Implementation of SSO for DokuWiki with Google login

 0 Inventory

• OS debian
• Apache httpd
• Apache httpd module: lipapache2-mod-auth-openidc
• DokuWiki
• DokuWiki auth plugin: authserversso

1 Apache configuration

1.1 Install

apt -y update

apt install -y libapache2-mod-auth-openidc

1.2 Configuration

/etc/apache2/mods-enabled/auth_openidc.conf

OIDCClientID ****.apps.googleusercontent.com

OIDCClientSecret GOCSPX-U****

OIDCScope "openid email profile"

OIDCRedirectURI https://wiki.linuxexam.net/protected/redirect_uri

OIDCCryptoPassphrase ****

OIDCXForwardedHeaders X-Forwarded-Proto

<Location /protected/>

   AuthType openid-connect

   Require valid-user

</Location>

<Location />

   AuthType openid-connect

   Require valid-user

</Location>

2 DokuWiki configuration

2.1 Install

Install Plugin authserversso.

2.2 Configure authserverssso

Configure authserversso to consume OIDC claims.

unique id: "OIDC_CLAIM_email"

user email: "OIDC_CLAIM_email"

user real name: "OIDC_CLAIM_name"

Configure the file to save users: "/var/www/html/conf/users.auth.php".

2.3 Precreate an google user as admin

The username is mapped from gmail account. For example, the user name for "xxx@gmail.com" would be "xxx_gmail.com".

After DokuWiki installation, an admin user is already created in users.auth.php. Change its name to "xxx@gmail.com", so you don't lose admin when you switch authn to SSO.

xxx_gmail.com:...:xxx@gmail.com:admin

2.4 Switch to authserversso

Now your DokuWiki is ready to SSO with google accounts.

Login with "xxx@gmail.com".