The moment you have more than one Cloudron instance and use one as the central IAM. What is your concept for a namespace?

luckow

Cloudron branding is nice. But what is the ideal namespace for your instance, the moment you connect all your instance to one IAM (Identity and access management).

my.example.org makes maybe sense. But the webserver instance which is named like my.web.example.org causes problems in the OIDC workflow. Login with "my.web" makes no sense. Should we rename every other instance to OIDC?

This is what it looks like:

"Login in with" makes more sense. But it is not configurable.
What are your concepts for normal users?

nebulon

If you have one organization using many Cloudrons, you could name all Cloudrons like the organization. This is not ideal, but for a proper fix in the future, we have to rework the auth between Cloudrons itself. Currently each Cloudron is still acting as the OIDC provider while the actual auth in the backend is done via LDAP. Ideally with OpenID we could designate one Coudron to be the auth provider of other Cloudrons. But that is not implemented yet.

Neiluj

I think that this might relate to what I mentioned here:
https://forum.cloudron.io/topic/13318/confusing-scenario-with-oidc-button/5

If so, then this is something that I have definitely ran into and I find some solace in @nebulon's answer, even if this is not immediately available.

The way I currently go around this is to "brand" all "child" servers with the same identity as the IAM "parent" and then:

• amend the footer of each child server with the name of the local instance to mark the differentiation
• eventually set a specific login background and/or a different user profile background (but this is per user and cannot be set for the whole server (as far as I am aware).

Hopefully this makes sense and relates to the topic?

luckow

@Neiluj I like the idea of the footer. In the past, we have always used different logos for different instances.