DokuWiki
What is DokuWiki
From https://en.wikipedia.org/wiki/DokuWiki
DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki.
Preparation
The following placeholders will be used:
dokuwiki.company
is the FQDN of the DokiWiki install.authentik.company
is the FQDN of the authentik install.
DokuWiki configuration
In DokuWiki, navigate to the Extension Manager section in the Administration interface and install
Navigate to Configuration Settings section in the Administration interface and change Oauth and Oauthgeneric options:
For Oauth:
- Check the plugin»oauth»register-on-auth option
For Oauthgeneric:
- plugin»oauthgeneric»key: The Application UID
- plugin»oauthgeneric»secret: The Application Secret
- plugin»oauthgeneric»authurl: https://authentik.company/application/o/authorize/
- plugin»oauthgeneric»tokenurl: https://authentik.company/application/o/token/
- plugin»oauthgeneric»userurl: https://authentik.company/application/o/userinfo/
- plugin»oauthgeneric»authmethod: Bearer Header
- plugin»oauthgeneric»scopes: email, openid, profile, offline_access
- plugin»oauthgeneric»needs-state: checked
- plugin»oauthgeneric»json-user: preferred_username
- plugin»oauthgeneric»json-name: name
- plugin»oauthgeneric»json-mail: email
- plugin»oauthgeneric»json-grps: groups
In the Configuration Settings section in the Administration interface navigate to Authentication and activate oauth in Authentication backend.
authentik Configuration
Provider
In authentik, under Providers, create an OAuth2/OpenID Provider with these settings:
- Redirect URI: The Callback URL / Redirect URI from plugin»oauth»info, usually
dokuwiki.company/doku.php
- Signing Key: Select any available key
Note the client ID and client secret, then save the provider. If you need to retrieve these values, you can do so by editing the provider.
To prevent users from needing to log in again as soon as the access token expires, include the offline_access scope in both authentik and DokuWiki. This scope allows DokuWiki to use refresh tokens.
Application
In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
Set the Launch URL to the Callback URL / Redirect URI (dokuwiki.company/doku.php
).