wikijs v2.x: Documentation about SAML authentication
closed
P
P.M.
I could configure Wiki.js with Keycloak over open-idc. But there is no doc / sample config for configuring Wiki.js with SAML.
1) Which SAML2 IDP product is supported?
I tried to setup with https://keycloak-hostname/auth/realms/master/protocol/saml as Entry Point but it is not working.
Also tried Ipsilon but not working too.
2) For some IDP/SP products/applications, they provide a method to export the XML for importing in another product. I hope wiki.js would add it too.
Scott Dunt
I was finally able to setup wIKI.JS SAML to Azure AD using the WikiJS SAML provider. (the native Azure AD provider is broken on Chrome browsers)
- We used the ./mellon_create_metadata.sh tool to create an XML Metadata file to upload to Azure AD, I did not need the certificates it created:
```./mellon_create_metadata.sh https://My.Wikidocs.com https://My.Wikidocs.com/login/<SNIP>/callback [Callback URL / Redirect URI] from Wiki admin page
1a. Uploaded XML file to AzureAD. No other configurations made..
ON Wiki JS 'SAML' configuration screen:
- I downloaded the Azure 'SAML Signing Certificate (Base64)' and pasted the content into the WikiJS 'Certificate' field.
- I set the 'Entry point' on WikiJS = Azure AD 'Login URL' = https://login.microsoftonline.com/<SNIP>/saml2
- set WikiJS 'Issuer' = WikiJS Host Name = https://My.Wikidocs.com
- Set Signature Algorithm = sha256
- Disable Requested Auth Context 'This is known to help when authenticating against Active Directory (AD FS) servers.'
- Set 'Request Binding = HTTP-Redirect
- Add users to 'Enterprise application' on Azure AD..
Ernie Costa
Scott Dunt just an FYI for others who are using the 9 year old shell script, it will fail to generate the XML file in newer builds of Ubuntu (ex - Jammy) because of a bug in libapache2-mod-auth-mellon, more specifically in the way it configures openssl to generate its certificate.
Long story short, use this script which has been updated to work correctly:
https://github.com/latchset/mod_auth_mellon/blob/main/mellon_create_metadata.sh
Nicolas Giard
closed
As mentionned in https://docs.requarks.io/auth/saml, I'm not knowledgeable on SAML or how to configure it. Wiki.js simply implement the passport-saml module as-is.
Unless someone is willing to write and submit docs for SAML, there's not much I can document on my side.