Changes for page XWiki Authentication and Access Control
Last modified by Agnease on 2026/05/25 12:52
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -134,24 +134,7 @@ 134 134 </div> 135 135 </section> 136 136 137 - ## ACCESS CONTROL PROCESS 138 - #set ($accessProcessItems = [{ 139 - 'title': 'Review the current access setup', 140 - 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.' 141 - },{ 142 - 'title': 'Clarify the target model', 143 - 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.' 144 - },{ 145 - 'title': 'Validate configuration safely', 146 - 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.' 147 - },{ 148 - 'title': 'Apply controlled changes', 149 - 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.' 150 - },{ 151 - 'title': 'Document the result', 152 - 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.' 153 - }]) 154 - 137 + ## APPROACH 155 155 <section id="access-control-process" class="split-section" aria-labelledby="process-title"> 156 156 <div class="container"> 157 157 <div class="split-grid"> ... ... @@ -171,12 +171,26 @@ 171 171 </div> 172 172 173 173 <ol class="process-list"> 174 - #foreach ($entry in $accessProcessItems) 175 - <li> 176 - <strong>$entry.title</strong> 177 - $entry.content 178 - </li> 179 - #end 157 + <li> 158 + <strong>Review the current access setup</strong> 159 + Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues. 160 + </li> 161 + <li> 162 + <strong>Clarify the target model</strong> 163 + Expected login flow, user provisioning, group mapping, administration model and permission boundaries. 164 + </li> 165 + <li> 166 + <strong>Validate configuration safely</strong> 167 + Test authentication, synchronization and rights behavior before applying changes to production when needed. 168 + </li> 169 + <li> 170 + <strong>Apply controlled changes</strong> 171 + Update configuration, extensions, rights or group mappings with attention to rollback and administrator access. 172 + </li> 173 + <li> 174 + <strong>Document the result</strong> 175 + Provide practical notes about the final configuration, assumptions, risks and future maintenance actions. 176 + </li> 180 180 </ol> 181 181 </div> 182 182 </div> ... ... @@ -183,24 +183,6 @@ 183 183 </section> 184 184 185 185 ## SPECIFIC AREAS 186 - #set ($accessAreasItems = [{ 187 - 'title': 'Directory configuration', 188 - 'icon': 'server', 189 - 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.' 190 - },{ 191 - 'title': 'Group mapping', 192 - 'icon': 'random', 193 - 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.' 194 - },{ 195 - 'title': 'Permission structure', 196 - 'icon': 'lock', 197 - 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.' 198 - },{ 199 - 'title': 'Security-sensitive rights', 200 - 'icon': 'user-secret', 201 - 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.' 202 - }]) 203 - 204 204 <section aria-labelledby="areas-title"> 205 205 <div class="container"> 206 206 <h2 id="areas-title">Specific areas we can review</h2> ... ... @@ -211,16 +211,45 @@ 211 211 </p> 212 212 213 213 <div class="widgets"> 214 - #foreach ($entry in $accessAreasItems) 215 - <article class="widget"> 216 - <div class="icon" aria-hidden="true"> 217 - <i class="fa fa-$entry.icon"></i> 218 - <h4>$entry.title</h4> 219 - </div> 193 + <article class="widget"> 194 + <div class="icon" aria-hidden="true"> 195 + <i class="fa fa-server"></i> 196 + <h4>Directory<br />configuration</h4> 197 + </div> 198 + <p> 199 + LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior. 200 + </p> 201 + </article> 220 220 221 - <p>$entry.content</p> 222 - </article> 223 - #end 203 + <article class="widget"> 204 + <div class="icon" aria-hidden="true"> 205 + <i class="fa fa-random"></i> 206 + <h4>Group<br />mapping</h4> 207 + </div> 208 + <p> 209 + Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues. 210 + </p> 211 + </article> 212 + 213 + <article class="widget"> 214 + <div class="icon" aria-hidden="true"> 215 + <i class="fa fa-lock"></i> 216 + <h4>Permission<br />structure</h4> 217 + </div> 218 + <p> 219 + Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions. 220 + </p> 221 + </article> 222 + 223 + <article class="widget"> 224 + <div class="icon" aria-hidden="true"> 225 + <i class="fa fa-user-secret"></i> 226 + <h4>Security<br />sensitive rights</h4> 227 + </div> 228 + <p> 229 + Review of powerful rights such as admin, programming, script and edit rights where they affect security. 230 + </p> 231 + </article> 224 224 </div> 225 225 </div> 226 226 </section>