Active Directory Application
Category | Application |
Active Installs | 40 |
Rating | |
License | GNU Lesser General Public License 2.1 |
Minimal XWiki version supported | XWiki 13.10 |
Sources | Issues |
Active Directory Application for XWiki
The Active Directory application allows you to easily connect your Active Directory server to XWiki using a visual editor. Active Directory application implements one of the many User Authentication mechanisms available in XWiki and it uses the information from an Active Directory server.
A connection needs to be set between XWiki and Active Directory in order to synchronize their users and groups. Active Directory users will be able to authenticate in XWiki and a dedicated XWiki user will be created at the first login. It is also possible to import users from an LDAP server to XWiki, as described in the Documentation tab.
In order to use this application, follow the Installation guide and then configure it from the Wiki Administration
The following image is an overview of the Active Directory application. To find out more about how to use and configure the application please read the Documentation.
Note this application does not include Azure AD and SAML support. We cover this need through a separate service. Please contact us to find out more.
What is Active Directory?
Directory service implementation developed by Microsoft that provides a hierarchical structure for storing information. Functionalities include authentication, user and group management and a framework to deploy related services.
External Resources
- Connection settings
- Configuration
- Advanced
- User and Groups import
- Synchronizing the "active" statuses from LDAP to XWiki
- FAQ
- Why don't all Active Directory users appear in the wiki?
- Is the user information from AD updated instantly on the XWiki profile?
- How is the sync performed for images?
- What attribute from AD will be used as login name in XWiki?
- How can the AD groups be mapped to the XWiki groups?
- How can the AD user fields be mapped to the XWiki user fields?
- How to retrieve the DN of a group from Active Directory?
- Is the Active Directory Application compatible with SSO?
- Does the application support LDAPS?
- How to display more logs for the application?
- What to avoid for the Active Directory setup?
- Is it possible to export the configuration of the Active Directory from a wiki and import it in a new instance?
- Does XWiki stock the password at the first login of a user?
- Do you need to update the XWiki Active Directory app configuration when new users are added in the Active Directory group membership?
Connection settings
The Check connection button helps to check in real time that the authentication credentials are correct.
Field | Description | Default | |
---|---|---|---|
Active Directory server address | The address (IP or domain name) of the server to connect to. For example, 127.0.0.1 would be used for a server that is located on the same machine where XWiki is installed. | 127.0.0.1 | |
Active Directory server port | The port to connect to. For example, 389 would be used if the server is running on the standard LDAP port. | 389 | |
Active Directory user dn | The bind login (user distinguish name) to connect to the server with. This can be left empty for anonymous access to the server. If the server is not configured to accept anonymous access, then the full DN of a user with proper access rights must be provided. For example, cn=admin,dc=example,dc=com is how a user DN should look. | N/A | |
Active Directory password | This can be left empty for anonymous access to the server. This is the password for the previous defined Active Directory User DN and should be used together. | N/A | |
Enable SSL connection to AD server | Whether to use LDAP over SSL. (Optional) | No | |
Path to keystore | The path to the trust store were the certificate was added. Check this use case for more info on how to get the correct path. Note that a default location is checked by JSSE, but it's better to be specific. This is only for SSL connection. | N/A | |
SSL secure provider | A java secure provider to be used in SSL connection, besides the already preregistered ones. This is only for SSL connection. (Optional) | N/A |
Configuration
The Active Directory application comes with a set of default values configured, so the user only needs to specify the Base DN and the setup is done.
Field | Description | Default | |
---|---|---|---|
Active Directory Base DN | The Base DN is the root of the tree containing the users and where the server performs the search. E.g. dc=example,dc=com. | N/A |
Advanced
In order to provide a custom configuration to the application, click on Show Advanced Configuration and start exploring all the available options.
