Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 8.3
edited by Agnease
on 2026/05/22 14:12
Change comment: There is no comment for this version
To version 8.8
edited by Agnease
on 2026/05/25 12:50
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,7 +1,6 @@
1 1  {{velocity}}
2 2  #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 3  {{html clean="false"}}
4 -
5 5   ## PAGE HEADER
6 6   <section class="hero hero-centered service-hero" aria-labelledby="hero-title">
7 7   <div class="container hero-inner">
... ... @@ -23,68 +23,92 @@
23 23   </div>
24 24   </div>
25 25   </section>
25 + ## WHY ACCESS CONTROL CARDS
26 + #set ($accessControlItems = [{
27 + 'title': 'Connect users securely',
28 + 'icon': 'sign-in',
29 + 'content': 'Integrate XWiki with your identity provider so users can access the platform with familiar credentials.',
30 + 'items': [
31 + 'LDAP and Active Directory',
32 + 'OIDC, SAML and SSO',
33 + 'MFA and authentication extensions'
34 + ]
35 + },{
36 + 'title': 'Manage groups clearly',
37 + 'icon': 'users',
38 + 'content': 'Keep user and group synchronization understandable, scalable and aligned with the way permissions are used.',
39 + 'items': [
40 + 'User synchronization',
41 + 'Group mapping and filtering',
42 + 'Large directory considerations'
43 + ]
44 + },{
45 + 'title': 'Control access safely',
46 + 'icon': 'key',
47 + 'content': 'Review and structure rights so spaces, pages and applications can be maintained without accidental exposure.',
48 + 'items': [
49 + 'Wiki and page permissions',
50 + 'Admin and script rights awareness',
51 + 'Rights model cleanup'
52 + ]
53 + }])
26 26  
27 - ## WHY ACCESS CONTROL MATTERS
28 28   <section aria-labelledby="why-access-title">
29 29   <div class="container">
30 30   <h2 id="why-access-title">Access control is central to a reliable XWiki platform</h2>
31 -
32 32   <p class="section-intro">
33 33   XWiki often contains internal knowledge, procedures, project information, customer data, controlled documents
34 34   and business workflows. Authentication and permissions need to be configured carefully so users can access
35 35   what they need without exposing sensitive information or making administration too complex.
36 36   </p>
37 -
38 38   <div class="pathways">
39 - <article class="pathway-card">
40 - <div class="pathway-icon">
41 - <i class="fa fa-sign-in" aria-hidden="true"></i>
42 - </div>
43 - <h3>Connect users securely</h3>
44 - <p>
45 - Integrate XWiki with your identity provider so users can access the platform with familiar credentials.
46 - </p>
47 - <ul>
48 - <li>LDAP and Active Directory</li>
49 - <li>OIDC, SAML and SSO</li>
50 - <li>MFA and authentication extensions</li>
51 - </ul>
52 - </article>
53 -
54 - <article class="pathway-card">
55 - <div class="pathway-icon">
56 - <i class="fa fa-users" aria-hidden="true"></i>
57 - </div>
58 - <h3>Manage groups clearly</h3>
59 - <p>
60 - Keep user and group synchronization understandable, scalable and aligned with the way permissions are used.
61 - </p>
62 - <ul>
63 - <li>User synchronization</li>
64 - <li>Group mapping and filtering</li>
65 - <li>Large directory considerations</li>
66 - </ul>
67 - </article>
68 -
69 - <article class="pathway-card">
70 - <div class="pathway-icon">
71 - <i class="fa fa-key" aria-hidden="true"></i>
72 - </div>
73 - <h3>Control access safely</h3>
74 - <p>
75 - Review and structure rights so spaces, pages and applications can be maintained without accidental exposure.
