Changes for page xwiki-authentication-access-control

Last modified by Alex Cotiugă on 2026/05/12 13:07

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Siblings
- Content
- Comments
- Attachments
- History
- Information
- Likes

From 1.2 to 1.3

From version 1.1

edited by Alex Cotiugă
on 2026/05/12 13:05

Change comment: There is no comment for this version

To version 1.2

edited by Alex Cotiugă
on 2026/05/12 13:06

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -1,0 +1,409 @@
++{{velocity}}
++#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
++{{html clean="false"}}
++
++  ## PAGE HEADER
++  <section class="hero hero-centered service-hero" aria-labelledby="hero-title">
++    <div class="container hero-inner">
++      <div class="hero-kicker">
++        <i class="fa fa-lock" aria-hidden="true"></i>
++        XWiki authentication and access control
++      </div>
++
++      <h1 id="hero-title">Secure XWiki access, authentication and permissions</h1>
++
++      <p class="lead">
++        Configure and maintain XWiki authentication, user synchronization, group management and access rights
++        for production environments.
++      </p>
++
++      <p class="hero-support">
++        We help organizations connect XWiki with LDAP, Active Directory, SSO, OIDC, SAML or MFA, while keeping
++        permissions understandable, maintainable and aligned with internal access policies.
++      </p>
++
++      <div class="hero-actions">
++        <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
++        <a class="btn btn-secondary" href="#access-control-process">See the approach</a>
++      </div>
++    </div>
++  </section>
++
++  ## WHY ACCESS CONTROL MATTERS
++  <section aria-labelledby="why-access-title">
++    <div class="container">
++      <h2 id="why-access-title">Access control is central to a reliable XWiki platform</h2>
++
++      <p class="section-intro">
++        XWiki often contains internal knowledge, procedures, project information, customer data, controlled documents
++        and business workflows. Authentication and permissions need to be configured carefully so users can access
++        what they need without exposing sensitive information or making administration too complex.
++      </p>
++
++      <div class="pathways">
++        <article class="pathway-card">
++          <div class="pathway-icon">
++            <i class="fa fa-sign-in" aria-hidden="true"></i>
++          </div>
++          <h3>Connect users securely</h3>
++          <p>
++            Integrate XWiki with your identity provider so users can access the platform with familiar credentials.
++          </p>
++          <ul>
++            <li>LDAP and Active Directory</li>
++            <li>OIDC, SAML and SSO</li>
++            <li>MFA and authentication extensions</li>
++          </ul>
++        </article>
++
++        <article class="pathway-card">
++          <div class="pathway-icon">
++            <i class="fa fa-users" aria-hidden="true"></i>
++          </div>
++          <h3>Manage groups clearly</h3>
++          <p>
++            Keep user and group synchronization understandable, scalable and aligned with the way permissions are used.
++          </p>
++          <ul>
++            <li>User synchronization</li>
++            <li>Group mapping and filtering</li>
++            <li>Large directory considerations</li>
++          </ul>
++        </article>
++
++        <article class="pathway-card">
++          <div class="pathway-icon">
++            <i class="fa fa-key" aria-hidden="true"></i>
++          </div>
++          <h3>Control access safely</h3>
++          <p>
++            Review and structure rights so spaces, pages and applications can be maintained without accidental exposure.
++          </p>
++          <ul>
++            <li>Space and page permissions</li>
++            <li>Admin and script rights awareness</li>
++            <li>Rights model cleanup</li>
++          </ul>
++        </article>
++      </div>
++    </div>
++  </section>
++
++  ## COMMON NEEDS
++  <section class="services" aria-labelledby="access-needs-title">
++    <div class="container">
++      <h2 id="access-needs-title">Common authentication and access control needs</h2>
++
++      <p class="section-intro">
++        Authentication and permissions often become more complex as XWiki grows. The right setup depends on your
++        identity provider, group structure, security expectations, user volume and internal administration model.
++      </p>
++
++      <div class="services-grid">
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-address-book"></i>
++          </div>
++          <div class="service-body">
++            <h4>LDAP and Active Directory integration</h4>
++            <p>
++              Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-sign-in"></i>
++          </div>
++          <div class="service-body">
++            <h4>SSO, OIDC and SAML</h4>
++            <p>
++              Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-shield"></i>
++          </div>
++          <div class="service-body">
++            <h4>Multi-factor authentication</h4>
++            <p>
++              MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-users"></i>
++          </div>
++          <div class="service-body">
++            <h4>User and group synchronization</h4>
++            <p>
++              Review of synchronization strategy, group mapping, large-directory behavior and performance implications.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-key"></i>
++          </div>
++          <div class="service-body">
++            <h4>Rights model review</h4>
++            <p>
++              Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-warning"></i>
++          </div>
++          <div class="service-body">
++            <h4>Access-related troubleshooting</h4>
++            <p>
++              Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.
++            </p>
++          </div>
++        </article>
++      </div>
++    </div>
++  </section>
++
++  ## APPROACH
++  <section id="access-control-process" class="split-section" aria-labelledby="process-title">
++    <div class="container">
++      <div class="split-grid">
++        <div class="split-copy">
++          <h2 id="process-title">A practical access control approach</h2>
++
++          <p>
++            Authentication and permissions should be handled with care because small configuration mistakes can affect
++            access to the entire platform. The goal is to understand the current setup, clarify the expected access
++            model and apply changes in a controlled way.
++          </p>
++
++          <p>
++            When possible, authentication and rights changes should first be validated in a staging or temporary clone
++            of the instance, especially when directory synchronization, group mappings, SSO or custom rights logic are involved.
++          </p>
++        </div>
++
++        <ol class="process-list">
++          <li>
++            <strong>Review the current access setup</strong>