Field | Description | Default |
---|---|---|
Enable the Active Directory authentication | Enable the Active Directory authentication for this wiki, otherwise only XWiki authentication will work. If enabled and configured properly, an XWiki user will be created whenever an Active Directory user visits the wiki for the first time. | Yes |
Enable the XWiki authentication | Enable the XWiki authentication for this wiki, as a fallback solution. Without this setting you will be unable to log into XWiki with local accounts. Also, if Active Directory authentication fails for any reason, the XWiki DB authentication will be tried with the same credentials. | Yes |
Active Directory UID attribute name | Specifies the Active Directory attribute containing the identifier to be used as the XWiki user name. | sAMAccountName |
Active Directory user fields mapping | Set a link between an XWiki user property that needs to store the data from an Active Directory user field. For example, first_name->givenName (first_name belongs to XWiki.XWikiUsers class and givenName to Active Directory user profile) | last_name=sn,first_name=givenName, email=mail,company=company, comment=comment,phone=mobile |
Active Directory groups mapping | Set a link between an XWiki group that needs to store, as members, ther users belonging to an Active Directory group. For example, XWiki.XWikiAdminGroup->cn=marketing,ou=groups,dc=example. By default, all the users are added into XWiki.XWikiAllGroup. | N/A |
Field | Description | Default |
---|---|---|
Allow Active Directory authentication only to certain group | This field can be used to provide authentication rights only to the members of an Active Directory group. If this is empty, no restriction will be applied and all the users from the Base DN will be able to authenticate. To configure use the full DN of the group: cn=developers,ou=groups,o=XWiki,c=FR. | N/A |
Forbid Active Directory authentication to certain group | This field can be used to deny authentication rights to the members of an Active Directory group. The users that are members of the following group can't authenticate. To configure use the full DN of the group: cn=designers,ou=groups,o=XWiki,c=FR. | N/A |
Update user from Active Directory after login | If this property is enabled, the XWiki user data will be updated from Active Directory on every login of the user, otherwise the mapping will be done only once, when the user is created. | Yes |
Update user photo from Active Directory | If this property is enabled, the XWiki avatar will be updated from Active Directory on every login of the user, otherwise the photo will not be updated. | No |
Active Directory Photo Attribute Name | You can specify the Active Directory attribute that contains the user photo image. | thumbnailPhoto |
Active Directory groups cache expiration | Time in seconds after which the list of members in a group is refreshed from Active Directory. | 21600 (6 hours) |
When to synchronize the Active Directory groups | The groups will be synchronized by default on every authentication of a user. For example, if an Active Directory user is moved to a different group, at the next login it will be moved in XWiki in the right group. | At each authentication of a user |
User and Groups import
Importing Users
This application introduces an Import User button in several user management key locations:
- in the Users section from the XWiki Administration, next to "Create User" button (in the main wiki)
- in the Groups section from the XWiki Administration, in the edit group modal (when editing a group), in the "Import user from LDAP" section
- in any Group page, in edit mode, in the "Import user from LDAP" section
The Import User button opens a pop-up modal with a form to search a value in a list of LDAP attributes. Note that you can use a "contains" search strategy, but it might have performance issues on larger servers.
Configuring the User Import
To configure the User Import, go to XWiki Administration > Other > LDAP User Import
Parameters
Name | Description | Default |
---|---|---|
LDAP user fields | The list of the LDAP user fields to be available for custom search. The fields added in this list will be available in the Import User modal only if the "SEARCH BY FIELD" option is checked. | LDAP UID attribute and all the values from the LDAP user fields mapping. If none is specified, then it will be cn,givenName,sn,mail. |
Search by field | If this option is checked, then a select input will be displayed in the Import User modal, allowing to select and to search only in one LDAP field (e.g.: mail). If the option is not checked, the search will be performed in all the fields defined in the "LDAP USER FIELDS" list. | false |
Add OIDC object in user profile | If this option is checked, then an OpenID Connect related object will be added in the profile of the new created user, in case any OpenID Connect Authenticator is installed in the main wiki. | false |
Users allowed to create accounts from LDAP | Use this option to specify who is able to import users from LDAP. By default, this is restricted only to Global admin users. | Global administrators |
When setting the LDAP User Import in a multiwiki environment, the LDAP User Import configuration can be configured only on the main wiki and will be inherited on all subwikis, but can also be overwritten on subwikis, if needed.
Note that starting with LDAP User Import version 1.5, the LDAP user class default value was changes from inetOrgPerson to *, so it can work without custom changes of the server. This might improve user / group searches. The configuration can be changed from the xwiki.cfg file using xwiki.authentication.ldap.user_classes.
