Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Nextcloud
  3. Nextcloud OIDC integration

Nextcloud OIDC integration

Scheduled Pinned Locked Moved Nextcloud
111 Posts 10 Posters 10.4k Views 10 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • andreasduerenA Offline
    andreasduerenA Offline
    andreasdueren
    wrote on last edited by
    #66

    Migration of a smaller instance seems to work smoothly so far.

    1 Reply Last reply
    1
    • firmansiF Offline
      firmansiF Offline
      firmansi
      wrote on last edited by firmansi
      #67

      @girish Since my installation is user not managed by Cloudron so I can't enable OIDC (but not just this, I can't curl the OIDC Server eventhough it's the same Cloudron server),i just want to let know the issue that I experience lately, after I updated Nextcloud including latest update with DNS Pinning, after update I can't login since the LDAP and Group Backend disabled automaticall after update, so i have to enable manually in Nextcloud Apps, the config in Nextcloud Setting for LDAP/AD Integration is a bit different than previously before update but anywhow I can still login back normally. Please be aware of this issue. Thanks

      J 1 Reply Last reply
      0
      • girishG girish

        @andreasdueren yes, pretty much. https://git.cloudron.io/packages/nextcloud-app/-/merge_requests/12

        andreasduerenA Offline
        andreasduerenA Offline
        andreasdueren
        wrote on last edited by
        #68

        @girish Proposition to change the OpenID Identifier from "Cloudron" to "OpenID" or "SSO" since we can't have the branding from the Cloudron instance

        1 Reply Last reply
        1
        • firmansiF firmansi

          @girish Since my installation is user not managed by Cloudron so I can't enable OIDC (but not just this, I can't curl the OIDC Server eventhough it's the same Cloudron server),i just want to let know the issue that I experience lately, after I updated Nextcloud including latest update with DNS Pinning, after update I can't login since the LDAP and Group Backend disabled automaticall after update, so i have to enable manually in Nextcloud Apps, the config in Nextcloud Setting for LDAP/AD Integration is a bit different than previously before update but anywhow I can still login back normally. Please be aware of this issue. Thanks

          J Online
          J Online
          joseph
          Staff
          wrote on last edited by
          #69

          @firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:

          • take backup of your nextcloud. download the backup configuration of this new backup
          • install new nextcloud with cloudron user management
          • import the backup from setup 1 . app -> backups -> import

          It will work after this.

          firmansiF 2 Replies Last reply
          3
          • firmansiF Offline
            firmansiF Offline
            firmansi
            wrote on last edited by firmansi
            #70

            Do you mean I simply back up in Cloudron? From my understanding, if I do the back up from Cloudron, then when I do the import, it will adjust to the old one without user management managed by Cloudron, please let me know if my assumption is wrong

            1 Reply Last reply
            0
            • J joseph

              @firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:

              • take backup of your nextcloud. download the backup configuration of this new backup
              • install new nextcloud with cloudron user management
              • import the backup from setup 1 . app -> backups -> import

              It will work after this.

              firmansiF Offline
              firmansiF Offline
              firmansi
              wrote on last edited by
              #71

              @joseph I can't curl https://my.domain.com/.well-known/openid-configuration , any suggestion what should I check?

              1 Reply Last reply
              0
              • J joseph

                @firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:

                • take backup of your nextcloud. download the backup configuration of this new backup
                • install new nextcloud with cloudron user management
                • import the backup from setup 1 . app -> backups -> import

                It will work after this.

                firmansiF Offline
                firmansiF Offline
                firmansi
                wrote on last edited by firmansi
                #72

                @joseph It seems the OIDC is working now, something wrong with Cloudflare that affect my Cloudron Installation,and follow your instruction I don exactly the same, backup and import, but now the Nextcloud is not responding with this error message

                Feb 09 21:49:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.16.17:80
                Feb 09 21:49:20 No such app enabled: user_ldap
                Feb 09 21:49:20 ==> Ensure OIDC settings
                Feb 09 21:49:21 Error: Could not download app user_oidc
                Feb 09 21:49:22 2025-02-09T21:49:22+07:00
                Feb 09 21:49:22
                Feb 09 21:49:22 There are no commands defined in the "user_oidc" namespace.
                