76 - </p>
77 - <ul>
78 - <li>Wiki and page permissions</li>
79 - <li>Admin and script rights awareness</li>
80 - <li>Rights model cleanup</li>
81 - </ul>
82 - </article>
64 + #foreach ($entry in $accessControlItems)
65 + <article class="pathway-card">
66 + <div class="card-heading">
67 + <div class="pathway-icon">
68 + <i class="fa fa-$entry.icon" aria-hidden="true"></i>
69 + </div>
70 + <h3>$entry.title</h3>
71 + </div>
72 + <p>$entry.content</p>
73 + <ul>
74 + #foreach ($item in $entry.items)
75 + <li>$item</li>
76 + #end
77 + </ul>
78 + </article>
79 + #end
83 83   </div>
84 84   </div>
85 85   </section>
86 86  
87 87   ## COMMON NEEDS
85 + #set ($accessNeedsItems = [{
86 + 'title': 'LDAP and Active Directory integration',
87 + 'icon': 'address-book',
88 + 'content': 'Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.'
89 + },{
90 + 'title': 'SSO, OIDC and SAML',
91 + 'icon': 'sign-in',
92 + 'content': 'Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.'
93 + },{
94 + 'title': 'Multi-factor authentication',
95 + 'icon': 'shield',
96 + 'content': 'MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.'
97 + },{
98 + 'title': 'User and group synchronization',
99 + 'icon': 'users',
100 + 'content': 'Review of synchronization strategy, group mapping, large-directory behavior and performance implications.'
101 + },{
102 + 'title': 'Rights model review',
103 + 'icon': 'key',
104 + 'content': 'Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.'
105 + },{
106 + 'title': 'Access-related troubleshooting',
107 + 'icon': 'warning',
108 + 'content': 'Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.'
109 + }])
110 +
88 88   <section class="services" aria-labelledby="access-needs-title">
89 89   <div class="container">
90 90   <h2 id="access-needs-title">Common authentication and access control needs</h2>
... ... @@ -95,82 +95,40 @@
95 95   </p>
96 96  
97 97   <div class="services-grid">
98 - <article class="service">
99 - <div class="service-icon" aria-hidden="true">
100 - <i class="fa fa-address-book"></i>
101 - </div>
102 - <div class="service-body">
103 - <h4>LDAP and Active Directory integration</h4>
104 - <p>
105 - Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.
106 - </p>
107 - </div>
108 - </article>
121 + #foreach ($entry in $accessNeedsItems)
122 + <article class="service">
123 + <div class="service-icon" aria-hidden="true">
124 + <i class="fa fa-$entry.icon"></i>
125 + </div>
109 109  
110 - <article class="service">
111 - <div class="service-icon" aria-hidden="true">
112 - <i class="fa fa-sign-in"></i>
113 - </div>
114 - <div class="service-body">
115 - <h4>SSO, OIDC and SAML</h4>
116 - <p>
117 - Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.
118 - </p>
119 - </div>
120 - </article>
121 -
122 - <article class="service">
123 - <div class="service-icon" aria-hidden="true">
124 - <i class="fa fa-shield"></i>
125 - </div>
126 - <div class="service-body">
127 - <h4>Multi-factor authentication</h4>
128 - <p>
129 - MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.
130 - </p>
131 - </div>
132 - </article>
133 -
134 - <article class="service">
135 - <div class="service-icon" aria-hidden="true">
136 - <i class="fa fa-users"></i>
137 - </div>
138 - <div class="service-body">
139 - <h4>User and group synchronization</h4>
140 - <p>
141 - Review of synchronization strategy, group mapping, large-directory behavior and performance implications.
142 - </p>
143 - </div>
144 - </article>
145 -
146 - <article class="service">
147 - <div class="service-icon" aria-hidden="true">
148 - <i class="fa fa-key"></i>
149 - </div>
150 - <div class="service-body">
151 - <h4>Rights model review</h4>
152 - <p>
153 - Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.
154 - </p>
155 - </div>
156 - </article>
157 -
158 - <article class="service">
159 - <div class="service-icon" aria-hidden="true">
160 - <i class="fa fa-warning"></i>
161 - </div>
162 - <div class="service-body">
163 - <h4>Access-related troubleshooting</h4>
164 - <p>
165 - Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.
