mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-30 23:38:13 +02:00
28 lines
1.0 KiB
Django/Jinja
28 lines
1.0 KiB
Django/Jinja
<?php
|
||
// ### OIDC (PluggableAuth) – BEGIN (managed by Ansible)
|
||
wfLoadExtension( 'PluggableAuth' );
|
||
wfLoadExtension( 'OpenIDConnect' );
|
||
|
||
$wgPluggableAuth_EnableAutoLogin = true; // don’t auto-redirect to IdP
|
||
$wgPluggableAuth_EnableLocalLogin = false; // keep local user/pass login
|
||
$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
|
||
|
||
// PluggableAuth expects a list of providers (numeric array) on REL1_44
|
||
$wgPluggableAuth_Config = [
|
||
[
|
||
'plugin' => 'OpenIDConnect',
|
||
'data' => [
|
||
// For Keycloak, use the REALM URL, e.g. https://auth.example/realms/<realm>
|
||
'providerURL' => '{{ MEDIAWIKI_OIDC_ISSUER }}',
|
||
'clientID' => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
|
||
'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
|
||
'scope' => [ 'openid', 'profile', 'email' ],
|
||
],
|
||
],
|
||
];
|
||
|
||
// Helpful defaults
|
||
$wgOpenIDConnect_UseEmailNameAsUserName = true;
|
||
$wgOpenIDConnect_MigrateUsers = true;
|
||
// ### OIDC (PluggableAuth) – END
|