                J 1 Reply Last reply
                0
                • firmansiF firmansi

                  @joseph It seems the OIDC is working now, something wrong with Cloudflare that affect my Cloudron Installation,and follow your instruction I don exactly the same, backup and import, but now the Nextcloud is not responding with this error message

                  Feb 09 21:49:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.16.17:80
                  Feb 09 21:49:20 No such app enabled: user_ldap
                  Feb 09 21:49:20 ==> Ensure OIDC settings
                  Feb 09 21:49:21 Error: Could not download app user_oidc
                  Feb 09 21:49:22 2025-02-09T21:49:22+07:00
                  Feb 09 21:49:22
                  Feb 09 21:49:22 There are no commands defined in the "user_oidc" namespace.
                  
                  J Online
                  J Online
                  joseph
                  Staff
                  wrote on last edited by
                  #73

                  @firmansi said in Nextcloud OIDC integration:

                  Feb 09 21:49:21 Error: Could not download app user_oidc

                  This seems to be the issue. Can you put the app in repair mode and try sudo -u www-data php /app/code/occ app:install user_oidc ? Maybe some dns or network related issue preventing it from download the app from nextcloud's store

                  firmansiF 1 Reply Last reply
                  0
                  • J joseph

                    @firmansi said in Nextcloud OIDC integration:

                    Feb 09 21:49:21 Error: Could not download app user_oidc

                    This seems to be the issue. Can you put the app in repair mode and try sudo -u www-data php /app/code/occ app:install user_oidc ? Maybe some dns or network related issue preventing it from download the app from nextcloud's store

                    firmansiF Offline
                    firmansiF Offline
                    firmansi
                    wrote on last edited by
                    #74

                    @joseph Well, I think before I backup,i have to install the user_oidc first, because the container even can't start, I am doing the 2nd try

                    J 1 Reply Last reply
                    0
                    • firmansiF firmansi

                      @joseph Well, I think before I backup,i have to install the user_oidc first, because the container even can't start, I am doing the 2nd try

                      J Online
                      J Online
                      joseph
                      Staff
                      wrote on last edited by
                      #75

                      @firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)

                      firmansiF 2 Replies Last reply
                      0
                      • J joseph

                        @firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)

                        firmansiF Offline
                        firmansiF Offline
                        firmansi
                        wrote on last edited by firmansi
                        #76

                        @joseph Yes it works. it's a network issue, even I still don't know why it happens, I don't use any proxy in Cloudflare but anyway, how to change Identifier for the OIDC ? I have change the brand name as well when I see in env | grep CLOUDRON_OIDC, but still the identifier name still Cloudron in Registered Providers in Nextcloud OpenID backend integration

                        1 Reply Last reply
                        0
                        • J joseph

                          @firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)

                          firmansiF Offline
                          firmansiF Offline
                          firmansi
                          wrote on last edited by
                          #77

                          @joseph All good. I can change the identifier too or the brand name shown in button.

                          I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC

                          jdaviescoatesJ 1 Reply Last reply
                          0
                          • firmansiF firmansi

                            @joseph All good. I can change the identifier too or the brand name shown in button.

                            I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC

                            jdaviescoatesJ Offline
                            jdaviescoatesJ Offline
                            jdaviescoates
                            wrote on last edited by
                            #78

                            @firmansi said in Nextcloud OIDC integration:

                            I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC

                            I doubt that'll survive an app restart.

                            But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?

                            I use Cloudron with Gandi & Hetzner

                            firmansiF J 2 Replies Last reply
                            0
                            • jdaviescoatesJ jdaviescoates

                              @firmansi said in Nextcloud OIDC integration:

                              I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC

                              I doubt that'll survive an app restart.

                              But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?

                              firmansiF Offline
                              firmansiF Offline
                              firmansi
                              wrote on last edited by firmansi
                              #79

                              @jdaviescoates Correct, the deletion back again after restart, but I am okay with this because this default setting actually acts like a guidance for me in case I forget default Cloudron setting that I can apply to other OIDC, I can simply just delete the default Brand Name button without affecting anything, including new Registered Provider I have set up

                              1 Reply Last reply
                              0
                              • jdaviescoatesJ jdaviescoates

                                @firmansi said in Nextcloud OIDC integration:

                                I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC

                                I doubt that'll survive an app restart.

                                But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?

                                J Online
                                J Online
                                joseph
                                Staff
                                wrote on last edited by
                                #80

                                @jdaviescoates said in Nextcloud OIDC integration:

                                I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?

                                Those terms are just generic technology terms. One should always have "Login with <provider>" . Like Login with gmail, Login with Github etc. Login with OIDC doesn't actually mean anything (unless it's providing some dropdown of providers after clicking the button). I think we should open a bug report upstream, seems easy to fix

                                1 Reply Last reply
                                4
                                • A Offline
                                  A Offline
                                  AartJansen
                                  wrote on last edited by AartJansen
                                  #81

                                  I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about

                                  Access forbidden State token does not match
                                  

                                  After retrying "it just works" TM

                                  Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.

                                  jdaviescoatesJ 1 Reply Last reply
                                  0
                                  • A AartJansen

                                    I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about

                                    Access forbidden State token does not match
                                    

                                    After retrying "it just works" TM

                                    Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.

                                    jdaviescoatesJ Offline
                                    jdaviescoatesJ Offline
                                    jdaviescoates
                                    wrote on last edited by
                                    #82

                                    @AartJansen I think you'll need to logout of your my.domain to logout then login again using the account you want to use. I now make more use of Firefox containers

                                    I use Cloudron with Gandi & Hetzner

                                    1 Reply Last reply
                                    1
                                    • O odie referenced this topic on
                                    • whitespaceW Offline
                                      whitespaceW Offline
                                      whitespace
                                      wrote on last edited by whitespace
                                      #83

                                      This may be an exotic case:

                                      I am running a Nextcloud instance where LDAP is enabled. Uses of the institution thereby have cloudron LDAP accounts that reflect into the Nextcloud instance.

                                      Now the same institution is creating Nextcloud user accounts within Nextcloud. These users are signing up directly to the Nextcloud instance and not to the parent Cloudron instance. Their profiles do not appear in Cloudron's LDAP directory.

                                      This results in two types of users. The institution must be able to create user accounts for external collaborators within the Nextcloud instance. They do not need to be Cloudron users.

                                      Will the upgrade to OIDC affect the user accounts only created within the Nextcloud instance?

                                      User Management is enabled for the Nextcloud app. Non-Cloudron Nextcloud-only accounts exist and are behaving normally right now.

                                      The institution is in the process of creating 100+ Nextcloud accounts. Any recommendations before sh*t hits the fan?

                                      1 Reply Last reply
                                      0
                                      • J Online
                                        J Online
                                        joseph
                                        Staff
                                        wrote on last edited by
                                        #84

                                        @whitespace good question. IIUC, what you are asking is if there is an account in nextcloud and cloudron, then what happens after the migration ? Does the nextcloud local account get converted into an OIDC account . Did I get that right ? (I have to test, don't have an answer)

                                        1 Reply Last reply
                                        0
                                        • whitespaceW Offline
                                          whitespaceW Offline
                                          whitespace
                                          wrote on last edited by whitespace
                                          #85

                                          Basically yes. Here is the scenario in chronological order.

                                          1. Fresh Nextcloud is installed on Cloudron instance pre-OIDC, user management being set to Cloudron, not Nextcloud
                                          2. Accounts are created via Cloudron user management
                                          3. Users start using Nextcloud
                                          4. Users create more accounts within Nextcloud
                                          5. Accounts created within Nextcloud do not sync back to Cloudron user directory. This was not seen as a problem since these local users were able to login into Nextcloud which is all they needed.
                                          6. Nextcloud gets updated to OIDC version.
                                          7. Accounts that were LDAP Cloudron accounts can not login via Nextcloud login form anymore. They have to "Login with Cloudron".
                                          8. Accounts that were created within Nextcloud and did not reflect into Cloudron user directory can not log in anymore.

                                          This is where we are now. The two problems summarized being:

                                          1. Nextcloud accounts that do not exist in the Cloudron directory can not login into Nextcloud anymore.
                                          2. Cloudron accounts that used to login with their Cloudron credentials into Nextcloud's login form, can not login directly. They have to "Login with Cloudron", get redirected to Cloudron's app specific login screen and only after that they are logged in into Nextcloud.

                                          Expected behaviour:

                                          1. Nextcloud accounts that do not exist in Cloudron user directory should be able to log in via Nextcloud login form.
                                          2. Cloudron accounts should be able to login with their Cloudron credentials without the need of "Login with Cloudron" just by typing their Cloudron credentials into Nextcloud's login form.
                                          J avatar1024A 2 Replies Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search