How to configure Google Apps Integration Pro on your main wiki

Written by

Andreea Chirica

, Communications and Support Specialist

• Required Installation Steps on the Google Console
  • Step 1: Create a Google project for your Google Apps Integration Pro app
  • Step 2: Enable the Google People API
  • Step 3: Enable the Google Drive API
  • Step 4: Settings on the OAuth Consent Screen
  • Step 5: Generate the Google Client ID and Secret Credentials
• Required Steps on the Wiki side
  • Step 1: Install the app
  • Step 2: Activate the Google Authentication
  • Step 3: Google Apps Configuration on the wiki administration
  • Step 4: Set permissions to unregistered users at global level

If your organization uses Google Apps, you'll be happy to know that there is an integration available in XWiki. This tutorial shows how to add the ability to connect to a main wiki using a Google account. 

Required Installation Steps on the Google Console

If this the first time you are trying to add Google login on your main wiki, there are some steps you need to follow.

The Google Apps Integration Pro app requires a few settings in order to be able to connect to your wiki using a Google account. You first need to register for OAuth access on the Google Console. Follow the steps below:

Step 1: Create a Google project for your Google Apps Integration Pro app

Go to https://console.developers.google.com/ (see also https://developers.google.com/identity/protocols/OAuth2?hl=en). Create a Google project for your app as shown below:

Step 2: Enable the Google People API

Moving forward, you will need to Enable the Google People API. This API is needed to access the Google account information. To enable it go to the project's API & Services section, on the Dashboard, click on ENABLE APIS AND SERVICES, search for Google People API and click ENABLE.

Step 3: Enable the Google Drive API

This API is needed to access Google documents. Similarly, to enable it go back to the dashboard and click on ENABLE APIS AND SERVICES, search for Google Drive API and click ENABLE.

Step 4: Settings on the OAuth Consent Screen

Pick the Internal option to make the Google login option available only to users within your organization. 

Select the type of users you want to target with this project

Then, fill in the following fields:

• Application name (to be used later on the Google Apps configuration page within Other section of the wiki administration)
• Authorized domains (in our examples we added "xwiki.com")
• Application Homepage link (we added the link towards the Main page of the standard XWiki)
• Application Privacy Policy link (we added the link towards the standard Help page in XWiki)

Example with a Cloud wiki

Step 5: Generate the Google Client ID and Secret Credentials

The final step here would be to generate OAuth Credentials: the Google Client ID and Secret, that will then be added to the Google Apps Configuration page. Thus, after setting up the OAuth client go to Credentials and click on Create credentials > Create OAuth client ID.

Then, select "Web Application" and fill in a name, and the Authorized redirect URIs. The Authorized redirect URI needs to end with GoogleApps/Oauth. Make sure you hit enter after filling in the Authorized redirect URI, otherwise the value will not be saved. Then click the Create button. 

See below an example with fictional Client ID and Secret (for security reasons) and Authorized redirect URI used when wanting to login with Google from a main wiki. It would require to install the Google Apps Integration Pro application on the main wiki.

Example of Authorized URI, on a Cloud wiki, when the Google Login is configured on the main wiki

Now, you are all set on the Google Console Project. The Application name (set in the previous step), Client ID and Secret will need to be used on the Google Apps configuration page on your main wiki (see the following step for examples).

Required Steps on the Wiki side

Step 1: Install the app

Firstly, make sure you have installed the Google Apps Integration Pro app on the main wiki. Go on the main wiki administration > Extensions Manager and install the app.

Step 2: Activate the Google Authentication

Activate the Groovy Authentication by adding the following settings in the xwiki.cfg file (found in webapps > xwiki > WEB-INF) and restart the wiki:

If you are an XWiki Cloud user, you do not have direct access to the xwiki.cfg file. You will need to contact the XWiki Support team to perform this change for you.

Step 3: Google Apps Configuration on the wiki administration

Go to the wiki administration, the Other section and paste the Client ID, the Secret ID and Application Name in the dedicated fields. There are as well some other extra options if you want to restrict the domain of the users allowed to login to the wiki. For example, if your organization's Google account is registered under the domain fron.com (the email address from the example project is danielle.glence@fron.com) you can add it so that only the members of your company having this domain in their email address can access the wiki. There is also the use of cookies for Google Apps Login that is provided as a feature to help you connect to your wiki faster and remain connected if desired.

Step 4: Set permissions to unregistered users at global level

Then, a final setting on the main wiki administration would be to go to Users & Rights section, the Rights tab and select the Users  and deny explicitly the rights for unregistered users in order to prevent them to see or edit pages from your wiki. This is required because, currently, the app does not work if you keep checked the "Prevent unregistered users from viewing pages, regardless of the page rights" option.

We hope this tutorial helps you integrate Google Apps in your XWiki platform. Check out the installation page of the Google Apps Integration Pro application for more examples of configurations on both local and hosted wikis.