++            Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.
++          </li>
++          <li>
++            <strong>Clarify the target model</strong>
++            Expected login flow, user provisioning, group mapping, administration model and permission boundaries.
++          </li>
++          <li>
++            <strong>Validate configuration safely</strong>
++            Test authentication, synchronization and rights behavior before applying changes to production when needed.
++          </li>
++          <li>
++            <strong>Apply controlled changes</strong>
++            Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.
++          </li>
++          <li>
++            <strong>Document the result</strong>
++            Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.
++          </li>
++        </ol>
++      </div>
++    </div>
++  </section>
++
++  ## SPECIFIC AREAS
++  <section aria-labelledby="areas-title">
++    <div class="container">
++      <h2 id="areas-title">Specific areas we can review</h2>
++
++      <p class="section-intro">
++        Access control in XWiki is not limited to the login page. It includes the full chain from identity provider
++        to user synchronization, group membership, page permissions and application-level rules.
++      </p>
++
++      <div class="widgets">
++        <article class="widget">
++          <div class="icon" aria-hidden="true">
++            <i class="fa fa-server"></i>
++            <h4>Directory<br />configuration</h4>
++          </div>
++          <p>
++            LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.
++          </p>
++        </article>
++
++        <article class="widget">
++          <div class="icon" aria-hidden="true">
++            <i class="fa fa-random"></i>
++            <h4>Group<br />mapping</h4>
++          </div>
++          <p>
++            Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.
++          </p>
++        </article>
++
++        <article class="widget">
++          <div class="icon" aria-hidden="true">
++            <i class="fa fa-lock"></i>
++            <h4>Permission<br />structure</h4>
++          </div>
++          <p>
++            Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.
++          </p>
++        </article>
++
++        <article class="widget">
++          <div class="icon" aria-hidden="true">
++            <i class="fa fa-user-secret"></i>
++            <h4>Security<br />sensitive rights</h4>
++          </div>
++          <p>
++            Review of powerful rights such as admin, programming, script and edit rights where they affect security.
++          </p>
++        </article>
++      </div>
++    </div>
++  </section>
++
++  ## IMPORTANT CONSIDERATIONS
++  <section class="services" aria-labelledby="considerations-title">
++    <div class="container">
++      <h2 id="considerations-title">Important considerations</h2>
++
++      <p class="section-intro">
++        Authentication and access control should be designed for both security and usability. A setup that is too
++        permissive creates risk, while a setup that is too complex becomes hard to operate and troubleshoot.
++      </p>
++
++      <div class="services-grid">
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-tachometer"></i>
++          </div>
++          <div class="service-body">
++            <h4>Large directory performance</h4>
++            <p>
++              Large numbers of users and groups can create synchronization, login-time or permission-management challenges.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-eye"></i>
++          </div>
++          <div class="service-body">
++            <h4>Visibility of groups and users</h4>
++            <p>
++              Group display, permission screens and administration workflows should remain usable even with many directory groups.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-user-plus"></i>
++          </div>
++          <div class="service-body">
++            <h4>User provisioning strategy</h4>
++            <p>
++              Decide when users are created, how profiles are updated and how synchronization behaves after first login.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-unlock-alt"></i>
++          </div>
++          <div class="service-body">
++            <h4>Administrator access safety</h4>
++            <p>
++              Authentication changes should preserve reliable administrator access and avoid accidental lockouts.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-refresh"></i>
++          </div>
++          <div class="service-body">
++            <h4>Upgrade compatibility</h4>
++            <p>
++              Authentication extensions, configuration keys and security behavior should be reviewed during XWiki upgrades.
++            </p>
++          </div>
++        </article>
++
++        <article class="service">
++          <div class="service-icon" aria-hidden="true">
++            <i class="fa fa-file-text-o"></i>
++          </div>
++          <div class="service-body">
++            <h4>Documentation and handover</h4>
++            <p>
++              Access rules, configuration decisions and operational assumptions should be documented for future maintenance.
++            </p>
++          </div>
++        </article>
++      </div>
++    </div>
++  </section>
++
++  ## RELATED SERVICES
++  <section class="resource-strip" aria-labelledby="related-title">
++    <div class="container">
++      <h2 id="related-title">Related XWiki services</h2>
++
++      <p class="section-intro">
++        Authentication and access control often connect with maintenance, upgrades and security review.
++      </p>
++
++      <div class="resource-grid">
++        <article class="resource-card">
++          <h4>XWiki Support &amp; Maintenance</h4>
++          <p>
++            Ongoing support for production environments, including troubleshooting, maintenance planning and operational review.
++          </p>
++          <a href="$xwiki.getURL('services.xwiki-maintenance-support')">View support services</a>
++        </article>
++
++        <article class="resource-card">
++          <h4>XWiki Security Review</h4>
++          <p>
++            Security-aware review of versions, extensions, rights, scripting, authentication and upgrade exposure.
++          </p>
++          <a href="$xwiki.getURL('services.xwiki-security-review')">View security review</a>
++        </article>
++      </div>
++    </div>
++  </section>
++
++  ## CTA
++  <section class="cta-section" aria-labelledby="cta-title">
++    <div class="container">
++      <div class="cta-panel">
++        <h2 id="cta-title">Need help with XWiki authentication or permissions?</h2>
++
++        <p>
++          Send a short description of your authentication setup, identity provider, current XWiki version,
++          user/group volume and the access control issue or improvement you want to address.
++        </p>
++
++        <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
++      </div>
++    </div>
++  </section>
++
++{{/html}}
++{{/velocity}}