X-Wiki

Presentation

XWiki is a free wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing, OpenDocument based document import/export, semantic annotations and tagging, and advanced permissions management.

Configuration

The integration with LL::NG is the following:

  • LemonLDAP::NG is configured as a reverse-proxy for xwiki
  • Xwiki is configured to accept HTTP Headers

Xwiki virtual host

Apache

You will configure Xwiki virtual host like other protected virtual host.

This is an example, with https and speaking to xwiki via AJP.

<VirtualHost *:80>
    ServerName wiki.acme.fr
    Redirect / https://wiki.acme.fr/
</VirtualHost>
 
<VirtualHost *:443>
    ServerName wiki.acme.fr
 
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/wildcard.acme.fr.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/wildcard.acme.fr.key
    SSLCertificateChainFile /etc/pki/tls/certs/CLASS_2_ACME_CA.crt
    SSLOptions +StdEnvVars
    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder     on
    SSLCompression          off
 
    PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
 
    RewriteEngine on
    RewriteRule ^/$ /xwiki/ [R]
 
    ProxyPreserveHost On
    ProxyRequests On
 
    ProxyPass / ajp://192.168.11.130:8009/
    ProxyPassReverse / ajp://192.168.11.130:8009/
 
    ErrorLog /var/log/httpd/wiki_error.log
    CustomLog /var/log/httpd/wiki_access.log combined
</VirtualHost>

Xwiki virtual host in Manager

Go to the Manager and create a new virtual host for Xwiki.

Configure the access rules.

Configure the headers:

  • remote_user: $uid
  • remote_groups: encode_base64($groups,'')

Xwiki Configuration

xwiki.authentication.authclass=org.xwiki.contrib.authentication.XWikiTrustedAuthenticator
xwiki.authentication.trusted.adapterHint=headers
xwiki.authentication.trusted.auth_field=remote_user
xwiki.authentication.trusted.group_field=remote_groups
xwiki.authentication.trusted.logout_url=https://auth.acme.fr/#logout