Importing Groups
Since v1.16.3, the application allows to automatically import and create mappings between XWiki groups and Active Directory groups. This functionality is designed for use-cases where many LDAP groups have to be synchronized with XWiki. The group importer will take care of finding groups defined in the Active Directory, create equivalent XWiki groups for the AD groups that have been found, and register a mapping between each AD group and the corresponding XWiki group in the Active Directory configuration.
On the contrary to the User import functionality described above, this feature can only be triggered through a scheduler job. If the two jobs for importing users and groups are enabled, the LDAP group import scheduler job will run before the LDAP user import scheduler job, which allows importing and populating LDAP groups automatically in a short period of time.
Parameters
Name | Description | Default |
---|---|---|
LDAP Group Import Search DN | The base DN under which the LDAP group importer will look for groups to import | empty |
LDAP Group Import Search Filter | The filter that will be used to find LDAP groups to import. By default, this filter created based on a list of known objectClass used for LDAP groups. If the group import functionality is used along with the LDAP Authenticator, this list of group classes can be overriden through the configuration variable xwiki.authentication.ldap.group_classes in xwiki.cfg. Example filter : (&(objectClass=groupOfNames)(cn=dev*)) will return LDAP groups that have the class groupOfNames and that start with dev. | (| |
LDAP Group import search attributes | A list of LDAP attributes that should be fetched with each entity to create the group name | cn |
Group page name format | The format of the equivalent group page name that will be created in XWiki based on the search attributes defined by LDAP Group import search attributes. If the attribute used as the Active Directory UID attribute name property is also part of the search attibutes, it will be available as ${uid}. Groups will automatically be created within the XWiki space. In order to avoid any unintended group synchronization, the group importer will not register a mapping between an LDAP group and an XWiki group if the XWiki group already exists prior to the synchronization. | ${uid}Group |
Trigger Group import | Enable or disable the automated import of LDAP groups | Disabled |
Synchronizing the "active" statuses from LDAP to XWiki
Since v1.16.1 the feature of synchronizing the "active" status from LDAP to XWiki was added. This feature makes use of the `ldap-usercleanup` module of the xwiki-contrib ldap project to either remove the inactive AD users from XWiki or disable them. The documentation of how to configure it can be found here: https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Remove%20old%20users%20no%20longer%20in%20LDAP/#HConfiguration .
Additionally, for the cleanup job to successfully run, the following properties should be configured in the `xwikinstance.org/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object`. The properties need to be duplicated from the Active Directory administration section.
FAQ
Why don't all Active Directory users appear in the wiki?
The user profile will be created in XWiki the first time the user will login with his Active Directory credentials.
Is the user information from AD updated instantly on the XWiki profile?
The user information is not synchronized automatically, the user needs to logout and login to have his profile updated.
How is the sync performed for images?
The synchronization for images needs first to be enabled from the application administration by updating the value for Update user photo from Active Directory to Yes.
What attribute from AD will be used as login name in XWiki?
By default the sAMAccountName will be used to login in XWiki. This value can be updated on the Active Directory UID attribute name configuration.
On the Active Directory server side the sAMAccountName value can be retrieved using the Attribute tab.
How can the AD groups be mapped to the XWiki groups?
The mapping can be configured from the Administration section Show Advanced Configuration > Active Directory Group Mapping. The XWiki groups can be easily selected using a suggest picker.
The users are added to the groups upon login, the groups are not synchronized automatically.
How can the AD user fields be mapped to the XWiki user fields?
The XWiki user fields to be mapped can be easily selected using a suggest picker under the section Active Directory User Fields Mapping.
How to retrieve the DN of a group from Active Directory?
The DN can be retrieved from Active Directory using the Attribute Editor under the group properties.
Is the Active Directory Application compatible with SSO?
The application is not compatible with an SSO configuration that contains a Trusted authentication framework.
Does the application support LDAPS?
Use the Enable SSL connection to Active Directory server option from the UI configuration.
Before version 1.9, to use the Active Directory app with LDAPS you need to:
- go to the Active Directory application and change the Active Directory Server Port value from 389 to 636.
- go to the xwiki.cfg file and change the value for the SSL connection to LDAP server from 0 to 1:
#-# - 0: normal
#-# - 1: SSL
#-# The default is 0
xwiki.authentication.ldap.ssl=1
How to display more logs for the application?
When working on the configuration of the Active Directory application it could help to display more logs on the server side:
- Open the "Global Administration: Logging" section
- Search for "ldap"
- Set the log level to DEBUG
What to avoid for the Active Directory setup?
