
- xwiki_groups: the names (without the wiki and the XWiki space parts) of the groups of the user
- xwiki_user_<fieldname>: pattern used to access any field of the user document (search in the XWikiUsers object and then in the whole user document)
JWK
path: /oidc/jwk
Logout
path: /oidc/logout
Register
path: /oidc/register
Configuration
The provider can be configured in xwiki.properties file:
#-# Indicate the format of the subject (unique identifier) to return for a user.
#-# Can be one of the following:
#-# * FULL: the default, return the full reference of the XWiki user (xwiki:XWiki:MyUser)
#-# * LOCAL: return the local reference without the "XWiki" space part (MyUser)
# oidc.provider.subFormat=LOCALExample with specific systems
Customization
Templates
The provider use one template to ask the user for his consent. This template can be overwritten through the standard template system.
The name of the template is oidc/provider/consent.vm.
Short URLs
If you use short URL setup you will have to make sure to add "oidc" to the known entry points (same as "webjars" for example).
Prerequisites & Installation Instructions
We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).
You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.
Versions
Dependencies
Dependencies for this extension (org.xwiki.contrib.oidc:oidc-provider 2.23.0):
- org.xwiki.platform:xwiki-platform-oldcore 14.10.2
- org.xwiki.platform:xwiki-platform-container-servlet 14.10.2
- org.xwiki.contrib.oidc:oidc-api 2.23.0
- com.nimbusds:oauth2-oidc-sdk 11.37.2
- com.nimbusds:nimbus-jose-jwt 10.9
- org.xwiki.platform:xwiki-platform-instance 14.10.2
- org.xwiki.platform:xwiki-platform-uiextension-api 14.10.2
- org.xwiki.platform:xwiki-platform-localization-macro 14.10.2
- org.xwiki.platform:xwiki-platform-rendering-macro-velocity 14.10.2
- org.xwiki.platform:xwiki-platform-rendering-macro-code 14.10.2
- org.xwiki.contrib.oidc:oidc-consent 2.23.0
- org.xwiki.contrib.oidc:token-authenticator 2.23.0
