kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 07:18:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd9a9b6d84db8e3324f73e772a4050220de111f0
computer-playbook/roles/web-app-mediawiki/templates/oidc.php.j2
Kevin Veen-Birkenbach dd9a9b6d84 feat(mediawiki): Refactor OIDC + debug; install Composer deps in-container; modularize role 
Discussion: https://chatgpt.com/share/68b10c0a-c308-800f-93ac-2ffb386cf58b

- Split tasks into 01_install, 02_debug, 03_admin, 04_extensions, 05_oidc.
- Ensure unzip+git+composer on demand in the container; run Composer as www-data with COMPOSER_HOME=/tmp/composer.
- Idempotently unpack/install PluggableAuth & OpenIDConnect; run composer install only if vendor/ is missing.
- Add sanity check for Jumbojett\OpenIDConnectClient.
- Copy oidc.php only when changed and append a single require_once to LocalSettings.php.
- Use REL1_44-compatible numeric array for $wgPluggableAuth_Config; set $wgPluggableAuth_ButtonLabelMessage.
- Debug: add debug.php that logs to STDERR (visible via docker logs); toggle cleanly with MODE_DEBUG.
- Enable OIDC feature in config; add paths/OIDC/extension vars in vars/main.yml.

fix(services): include SYS_SERVICE_GROUP_CLEANUP in StartPre lock (ssd-hdd, docker-hard).

fix(desktop/joomla): simplify MODE_DEBUG templating.

chore: minor cleanups and renames.
2025-08-29 04:10:46 +02:00

28 lines
1.0 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// ### OIDC (PluggableAuth) BEGIN (managed by Ansible)
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );
$wgPluggableAuth_EnableAutoLogin = false; // dont auto-redirect to IdP
$wgPluggableAuth_EnableLocalLogin = true; // keep local user/pass login
$wgPluggableAuth_ButtonLabelMessage = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
// PluggableAuth expects a list of providers (numeric array) on REL1_44
$wgPluggableAuth_Config = [
[
'plugin' => 'OpenIDConnect',
'data' => [
// For Keycloak, use the REALM URL, e.g. https://auth.example/realms/<realm>
'providerURL' => '{{ MEDIAWIKI_OIDC_ISSUER }}',
'clientID' => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
'scope' => [ 'openid', 'profile', 'email' ],
],
],
];
// Helpful defaults
$wgOpenIDConnect_UseEmailNameAsUserName = true;
$wgOpenIDConnect_MigrateUsers = true;
// ### OIDC (PluggableAuth) END
Reference in New Issue View Git Blame Copy Permalink