166 - </p>
167 - </div>
168 - </article>
127 + <div class="service-body">
128 + <h4>$entry.title</h4>
129 + <p>$entry.content</p>
130 + </div>
131 + </article>
132 + #end
169 169   </div>
170 170   </div>
171 171   </section>
172 172  
173 - ## APPROACH
137 + ## ACCESS CONTROL PROCESS
138 + #set ($accessProcessItems = [{
139 + 'title': 'Review the current access setup',
140 + 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
141 + },{
142 + 'title': 'Clarify the target model',
143 + 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
144 + },{
145 + 'title': 'Validate configuration safely',
146 + 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
147 + },{
148 + 'title': 'Apply controlled changes',
149 + 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
150 + },{
151 + 'title': 'Document the result',
152 + 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
153 + }])
154 +
174 174   <section id="access-control-process" class="split-section" aria-labelledby="process-title">
175 175   <div class="container">
176 176   <div class="split-grid">
... ... @@ -190,26 +190,12 @@
190 190   </div>
191 191  
192 192   <ol class="process-list">
193 - <li>
194 - <strong>Review the current access setup</strong>
195 - Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.
196 - </li>
197 - <li>
198 - <strong>Clarify the target model</strong>
199 - Expected login flow, user provisioning, group mapping, administration model and permission boundaries.
200 - </li>
201 - <li>
202 - <strong>Validate configuration safely</strong>
203 - Test authentication, synchronization and rights behavior before applying changes to production when needed.
204 - </li>
205 - <li>
206 - <strong>Apply controlled changes</strong>
207 - Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.
208 - </li>
209 - <li>
210 - <strong>Document the result</strong>
211 - Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.
212 - </li>
174 + #foreach ($entry in $accessProcessItems)
175 + <li>
176 + <strong>$entry.title</strong>
177 + $entry.content
178 + </li>
179 + #end
213 213   </ol>
214 214   </div>
215 215   </div>
... ... @@ -216,6 +216,24 @@
216 216   </section>
217 217  
218 218   ## SPECIFIC AREAS
186 + #set ($accessAreasItems = [{
187 + 'title': 'Directory configuration',
188 + 'icon': 'server',
189 + 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
190 + },{
191 + 'title': 'Group mapping',
192 + 'icon': 'random',
193 + 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
194 + },{
195 + 'title': 'Permission structure',
196 + 'icon': 'lock',
197 + 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
198 + },{
199 + 'title': 'Security-sensitive rights',
200 + 'icon': 'user-secret',
201 + 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
202 + }])
203 +
219 219   <section aria-labelledby="areas-title">
220 220   <div class="container">
221 221   <h2 id="areas-title">Specific areas we can review</h2>
... ... @@ -226,45 +226,16 @@
226 226   </p>
227 227  
228 228   <div class="widgets">
229 - <article class="widget">
230 - <div class="icon" aria-hidden="true">
231 - <i class="fa fa-server"></i>
232 - <h4>Directory<br />configuration</h4>
233 - </div>
234 - <p>
235 - LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.
236 - </p>
237 - </article>
214 + #foreach ($entry in $accessAreasItems)
215 + <article class="widget">
216 + <div class="icon" aria-hidden="true">
217 + <i class="fa fa-$entry.icon"></i>
218 + <h4>$entry.title</h4>
219 + </div>
238 238  
239 - <article class="widget">
240 - <div class="icon" aria-hidden="true">
241 - <i class="fa fa-random"></i>
242 - <h4>Group<br />mapping</h4>
243 - </div>
244 - <p>
245 - Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.
246 - </p>
247 - </article>
248 -
249 - <article class="widget">
250 - <div class="icon" aria-hidden="true">
251 - <i class="fa fa-lock"></i>
252 - <h4>Permission<br />structure</h4>
253 - </div>
254 - <p>
255 - Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.
256 - </p>
257 - </article>
258 -
259 - <article class="widget">
260 - <div class="icon" aria-hidden="true">
261 - <i class="fa fa-user-secret"></i>
262 - <h4>Security<br />sensitive rights</h4>
263 - </div>
264 - <p>
265 - Review of powerful rights such as admin, programming, script and edit rights where they affect security.
266 - </p>
267 - </article>
221 + <p>$entry.content</p>
222 + </article>
223 + #end
268 268   </div>
269 269   </div>
270 270   </section>