SID-02476: Does SsoLoginContrib support OpenID and Keycloak

Status:	Asked	TWiki version:	6.1.0	Perl version:	5
Category:	CategoryPlugins	Server OS:	Redhat	Last update:	4 years ago

Hi

I would like to configure OpenID authentication on TWiki.

In our OpenId with KeyCloak we are given a ClientID (name of server), ClientSecret ( a key) and the DiscoveryURL (where to login)

I checked out the contrib https://twiki.org/cgi-bin/view/Plugins/SsoLoginContrib. Can I configure this for OpenID and is it still supported? Thanks for your reply

-- Peter Jones - 2021-11-02

Discussion and Answer

I glanced over the KeyCloak docs at https://www.keycloak.org/docs/latest/securing_apps/. They offer OpenID Connect (OIDC, an extension to OAuth 2.0) and SAML 2.0 for SSO. You are likely looking at OIDC. The current SsoLoginContrib is for the older OAuth protocol, so not sure if the extension works for your integration. You can supply multiple headers with a comma list of name, value pairs such as:

$TWiki::cfg{SsoLoginContrib}{VerifyAuthTokenHeader} = 'ClientID, foo, ClientSecret, bar';

-- Peter Thoeny - 2021-11-03

Hi Thanks for the reply. Indeed this relies on OAuth 2.0 support. I will check it out anyway Pete

-- Peter Jones - 2021-11-03

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.