I’ve tried to connect XWiki with Keycloak Web-SSO as application.
Can someone explain me how I can access existing users/user rights as IdP in the application “XWiki” after successful login/authentication in Keycloak and how the mapping between the Keycloak user and the users of the application works/is done?
Has anyone here been able to successfully connect XWiki using OpenID Connect or as alternative also SAML 2.0?
If you edit a user created by the OpenID Connect authenticator with the object editor you will notice it contain a XWiki.OIDC.UserClass object with the “issuer” and the “subject”. That’s currently what this authenticator uses to identify a user profile. So one way to reuse the existing profile is to create this kind of objects and set the right issue and subject in them.
@tmortagne many thanks for your reply, I’ll try that in my running configuration of keyclaok and xwiki.
Otherwise I’ld contact once again
Is there any experience using the XWiki extension “OpenID Connect Authenticator” using the OpenID Connect protocol with Keycloak or other SSO/IAM systems?
Does XWiki also support SAML or other alternative protocols?
your_role is a realm role that your user in keycloak must have to login through the keycloak adapter
also xwiki.cfg will need xwiki.authentication.authclass=com.xwiki.authentication.keycloak.XWikiKeycloakAuthenticator
Then you probably have to change a bit the extension of their github to fit your needs
You should probably fork it as well, upgrade pom to your xwiki version fix java issues due to the upgrade to last version of xwiki and then recompile it to be installed in your wiki.
It’s not really an easy works especially rebuild and deploy your own version of the extension but I hope this information will save you a few days of additional work.