Skip to content
Snippets Groups Projects
New look: Off

Set up a wiki with SSO

    • Closed Issue created by Null Flancian @flancian

    As discussed in [[go/twg/chat]], we probably want to set up a Dokuwiki and configure it to accept the Mastodon instance as SSO provider.

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Ed Summers
      Ed Summers @edsu ·
      Maintainer

      Based on further conversation with @ntnsndr in Matrix chat I wonder if we should experiment by bringing up a dokuwiki instance at wiki2.social.coop. I think ideally we would set it up on runko using our Ansible playbook?

      This might be related to #63 (closed) since we we will want to update the nginx configuration and run dokuwiki in a Docker container?

      Edited by Ed Summers
    • Ed Summers
      Ed Summers @edsu ·
      Maintainer

      It looks like we will want to install the oath2 plugin for dokuwiki. It's possible that the Generic Service will work with a little configuration, but we may have to implement our own since Mastodon isn't one of those listed. There do appear to be instructions so maybe it won't be too hard?

      Edited by Ed Summers
    • Ed Summers
      Ed Summers @edsu ·
      Maintainer

      I did some work to get the dokuwiki-plugin-oauth and dokuwiki-plugin-oauthdoorkeeper plugins working with Mastodon. See this branch for the changes that were needed to get the doorkeeper code to work properly with Mastodon's usage of doorkeeper:

      https://github.com/edsu/dokuwiki-plugin-oauthdoorkeeper/tree/mastodon

      Unfortunately Mastodon don't make the email address for the authenticated user available, and the dokuwiki oauth plugin really relies on having one. Instead a synthetic email is created using the Mastodon username and the host of the Mastodon server supplying the credentials. This "works" for login purposes, but is not a functional email address.

      After some discussion in Matrix it seems like pursuing a single-sign-on solution that is not Mastodon, e.g. similar to what Cloudron provides, might be more preferable long term.

      If you want to try out the test you will need to make a directory with this docker-compose.yml in it:

      version: "3.9"
services:
  doorkeeper:
    build: .
    ports:
      - "3000:3000"
      -

      Make a dokuwiki directory:

      mkdir dokuwiki

      Then start it up and go to http://localhost:3000, which will populate the dokuwiki directory with an initial configuration.

      Download the dokuwiki-plugin-oauth and dokuwiki-plugin-oauthdoorkeeper plugins, unzip them, and move the directories into dokuwiki/lib/pluglins using the names oauth and oauthdoorkeeper.

      Then you need to create an app on Mastodon: https://docs.joinmastodon.org/client/token/ and configure the dokuwiki plugins in the interface with the keys.

    • N
      Nathan Schneider @ntnsndr ·
      Owner

      Thank you for your efforts here. Sounds like building a central SSO provider is an important medium-term priority for Sc. In the long term I think it is super strategic in case we want to migrate away from Mastodon.

    • Null Flancian
      Null Flancian @flancian ·
      Author Owner

      So this is done actually 😄

      auth.social.coop is up and running wiki.social.coop is up and running using the above

      Remaining: set up backups and restores for both and coordinate account creation further; but these should be tracked in separate bugs in the same component.

    • Null Flancian closed

      closed

    Please register or sign in to reply

    Webarchitects | Forum | Status | SSH Fingerprints