Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:2.0:single_sign_on:oidc_dokuwiki [2025/05/05 19:51] kainhoferen:2.0:single_sign_on:oidc_dokuwiki [2025/05/05 20:19] (current) kainhofer
Line 37: Line 37:
  
 First, one has to copy over the OpenID endpoint URLs from Admidio's OpenID preferences (each URL has a copy button). You can find them here: First, one has to copy over the OpenID endpoint URLs from Admidio's OpenID preferences (each URL has a copy button). You can find them here:
-{{ :en:2.0:single_sign_on:sso_oidc_01-01_setup_admidio_endpoints.png?direct&600 |}}+{{ :en:2.0:sso:sso_oidc_01-01_setup_admidio_endpoints.png?direct&600 |}}
  
 ==== Setting up the Client (SP) in Admidio ==== ==== Setting up the Client (SP) in Admidio ====
Line 67: Line 67:
 The settings done above in the graphical interface could also be done in the ''conf/local.php'' config file of DokuWiki. The corresponding settings would look like this: The settings done above in the graphical interface could also be done in the ''conf/local.php'' config file of DokuWiki. The corresponding settings would look like this:
  
-<code>+<code php>
 $conf['authtype'] = 'oauth'; $conf['authtype'] = 'oauth';
 $conf['superuser'] = '@admin'; $conf['superuser'] = '@admin';
Line 91: Line 91:
 {{ :en:2.0:sso:sso_oidc_04-08_dw_login.png?direct&400 |}} {{ :en:2.0:sso:sso_oidc_04-08_dw_login.png?direct&400 |}}
 {{ :en:2.0:sso:sso_oidc_04-09_dw_admidio_login.png?direct&400 |}} {{ :en:2.0:sso:sso_oidc_04-09_dw_admidio_login.png?direct&400 |}}
- +{{ :en:2.0:sso:sso_oidc_04-10_dw_login_success.png?direct&400 |}}
-<WRAP center round todo 60%> +
-TODO: Success! +
-{{ :en:2.0:sso:sso_saml_04-10_dw_login_success.png?direct&400 |}} +
-{{ :en:2.0:sso:sso_saml_04-11_dw_login_success_groups.png?direct&400 |}} +
-</WRAP> +
  
  
 ==== Caveats and Things to Consider ==== ==== Caveats and Things to Consider ====
  
 +  * DokuWiki allows **admin login** through OpenID by assigning the **group 'admin'** in the group mapping.
   * DokuWiki will convert all group names to lowercase. This is a general restriction in DokuWiki and not specific to OpenID.   * DokuWiki will convert all group names to lowercase. This is a general restriction in DokuWiki and not specific to OpenID.
 +  * DokuWiki will match its accounts using the email provided in the OpenID token, even when a different user id field is selected. E.g. if a local user 'dale' with email 'dale@example.com' already exists, and a new OpenID login from user 'dale' with email 'dale.baade@example.com' occurs, DokuWiki will treat these as two separate users (and modify the username of the newly created user to 'dale1')!
 +  * DokuWiki controls **login permissions for OpenID** with a **group 'generic' assigned to a user**. If local accounts already exist, one needs to add them to the 'generic' group, otherwise login with OpenID is not possible and the following error message will be shown:{{ :en:2.0:sso:sso_oidc_04-10_dw_error_group.png?direct |}} To fix this, add the user to the 'generic' group: {{ :en:2.0:sso:sso_oidc_04-11_dw_generic_group.png?direct&600 |}}
  • en/2.0/single_sign_on/oidc_dokuwiki.1746467497.txt.gz
  • Last modified: 2025/05/05 19:51
  • by kainhofer