We have reproduced a connection issue concerning the usage of the curly bracket inside the Active Directory password, see reported issue.
Is it possible to export the configuration of the Active Directory from a wiki and import it in a new instance?
To reuse an older configuration for the Active Directory you can follow the steps below:
- Open the URL http://<your server>/xwiki/bin/edit/ActiveDirectory/Code/ActiveDirectoryConfig?editor=object on the old wiki
- Export the page using the XAR format
- Import the XAR archive on the new wiki
Does XWiki stock the password at the first login of a user?
XWiki does not stock the user password on its servers, neither through the LDAP authenticator, or through the Active Directory application, whether it would be the first login or other login sessions.
Do you need to update the XWiki Active Directory app configuration when new users are added in the Active Directory group membership?
When you add new users in your Active Directory group and then you import the users in XWiki, you need to go to the Active Directory Application configuration page and click on the button "Reset group cache". This will inform XWiki to take into consideration the new group membership in your Active Directory.
Installation Steps
This paid extensions requires XWiki 13.10 or above. In order to install the extension, follow the next steps inside your XWiki instance (on cloud or on premise).
Navigate to the Extension Manager
In the Applications Panel click on "More Applications..." and then "Install new applications...". Alternatively navigate directly to the Administration and select the "Extensions" section.
Install the Extension
Search for the extension you wish to install and use the Install button to install it.
Get a License
Navigate to the "Licenses" section of the Administration, fill your details, look for the extension you just installed in the live table and click the buttons to get a trial license or to buy a license.
Install the License
If you have selected a trial license then you're good and there's nothing else to do. Your trial license is automatically installed.
However if you've selected to buy a license you'll be redirected to a page to perform the payment. At the end you need to come back to the "Licenses" administration section and click on the "Check for Updates" button. This will download and apply the license you bought.
Use the Extension
Start using the Extension! Refer to the extension's documentation to know how to use it.
Installing Paid Apps on Subwikis
If you want to install an application on the whole farm (main wiki + subwikis), you can do so directly from the main wiki’s Extension Manager, as seen below:
Extensions can also be installed only on a particular subwiki by global admins. Subwiki admins will not be able to install these extensions due to their limited rights.
Installing in subwikis
Each (sub)wiki can have its own UI for configuring LDAP and thus it's possible to have different settings per wiki. The only restriction is that the Active Directory application must be installed first in the main wiki before it can be installed in other subwikis.
Upgrade the extension
Search for the extension you wish to upgrade on the Extension Manager. Click on the "Upgrade" button and follow the steps proposed by the wizard.
Uninstall the extension
Navigate to the wiki administration, Extensions section, search for the Active Directory extension and uninstall it. Note that you also need to uninstall a remaining dependency called Active Directory Authenticator. Search for it in the Installed Extensions, then uninstall it so that you can completely remove the Active Directory application.
Options
The price is per year and varies depending on the support level and the number of users.
Support / Users | 10 | 25 | 50 | 100 | 250 | 500 | 1000 | 2500 | 5000 | 10000 | 20000 |
---|---|---|---|---|---|---|---|---|---|---|---|
Silver |
Benefits
What do you get when you purchase an XWiki extension?
1 year license
By purchasing an XWiki extension license, you'll benefit from it during one year.
Free updates
You benefit from all the extension updates during one year. You are always up to date.
Support included
If you are facing an issue, you can reach the XWiki support. Our team is always available to help.
How to Buy
To buy, install this extension from inside your XWiki instance and follow the instructions.
Release notes
v1.16.14
Updated the dependency to xwiki-contrib/ldap to 9.15.2.
v1.16.13
Bugs fixed:
- #91: User cleanup re-saves disabled users without change every night
Updated the dependency to xwiki-contrib/ldap to 9.15.1.
v1.16.12
Bugs fixed:
- #89: Activating Enable SSL connection to Active Directory from the UI has no effect on the SSL activation on LDAP user cleanup
- #94: Fallback to UID lookup fails in LDAP user cleanup as it doesn't use the Active Directory configuration
- #95: LDAP user cleanup doesn't disable/delete users with empty DN
Improvements:
- #93: Add the possibility to disable users that are no longer allowed to login
Updated xwiki-contrib/ldap dependency to version 9.15.0.
v1.16.11
Fixed bugs:
- #88 Not all mapped LDAP groups being updated - LDAP User Import Application.
