kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 07:18:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
983287a84ac707b6ac7fd44d05968852b19d37cf
computer-playbook/roles/web-app-mediawiki/templates/oidc.php.j2

28 lines
1.0 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// ### OIDC (PluggableAuth) BEGIN (managed by Ansible)
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );
$wgPluggableAuth_EnableAutoLogin = true; // dont auto-redirect to IdP
$wgPluggableAuth_EnableLocalLogin = false; // keep local user/pass login
$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
// PluggableAuth expects a list of providers (numeric array) on REL1_44
$wgPluggableAuth_Config = [
[
'plugin' => 'OpenIDConnect',
'data' => [
// For Keycloak, use the REALM URL, e.g. https://auth.example/realms/<realm>
'providerURL' => '{{ MEDIAWIKI_OIDC_ISSUER }}',
'clientID' => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
'scope' => [ 'openid', 'profile', 'email' ],
],
],
];
// Helpful defaults
$wgOpenIDConnect_UseEmailNameAsUserName = true;
$wgOpenIDConnect_MigrateUsers = true;
// ### OIDC (PluggableAuth) END
Reference in New Issue View Git Blame Copy Permalink