Wiki.js is an open-source wiki.
See the official Wiki.js website for a complete presentation.
It feature an OpenID Connect login that work with LemonLDAP::NG.
Connect to your wiki.js instance with an Admin user, in the admin panel, go to “Authentication”.
Click on “Add Strategy” and Choose “Generic OpenID Connect / OAuth2”.
Choose a Display Name.
Define a Client ID and a Client Secret.
Authorization Endpoint URL : https://auth.example.com/oauth2/authorize
Token Endpoint URL : https://auth.example.com/oauth2/token
User info Endpoint URL : https://auth.example.com/oauth2/userinfo
Issuer : https://auth.example.com
Logout URL : https://auth.example.com/oauth2/logout
Make a note of the “Callback URL” and the bottom of the screen and save the configuration.
We now have to configure LemonLDAP::NG to recognize wiki.js as a valid OIDC relying party.
Add a new OpenID Connect relying party with the following parameters (Options -> Basic) :
Client ID: the same you set in Wiki.js configuration.
Client Secret: the same you set in Wiki.js configuration.
Allowed redirection addresses for login: The “Callback URL” defined in wiki.js.
Portal with internal CA¶
OIDC login fails when your LemonLDAP portal doesn’t use a publicaly recognized certificate (Internal Corporate CA), this is because nodejs use it’s own keystore. You’ll need to pass “NODE_EXTRA_CA_CERTS=” to your wiki installation. If done in docker you will have to create a new image from the official one, add your CA certificates into it, and use the env variable to use it in your wiki.js container.