Upgrades:
- Upgrade LDAP User Import Application dependency to 1.5.6
v1.16.10
Upgrades:
- #87 Upgrade Licensor dependency to version 1.25
v1.16.9
Bug fixed:
- #84 The number of imported groups by the "LDAP Group Import" scheduler job is limited to 1000
Upgrades:
- Upgrade LDAP User Import Application dependency to 1.5.6
v1.16.8
Upgrades:
- Upgrade LDAP User Import Application dependency to 1.5.5
v1.16.7
Upgrades:
- #82 Upgrade LDAP Authenticator dependency to the 9.12.0 version
v1.16.6
Upgrades:
- #81 Upgrade Licensor dependency to version 1.24.3
v1.16.5
Upgrades:
- #79 Upgrade LDAP Authenticator dependency to the 9.12.0 version
- #80 Upgrade dependency on LDAP User Import to version 1.5.1
v1.16.4
Upgrades:
- #78 Upgrade dependency on LDAP User Import to version 1.5
v1.16.3
Upgrades:
- #87 Upgrade Licensor dependency to version 1.25
v1.16.2
Bug fixed:
- #84 The number of imported groups by the "LDAP Group Import" scheduler job is limited to 1000
Upgrades:
- Upgrade LDAP User Import Application dependency to 1.5.6
v1.16.1
Upgrades:
- Upgrade LDAP User Import Application dependency to 1.5.5
v1.16
Upgrades:
- #82 Upgrade LDAP Authenticator dependency to the 9.12.0 version
v1.15
Upgrades:
- #81 Upgrade Licensor dependency to version 1.24.3
v1.14.1
Upgrades:
- #79 Upgrade LDAP Authenticator dependency to the 9.12.0 version
- #80 Upgrade dependency on LDAP User Import to version 1.5.1
v1.14
Upgrades:
- #78 Upgrade dependency on LDAP User Import to version 1.5
v1.13.2
Upgrades:
- #74 Upgrade dependency on LDAP User Import to version 1.4.1
v1.13.1
Bugs fixed:
- #68 Allow or forbid users from certain AD group does not work on subwikis
Improvements:
- #62 When using LDAPS, identify the SSL Path and SSL provider automatically
Update the LDAP dependencies version to 9.11
v1.13
New features:
- #50 Propose to synchronize the "active" status of a user in LDAP / AD with the active status in XWiki
Update the LDAP dependencies version to 9.9.1
v1.12
Tasks done:
- #69 Upgrade parent to 13.10.
Update the LDAP dependencies version to 9.8.0
Update the licensing application dependency version to 1.24.1
v1.11.1
Bugs fixed:
- #57 User import and group association throws ldap referral exception error
Update the LDAP dependencies version to 9.7.8
v1.11
Bugs fixed:
- #58 Expose photo atribute configuration
v1.10.1
Bugs fixed:
- #55 Users from AD groups starting with \ are not added in the XWiki mapped group
Update the Licensing dependency version to 1.22.1
Update the LDAP User Import dependency version to 1.2.2
Update the LDAP dependencies version to 9.5.8
v1.10
Update the Licensing dependency version to 1.22
v1.9.1
Upgrade licensor version to 1.20.
v1.9
Update parent version to 11.10.
v1.8.1
Bugs fixed:
- #57 User import and group association throws ldap referral exception error
Update the LDAP dependencies version to 9.7.8
v1.8
Bugs fixed:
- #58 Expose photo atribute configuration
v1.7
Bugs fixed:
- #55 Users from AD groups starting with \ are not added in the XWiki mapped group
Update the Licensing dependency version to 1.22.1
Update the LDAP User Import dependency version to 1.2.2
Update the LDAP dependencies version to 9.5.8
v1.6.5
Update the Licensing dependency version to 1.22
v1.6.4
Upgrade licensor version to 1.20.
v1.6.3
Update parent version to 11.10.
v1.6.2
Update LDAP User Import dependency version.
v1.6
Bugs fixed:
#44 The entries in group mapping can get merged.
#45 Can't remove the first entry in Active Directory groups mapping.
