Authorization via temporary password (numbers) on e-mail
-
@andreasdueren , feel free not to use it / disable it, if/when it will be done!
@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?
-
You can probably use the impersonate feature to set temporary passwords for users. There is no way to send this out automatically via email, but using the Cloudron REST Api, you can write some script which creates one and then sends out an email accordingly. The API also has an optional property to configure the duration until which the temporary password is valid https://docs.cloudron.io/api.html#tag/Users/operation/impersonateUser
-
@andreasdueren , feel free not to use it / disable it, if/when it will be done!
@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?
@potemkin_ai SSO via Keycloak won't work currently with cloudron (even though that would be a great feature). But you can set up cloudron to use an external LDAP. No 2FA this way but you could maybe get these one times codes working?
-
I have to say that every now and then magic links are neat and useful. Going the oidc route I think Cloudron has already done quite some steps to get rid of passwords for the login.
But please don't make me rely on a java monster to achieve this. For the usual installation it just takes away too many resources.
-
You can probably use the impersonate feature to set temporary passwords for users. There is no way to send this out automatically via email, but using the Cloudron REST Api, you can write some script which creates one and then sends out an email accordingly. The API also has an optional property to configure the duration until which the temporary password is valid https://docs.cloudron.io/api.html#tag/Users/operation/impersonateUser
-
I have to say that every now and then magic links are neat and useful. Going the oidc route I think Cloudron has already done quite some steps to get rid of passwords for the login.
But please don't make me rely on a java monster to achieve this. For the usual installation it just takes away too many resources.
@fbartels can't agree more.
Another problem with KeyCloak is that the learning curve is quite steep, to say the least.
-
@nebulon thank you! Is there any way that this could become a build-in feature of Cloudron?
Depending on the project cost, I consider sponsoring that.
-
@potemkin_ai this seems way too specific to build as a generic Cloudron feature, however since all the building blocks are there already, you may find someone to build this for you if you anways consider sponsoring.
@nebulon Ok, what is required to make sure you accept it?
Would not like to have that as a fork. -
@andreasdueren , feel free not to use it / disable it, if/when it will be done!
@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?
@potemkin_ai said in Authorization via temporary password (numbers) on e-mail:
@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?
I wasn't sure whether that was for Cloudron or some external app, since it was initially posted in "Discuss". Unsure if you could make it your primary thing for auth with Cloudron, my experience with it is rather minimal, just mentioned it because it crossed my desk the other day
-
@potemkin_ai said in Authorization via temporary password (numbers) on e-mail:
@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?
I wasn't sure whether that was for Cloudron or some external app, since it was initially posted in "Discuss". Unsure if you could make it your primary thing for auth with Cloudron, my experience with it is rather minimal, just mentioned it because it crossed my desk the other day
@msbt got you, thanks!
I don't believe Cloudron's auth is easily replaceable for the build-in apps and it's unlikely that it will be replaced one day - that means a lot of testing on top of the existing infrastructure.
