fix(xwiki): Bump to 15.10.8 and enable OIDC backchannel logout

README.md

@@ -33,7 +33,7 @@ openDesk currently features the following functional main components:
 | Diagram editor       | Cryptpad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                               | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
 | File management      | Nextcloud                   | [28.0.4](https://nextcloud.com/de/changelog/#28-0-4)                                                           | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
 | Groupware            | OX Appsuite                 | [8.22](https://documentation.open-xchange.com/appsuite/releases/8.22/)                                         | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
-| Knowledge management | XWiki                       | [15.10.4](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15104Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
+| Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [13.4.1](https://www.openproject.org/docs/release-notes/13-4-1/)                                               | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.8922](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_8922)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |

helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -293,7 +293,7 @@ config:
         authorizationServicesEnabled: false
         attributes:
           backchannel.logout.session.required: false
-          backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/NOT_YET_IMPLEMENTED_DONT_FORGET_TO_DISABLE_FCL_WHEN_BCL_IS_ACTIVATED/backchannel-logout"
+          backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/oidc/authenticator/backchannel_logout"
           post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
         defaultClientScopes:
           - "opendesk"

helmfile/apps/xwiki/values.yaml.gotmpl

@@ -62,21 +62,21 @@ customConfigs:
     xwiki.authentication.ldap.groupcache_expiration: 300
 
   xwiki.properties:
-    oidc.endpoint.authorization: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
-    oidc.endpoint.token: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
-    oidc.endpoint.userinfo: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
-    oidc.endpoint.logout: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
-    oidc.secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
-    oidc.scope: "openid,profile,email,address,opendesk"
-    oidc.endpoint.userinfo.method: "GET"
-    oidc.user.nameFormater: "${oidc.user.opendesk_username._clean._lowerCase}"
-    oidc.user.subjectFormater: "${oidc.user.opendesk_username._lowerCase}"
-    # yamllint disable-line rule:line-length
-    oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
     oidc.clientid: "opendesk-xwiki"
     oidc.endpoint.token.auth_method: "client_secret_basic"
-    oidc.skipped: false
+    oidc.endpoint.userinfo.method: "GET"
     oidc.logoutMechanism: "rpInitiated"
+    oidc.provider: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/opendesk"
+    oidc.scope: "openid,profile,email,address,opendesk"
+    oidc.secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
+    oidc.skipped: false
+    oidc.user.nameFormater: "${oidc.user.opendesk_username._clean._lowerCase}"
+    oidc.user.subjectFormater: "${oidc.user.opendesk_username._lowerCase}"
+    # Using the claims below some user based information can be passed through OIDC to XWiki that partitially has an
+    # impact on the user experience. E.g. you can define the default editor for the user `xwiki_user_editor` or if
+    # the `xwiki_user_usertype` is advanced or simple.
+    # yamllint disable-line rule:line-length
+    oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
     url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
     workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
     workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"

helmfile/environments/default/images.yaml

@@ -748,9 +748,9 @@ images:
     # providerResponsible: 'XWiki'
     # upstreamRegistry: 'git.xwikisas.com:5050'
     # upstreamRepository: 'xwikisas/swp/xwiki'
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)-.+$'
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)-mariadb.+$'
     # upstreamMirrorStartFrom: ['0', '12']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
-    tag: "0.14-mariadb-jetty-alpine@sha256:276e871e3938bf80a86a0e1e63751c843920ccd260848badafec8689410ded80"
+    tag: "0.17-mariadb-jetty-alpine@sha256:9eb67520774c3022aa4485ce348be477f358263b716e647cacd057da3aca9739"
 ...