$wgOAuth2Client = 'openid email profile' //Permissions $wgOAuth2Client = 'email' // JSON path to email $wgOAuth2Client = 'preferred_username' // JSON path to username $wgOAuth2Client = ' // URL for OAuth2 server to redirect to $wgOAuth2Client = ' // URL to fetch user JSON $wgOAuth2Client = 'mediawiki' // The client ID assigned to you by the provider # OAuth2 Settings - you get these from Keycloak when you configure a client CustomSettings.php '"/usr/bin/convert" -background white -geometry $width $input $output', env settings.Īt this stage it won’t have the completed OAuth2 setup as we need to add in a CustomSettings.php file that contains all the additions we need. This will create the database and add a default user in based on your MEDIAWIKI_USERNAME and MEDIAWKI_PASSWORD. RUN cd /opt/bitnami/mediawiki/extensions & \īefore running it do a build, a pull and then bring it up: docker-compose build & \ RUN install_packages imagemagick librsvg2-bin git unzip You’ll notice I’m big on environment variables and most of the config comes from a. The extension is “unstable” at this point and needs some fettling.īecause I’m using the Bitnami docker image I had to use a docker-compose.yml that builds the image with the extras I want. It may become more elegant later, but this process works. I also needed to pull in the OAuth2 Client extension, and that needed git and unzip to handle that. Makes things much nicer if we’re holding vector images for many of our diagrams. I wanted this so I could include SVG image files into the system. Rather than relying on the same passwords and having to type the same credentials time and again, into various corporate applications, we can now setup the application with a client in keycloak and use tokens across authentication our landscape.Īs we use MediaWiki for the bulk of our corporate knowledge it made sense to add in Single Sign On.īuilding the MediaWiki docker image required a tweak to allow us to incorporate ImageMagick. Keycloak provides the bridge between OAuth2/SAML and LDAP authentication. Thus, indexed pages are visible to all users in the organization.With a move to a more joined up authentication using Single Sign On (SSO) I deployed a Keycloak service in a docker container – that should probably form part of a later article. Doesn't support Access Control Lists (ACLs).Indexes only Main, Category, and File namespaces. Doesn't support namespace selection for indexing.Supports only Basic or OAuth 2.0 with Azure Active Directory or Azure authentication.The MediaWiki connector has these limitations in the preview release: Step 8: Review connectionįollow the general setup instructions. Step 7: Choose refresh settingsįollow the general setup instructions. Step 6: Manage schemaįollow the general setup instructions. Step 5: Assign property labelsįollow the general setup instructions. Indexed data appears in the search results and is visible to all users in the organization. The MediaWiki connector only supports search permissions visible to Everyone. You will also need to provide the Client ID and Client secret generated on the AAD Application registration page. If you choose OAuth 2.0 AAD as the Authentication type, you will need to provide the Resource ID of the wiki installation. If you choose Basic as the Authentication type, you will need to provide the Username and Password for the wiki. Step 3: Configure the connection settingsĮnter your Wiki URL and choose the Authentication type from the drop-down menu of options. Step 2: Name the connectionįollow the general setup instructions. Step 1: Add a connector in the Microsoft 365 admin centerįollow the general setup instructions. This article also includes information about Limitations. It supplements the general setup process, and shows instructions that apply only for the MediaWiki connector. This article is for anyone who configures, runs, and monitors a MediaWiki connector. Read the Set up Microsoft Graph connectors in the Microsoft 365 admin center article to understand the general Microsoft Graph connectors setup instructions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |