Provide Groups to XWiki via OpenId Connect Provider

I’m currently trying to integrate XWiki into my Univention installation, using the OpenId Connect Provider.

The actual login works just fine, but now I’m trying to use the groups from Univention to assign groups in XWiki,

This is the configuration I use:

...
oidc.userinfoclaims=groups
oidc.groups.claim=groups
oidc.groups.mapping=Admins=XWiki-Admins
oidc.groups.mapping=Mitarbeitende=Mitarbeitende
...

This does not work and I fiddled with the value for groups quite some time, for no avail. The problem seems to be that I never see an actual claim being made by XWiki in the URL. It always looks like this:

https://ucs-sso.{DOMAIN}/signin/v1/identifier/_/authorize?scope=openid+profile+email&claims={}&response_type=code&...

Also, .well-known/openid-configuration seems to indicate that there is no such claim I’m looking to make.

Could anyone help me with these questions:

  • Is it possible at all to provide information about groups via the OpenId Connect Provider?
  • Could anyone manage to integrate XWiki the the App so that groups from Univention are used in XWiki? How so?

Thanks for your help!