fix(xwiki): use proper InstallRequest XML format for extension installation

- Replace custom <request> with class='org.xwiki.extension.job.InstallRequest'
- Use loop over extensions_to_install to build <extensionId> list
- Move namespace into <namespaces><string>wiki:xwiki</string>
- Remove unused <id>/<jobType> from root
- Ensure installDependencies, interactive, verbose inside request
- Fixes issue where server echoed <rest><list/> instead of actual extensions

roles/sys-stk-front-proxy/defaults/main.yml

@@ -2,4 +2,7 @@
 vhost_flavour:        "basic"               # valid: basic, ws_generic
 
 # build the full template path from the flavour
-vhost_template_src:   "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"
+vhost_template_src:   "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"
+
+# Enable / Disable Proxy during development, for faster Debugging
+SYS_STK_FRONT_PROXY_ENABLED: true

roles/sys-stk-front-proxy/tasks/01_base.yml

@@ -0,0 +1,42 @@
+- block:
+  - name: Include dependency 'sys-svc-proxy'
+    include_role:
+      name: sys-svc-proxy
+    when: run_once_sys_svc_proxy is not defined
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_stk_front_proxy is not defined
+
+- include_tasks: "02_cloudflare.yml"
+  when: DNS_PROVIDER == "cloudflare"
+
+- include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
+  vars:
+    handler_role_name: "svc-prx-openresty"
+
+- name: "include role for {{ domain }} to receive certificates and do the modification routines"
+  include_role:
+    name: sys-util-csp-cert
+
+- name: "Copy nginx config to {{ configuration_destination }}"
+  template:
+    src: "{{ vhost_template_src }}"
+    dest: "{{ configuration_destination }}"
+  register: nginx_conf
+  notify: restart openresty
+
+- block:
+  - name: "Check if {{ domains | get_domain(application_id) }} is reachable (only if config unchanged)"
+    uri:
+      url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+    register: site_check
+    failed_when: false
+    changed_when: false
+
+  - name: Restart nginx if site is down
+    command:
+      cmd: "true"
+    notify: restart openresty
+    when:
+    - site_check.status is defined
+    - not site_check.status in [200,301,302]
+  when: not nginx_conf.changed

roles/sys-stk-front-proxy/tasks/main.yml

@@ -1,42 +1,3 @@
-- block:
-  - name: Include dependency 'sys-svc-proxy'
-    include_role:
-      name: sys-svc-proxy
-    when: run_once_sys_svc_proxy is not defined
-  - include_tasks: utils/run_once.yml
-  when: run_once_sys_stk_front_proxy is not defined
-
-- include_tasks: "01_cloudflare.yml"
-  when: DNS_PROVIDER == "cloudflare"
-
-- include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
-  vars:
-    handler_role_name: "svc-prx-openresty"
-
-- name: "include role for {{ domain }} to receive certificates and do the modification routines"
-  include_role:
-    name: sys-util-csp-cert
-
-- name: "Copy nginx config to {{ configuration_destination }}"
-  template:
-    src: "{{ vhost_template_src }}"
-    dest: "{{ configuration_destination }}"
-  register: nginx_conf
-  notify: restart openresty
-
-- block:
-  - name: "Check if {{ domains | get_domain(application_id) }} is reachable (only if config unchanged)"
-    uri:
-      url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
-    register: site_check
-    failed_when: false
-    changed_when: false
-
-  - name: Restart nginx if site is down
-    command:
-      cmd: "true"
-    notify: restart openresty
-    when:
-    - site_check.status is defined
-    - not site_check.status in [200,301,302]
-  when: not nginx_conf.changed
+- name: "Load Proxy procedures if Proxy is enabled"
+  include_tasks: "01_base.yml"
+  when: SYS_STK_FRONT_PROXY_ENABLED | bool