Improvements:
#46 Add fields to provide keystore path and provider.
Update the Licensing dependency to version 1.18.
v1.5.9
Bugs fixed:
#43 The "Check connection" action of the Active Directory configuration is broken for LDAPs.
Update the LDAP dependencies to version 9.5.5.
Update the LDAP User Import dependency to version 1.0.5.
Update the Licensing dependency to version 1.17.1.
v1.5.8
Bugs fixed:
#37 Can't log in anymore with any user once the Trial of AD is selected.
#40 Authentication doesn't work with both AD and XWiki users.
New feature:
#41 Integrate the LDAP User import application.
Update the LDAP dependencies to version 9.4.5.
v1.5.7
Update the Licensing dependency to version 1.16.1.
Update the LDAP dependencies to version 9.4.5.
v1.5.6
Improvements:
#25 Add an option to enable LDAPS.
v1.5.5
Bugs fixed:
#30 With each click on the "Check connection" button the "Test connection" message multiplies.
#32 Many errors appear in the XWiki console when login with a user from AD.
#33 Active Directory user and groups mapping fields aren't shown with IE 11, can't add new entries.
Improvements:
#31 The action behind the Check connection button is not clear.
Update the Licensing dependency to version 1.16.
Update the LDAP dependencies to version 9.4.4.
v1.5.4
Bugs fixed:
#29 XWiki group mapping not showed correctly after save.
v1.5.3
Bugs fixed:
#18 A second click "Test connection" displays an error.
#24 Empty mapping objects are added when a previous mapping is cleared.
#26 Users and Groups mappings are not displayed after save.
Improvements:
#21 Add a picker to suggest the XWiki mapped groups.
#22 Save the "Connection Settings" on the same section.
#23 Add a picker to suggest the available XWiki user properties.
v1.5.2
Bugs fixed:
#20 Javascript error on application's homepage.
Improvements:
#15 Mark visually the mandatory configuration settings.
#19 Update minimal XWiki supported version to 9.11.
Update the Licensing dependency to version 1.15.
v1.5.1
Update the Licensing dependency to version 1.14.4
v1.5
Update the Licensing dependency to version 1.14.3.
v1.4
Update the Licensing dependency to version 1.14.1.
v1.3
Update the Licensing dependency to version 1.13.9.
Update the LDAP dependencies to version 9.4.
v1.2.6
Update the LDAP dependencies to version 9.3.7.
v1.2.5
Bugs fixed:
#6 Success message misspelled.
#7 Connection error is not expandable.
#12 The resetGroupCache() method is never called.
Improvements:
#8 Use the full content to display the configuration.
#9 Store the default configuration values when the configuration document is created.
#10 Improve documentation in the administration section.
#11 Remove the '- - -' value from the Boolean properties.
v1.2.4
Update the Licensing dependency to version 1.13.8.
Update the LDAP dependencies to version 9.3.6.
v1.2.3
Update the Licensing dependency to version 1.13.4.
v1.2.2
Update the Licensing dependency to version 1.13.3.
Update the LDAP dependencies to version 9.3.5.
v1.2.1
Update the Licensing dependency to version 1.13.2.
Update the LDAP dependencies to version 9.3.2.
v1.2
Bugs fixed:
#4 Password field can't be filled in.
Update the Licensing dependency to version 1.13.1.
Update the LDAP dependencies to version 9.2.6.
v1.1
Update the Licensing dependency to version 1.13.
Extension details
License
- GNU Lesser General Public License 2.1
Sources
Issues
Type
- xar
Developed by
Compatibility
- Requires XWiki 13.10 or above.
Dependencies
- org.xwiki.rendering:xwiki-rendering-macro-message 13.10
- org.xwiki.platform:xwiki-platform-rendering-macro-include 13.10
- org.xwiki.platform:xwiki-platform-rendering-macro-velocity 13.10
- org.xwiki.contrib.ldap:ldap-api 9.15.2
- org.xwiki.contrib.ldap:ldap-user-cleanup 9.15.2
- com.xwiki.ldapuserimport:application-ldapuserimport-ui 1.5.7
- com.xwiki.activedirectory:application-activedirectory-api 1.16.14
- com.xwiki.licensing:application-licensing-licensor-api 1.25
- org.xwiki.rendering:xwiki-rendering-macro-html 13.10