Learn about DokuWiki
Learn about DokuWiki
Compatible with DokuWiki
Similar to authad
This plugin has been tested with ADFS and SimpleSAMLphp. It should work with other SAML2 compatible Identity Providers.
The plugin was tested with Windows Server 2008. Please note that there is an updated version of the Federation Services for Windows Server 2008 that have to be downloaded separately: Download them from Microsoft.
Run the installer and follow the wizard to set up the Federation Services, IIS and the needed certificate. For real world use a certificate signed by a well-known Authority is recommended but not needed. A self-signed one will work too.
Your wiki has to be SSL secured as well! ADFS will refuse to work without SSL! A browser accepted certificate is highly recommended.
Once the services are set up, add a new Relying Party Trust in the ADFS snap-in.
For configuration use the following Federation metadata address:
yourwiki is your wiki server's address of course.
Enter any name and description, and select Permit all users to access this relying party.
Finally run the Edit Claim Rules dialog. Add a new “Issuance Transform Rule” and pick “Send LDAP Attributes as Claims”. Add the following:
There are two settings to configure in the Configuration Manager:
endpointthis is where your ADFS server provides the SAML 2.0 endpoint. It's usually
certificatethis is the certificate you set up for the ADFS Server above
You can find the certificate in an XML file that is usually found under ''https://<youradfs>/FederationMetadata/2007-06/FederationMetadata.xml''. Look for
<IDPSSODescriptor *> →
<KeyDescriptor use=“signing”> →
<X509Certificate>. It should be a long string of characters. Just paste that into the config. Make sure you use the signing key and not the encryption one.
The attribute names above (login, email, fullname and groups) are the default. In case you idP is not using these names, you can override the defaults by configuring the keys: “userid|fullname|email|groups attr name”.
Once everything is set up you can switch the authtype to
Clicking the login button will bring up the ADFS login form. Users can login with their Active Directory user name there and will be redirected to the wiki. If setup correctly, the ADFS form will use Single-Sign-On to log users in automatically.
The login will be remembered by the wiki. Unless they log out explicitly subsequent visits will trigger the login process automatically.
Please make sure your users have valid email addresses set in the Active Directory! Otherwise certain DokuWiki features may not work for them.
By default, new accounts are created during the first time login. If you prefer to reject unknown users and want to manually manage the user accounts you can untick the option “autoprovisioning” in the configuration screen.