| Both sides previous revision Previous revision | |
| en:2.0:single_sign_on:oidc_dokuwiki [2025/05/05 20:15] – kainhofer | en:2.0:single_sign_on:oidc_dokuwiki [2025/05/05 20:19] (current) – kainhofer |
|---|
| |
| First, one has to copy over the OpenID endpoint URLs from Admidio's OpenID preferences (each URL has a copy button). You can find them here: | First, one has to copy over the OpenID endpoint URLs from Admidio's OpenID preferences (each URL has a copy button). You can find them here: |
| {{ :en:2.0:single_sign_on:sso_oidc_01-01_setup_admidio_endpoints.png?direct&600 |}} | {{ :en:2.0:sso:sso_oidc_01-01_setup_admidio_endpoints.png?direct&600 |}} |
| |
| ==== Setting up the Client (SP) in Admidio ==== | ==== Setting up the Client (SP) in Admidio ==== |
| * DokuWiki will convert all group names to lowercase. This is a general restriction in DokuWiki and not specific to OpenID. | * DokuWiki will convert all group names to lowercase. This is a general restriction in DokuWiki and not specific to OpenID. |
| * DokuWiki will match its accounts using the email provided in the OpenID token, even when a different user id field is selected. E.g. if a local user 'dale' with email 'dale@example.com' already exists, and a new OpenID login from user 'dale' with email 'dale.baade@example.com' occurs, DokuWiki will treat these as two separate users (and modify the username of the newly created user to 'dale1')! | * DokuWiki will match its accounts using the email provided in the OpenID token, even when a different user id field is selected. E.g. if a local user 'dale' with email 'dale@example.com' already exists, and a new OpenID login from user 'dale' with email 'dale.baade@example.com' occurs, DokuWiki will treat these as two separate users (and modify the username of the newly created user to 'dale1')! |
| * DokuWiki controls **login permissions for OpenID** with a **group 'generic' assigned to a user**. If local accounts already exist, one needs to add them to the 'generic' group, otherwise login with OpenID is not possible and the following error message will be shown:{{ :en:2.0:single_sign_on:sso_oidc_04-10_dw_error_group.png?direct |}} To fix this, add the user to the 'generic' group: {{ :en:2.0:sso:sso_oidc_04-11_dw_generic_group.png?direct&600 |}} | * DokuWiki controls **login permissions for OpenID** with a **group 'generic' assigned to a user**. If local accounts already exist, one needs to add them to the 'generic' group, otherwise login with OpenID is not possible and the following error message will be shown:{{ :en:2.0:sso:sso_oidc_04-10_dw_error_group.png?direct |}} To fix this, add the user to the 'generic' group: {{ :en:2.0:sso:sso_oidc_04-11_dw_generic_group.png?direct&600 |}} |