roles/web-app-xwiki/templates/installjobrequest.xml.j2

@@ -1,27 +1,27 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!--
+  InstallRequest for the XWiki Extension Manager.
+
+  We MUST render from the computed `extensions_to_install` list
+  (not from raw feature flags), otherwise an empty <list/> is sent
+  and nothing is installed.
+-->
 <jobRequest xmlns="http://www.xwiki.org">
-  <id>install-extensions</id>
-  <jobType>install</jobType>
-  <request>
-    <namespace>wiki:xwiki</namespace>
+  <request class="org.xwiki.extension.job.InstallRequest">
+    <extensions>
+      {% for ext in extensions_to_install %}
+      <extensionId>
+        <id>{{ ext.id }}</id>
+        <version>{{ ext.version }}</version>
+      </extensionId>
+      {% endfor %}
+    </extensions>
+    <namespaces>
+      <!-- Install on the main wiki -->
+      <string>wiki:xwiki</string>
+    </namespaces>
+    <installDependencies>true</installDependencies>
     <interactive>false</interactive>
     <verbose>true</verbose>
-    <installDependencies>true</installDependencies>
-    <extensions>
-      {% if XWIKI_LDAP_ENABLED | bool %}
-      <extension>
-        <id>{{ XWIKI_EXT_LDAP_ID }}</id>
-        <version>{{ XWIKI_EXT_LDAP_VERSION }}</version>
-        <namespace>wiki:xwiki</namespace>
-      </extension>
-      {% endif %}
-      {% if XWIKI_OIDC_ENABLED | bool %}
-      <extension>
-        <id>{{ XWIKI_EXT_OIDC_ID }}</id>
-        <version>{{ XWIKI_EXT_OIDC_VERSION }}</version>
-        <namespace>wiki:xwiki</namespace>
-      </extension>
-      {% endif %}
-    </extensions>
   </request>
 </jobRequest>

roles/web-app-xwiki/templates/xwiki.properties.j2

@@ -1,5 +1,7 @@
 ############################################
 # OIDC
+# Render this block only while the OIDC switch is ON in _flush_config.yml.
+# During bootstrap we keep it OFF to avoid ClassNotFoundException before the extension is installed.
 {% if xwiki_oidc_enabled_switch | bool %}
 oidc.provider={{ XWIKI_OIDC_PROVIDER }}
 oidc.endpoint.authorization={{ XWIKI_OIDC_AUTHORIZATION }}
@@ -17,18 +19,22 @@ oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 
 ############################################
 # Distribution Wizard (bootstrap)
+# Render this block only during bootstrap when we temporarily enable the superadmin.
 {% if xwiki_superadmin_enabled_switch | bool %}
-# Start DW automatisch und ohne Interaktion
+# Start DW automatically and non-interactively
 distribution.automaticStartOnMainWiki=true
 distribution.automaticStartOnWiki=true
 distribution.job.interactive=false
-# Standard-Flavor für Main Wiki (XWiki Standard)
+# Default flavor for main wiki
 distribution.defaultUI=org.xwiki.platform:xwiki-platform-distribution-flavor-mainwiki
 {% endif %}
 
-# Keep data in the Docker volume
+# Persist data in the Docker volume
 environment.permanentDirectory=/usr/local/xwiki/data
 
-# Make sure Extension Manager can fetch artifacts
-extension.repositories=xwiki-public:maven:https://nexus.xwiki.org/nexus/content/groups/public/
-extension.repositories=central:maven:https://repo1.maven.org/maven2/
+# Make sure Extension Manager can fetch artifacts.
+# IMPORTANT:
+# - Java .properties does NOT support "+=" append. Only the LAST assignment wins.
+# - Use a SINGLE line with comma-separated repositories.
+# - The OIDC authenticator lives in xwiki-public. Without it, resolution fails.
+extension.repositories=xwiki-public:maven:https://nexus.xwiki.org/nexus/content/groups/public/,central:maven:https://repo1.maven.org/maven2/