website/integrations: add documentation for OIDC setup with Xen Orchestra (#9000)

* website/integrations: add documentation for OIDC setup with Xen Orchestra

* Dot removed

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Dot added

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Update website/integrations/services/xen-orchestra/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Update website/integrations/services/xen-orchestra/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Update website/integrations/services/xen-orchestra/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Update website/integrations/services/xen-orchestra/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* Update website/integrations/services/xen-orchestra/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>

* moved XO-configuration-values into a list instead of having numerous steps

* remove config params, that are retrieved by Auto-discovery URl anyways

* add information about user mapping using the e-mail-address

* changed note since auto-user-creation is implemented in the XO OIDC plugin

* fix typos

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

website/integrations/services/xen-orchestra/index.md

@@ -0,0 +1,69 @@
+---
+title: Xen Orchestra
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Xen Orchestra
+
+> Xen Orchestra provides a user friendly web interface for every Xen based hypervisor (XenServer, xcp-ng, etc.).
+>
+> -- https://xen-orchestra.com/
+
+:::note
+Xen Orchestra offers authentication plugins for OpenID Connect, SAML and LDAP. This guide is using the OpenID Connect plugin.
+If you are using the Xen Orchestra Appliance, the OIDC Plugin should be present. If you are using Xen Orchestra compiled from sources, make sure the plugin `auth-oidc` is installed.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `xenorchestra.company` is the FQDN of the Xen Orchestra instance.
+-   `authentik.company` is the FQDN of the authentik install.
+
+## authentik configuration
+
+### 1. Provider
+
+Under _Providers_, create an OAuth2/OpenID provider with these settings:
+
+-   Name: Provider for XenOrchestra
+-   Authorization Flow: Select one of the available Flows.
+-   Client type: Confidential
+-   Redirect URIs/Origins: `https://xenorchestra.company/signin/oidc/callback`
+
+Take note of the Client ID and the Client Secret, because we need them for the configuration of Xen Orchestra.
+
+### 2. Application
+
+Create an application with the following details:
+
+-   Slug: `xenorchestra` (If you want to choose a different slug, your URLs for the Xen Orchestra Configuration may vary.)
+-   Provider: Select the one we have created in Step 1
+-   Set the Launch URL to `https://xenorchestra.company/`
+
+Optionally apply access restrictions to the application.
+
+## Xen Orchestra configuration
+
+Xen Orchestra allows the configuration of the OpenID Connect authentication in the plugin-section.
+All of the URLs mentioned below can be copied & pasted from authentik (_Applications -> Providers -> *the provider created earlier*_).
+
+1. Navigate to Settings -> Plugins
+2. Scroll to **auth-oidc** and click on the **+** icon on the right hand side.
+3. Configure the auth-oidc plugin with the following configuration values:
+
+-   Set the `Auto-discovery URL` to `https://authentik.company/application/o/xenorchestra/.well-known/openid-configuration`.
+-   Set the `Client identifier (key)` to the Client ID from your notes.
+-   Set the `Client secret` to the Client Secret from your notes.
+-   Check the `Fill information (optional)`-Checkbox to open the advanced menu.
+-   Set the `Username field` to `username`
+-   Set the `Scopes` to `openid profile email`
+
+4. Enable the `auth-oidc`-Plugin by toggling the switch above the configuration.
+5. You should be able to login with OIDC.
+
+:::note
+The first time a user signs in, Xen Orchesta will create a new user with the same username used in authentik. If you want to map the users by their e-mail-address instead of their username, you have to set the `Username field` to `email` in the Xen Orchestra plugin configuration.
+:::

website/sidebarsIntegrations.js

@@ -63,6 +63,7 @@ module.exports = {
                         "services/portainer/index",
                         "services/proxmox-ve/index",
                         "services/rancher/index",
+                        "services/xen-orchestra/index",
                         "services/vmware-vcenter/index",
                     ],
                 },