# XWiki

#### XWiki Configuration

* Note: the following applies to Windows configuration

* Log into your XWiki admin account and go to the Administer Wiki section

* Go to the Extensions tab and install the OpenID Connect Authenticator extension

* Edit the XWiki.cfg file and write the following line :

```exp
xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
```

* Edit the XWiki.properties file and write the following lines:

```exp
oidc.xwikiprovider=https://mydomain.trustelem.com/app/150XXX
oidc.endpoint.authorization=https://mydomain.trustelem.com/app/150XXX/auth
oidc.endpoint.token=https://mydomain.trustelem.com/app/150XXX/token
oidc.endpoint.userinfo=https://mydomain.trustelem.com/app/150XXX/userinfo
oidc.scope=openid,profile,email
oidc.endpoint.userinfo.method=GET

oidc.user.nameFormater=${oidc.user.email}
oidc.user.subjectFormater=${oidc.user.subject}

oidc.clientid=trustelem.oidc.gvsteodb
oidc.secret=v0x8W4Gx97uycjBs18xeA5f6fkp2wyIY
oidc.endpoint.token.auth_method=client_secret_basic
oidc.skipped=false
```

* Reboot your XWiki server to take modifications into account

#### Notes

* This documentation applies if you have the standard flavor. If you have another flavor, the graphical user interface may differ

* oidc.scope parameter can be adapted to suit your needs

* For SSO to work with existing users, the field User on XWiki has to match their Trustelem email

* To disable Single Sign-On, change the oidc.skipped=false line to oidc.skipped=true

#### Trustelem Configuration

* On Trustelem, write your XWiki server URL in the corresponding field

#### Roles Configuration

* If you want to map your Trustelem roles with XWiki's ones you need to edit the XWiki.properties file and add these lines:

```exp
oidc.userinfoclaims=xwiki_groups
oidc.groups.mapping=YourXWikiGroup=YourTrustelemGroup
```

* The second line must be added for each mapping you want to do

* On Trustelem, you need to add these lines in the Custom claims script section:

```ts
const xwikiGroups: string[]= [];
for(let g in groups) {
  xwikiGroups.push(g);
}
claims["xwiki_groups"] = xwikiGroups;
```

* You can also send more attributes to XWiki by adding these lines in the Custom claims script section (one line per attribute sent):

```ts
claims["name1"] = user.getAttr("attribute1");
```

* These attributes can then be used in XWiki, for example if you want to change usernames to email-attribute1, you'll need to edit xwiki.properties and write:

```exp
oidc.user.nameFormatter=${oidc.user.email}-${oidc.user.name1}
```