Migrating away from Keycloak is, from a technical point of view, quite easy:
Ensure users have valid E-Mail addresses in the Keycloak.
Remove plugin.oauth.singleService. Users can now login with both Keycloak and plain auth and set a password for their plainauth user.
After some time set authtype = "authplain" and remove/disable the oauth and oauthkeycloak plugin. Users which did not set a password in the previous step can trigger a password reset.
However, we somehow need to handle registrations for the Dokuwiki. Just leaving them open will (and did in the past) invite spam bots. Thus we need to decide with which (combination) of these options we want to take:
manual approval for write access (Add @confirmed ACL with ACL of upload or delete, no extra permissions @user)
Plugins like preregister, optionally with captcha (especially their honeypot support). However, accessibility is a concern.
Migrating away from Keycloak is, from a technical point of view, quite easy:
plugin.oauth.singleService
. Users can now login with both Keycloak and plain auth and set a password for their plainauth user.authtype = "authplain"
and remove/disable theoauth
andoauthkeycloak
plugin. Users which did not set a password in the previous step can trigger a password reset.However, we somehow need to handle registrations for the Dokuwiki. Just leaving them open will (and did in the past) invite spam bots. Thus we need to decide with which (combination) of these options we want to take:
@confirmed
ACL with ACL ofupload
ordelete
, no extra permissions@user
)What do we want to do in the end?