Wiki.js is an open-source wiki.

See the official Wiki.js website for a complete presentation.

It feature an OpenID Connect login that work with LemonLDAP::NG.

Configuring Wiki.js

Connect to your wiki.js instance with an Admin user, in the admin panel, go to “Authentication”.

Click on “Add Strategy” and Choose “Generic OpenID Connect / OAuth2”.

Choose a Display Name.

Define a Client ID and a Client Secret.

Make a note of the “Callback URL” and the bottom of the screen and save the configuration.

Configuring LemonLDAP

We now have to configure LemonLDAP::NG to recognize wiki.js as a valid OIDC relying party.

Add a new OpenID Connect relying party with the following parameters (Options -> Basic) :

  • Client ID: the same you set in Wiki.js configuration.

  • Client Secret: the same you set in Wiki.js configuration.

  • Allowed redirection addresses for login: The “Callback URL” defined in wiki.js.

Portal with internal CA


OIDC login fails when your LemonLDAP portal doesn’t use a publicaly recognized certificate (Internal Corporate CA), this is because nodejs use it’s own keystore. You’ll need to pass “NODE_EXTRA_CA_CERTS=” to your wiki installation. If done in docker you will have to create a new image from the official one, add your CA certificates into it, and use the env variable to use it in your wiki.js container.