Outline - a Notion-like open source app
-
-
@girish the app itself is great. I moved our team from Bookstack to Outline because it was extremely easy to create groups and assign permissions, default permission, etc. It also supports real-time collaboration on the document so we also started using it for meeting notes. So far, no issues. Working wonderfully inside cloudron with minio and keycloak both hosted alongside.
It is also pretty simple to keep updating regularly because of the simple migration command, and storage based on minio. No need to fuss with manual migration and storage, etc.
Also, I’d like to request S3 as an addon, because it’s trivial to create a bucket for an app, and an user for it, then grant “all” permissions on that bucket to that user.
-
@nj First. Top. Thank you so much to step into app packaging. But now here is the real world
Sorry to ask noob questions. And yes: I have to read the docs for keycloak. But to test your app package, there is a missing part in the "First time setup" from your app package.
On your OIDC Provider, follow these steps:
1,2,3 done.
But then in 4:And, the client is added to the reaml called "cloudron"
Where do I add the client to the realm in keycloak?
From the Realm settings perspective, I didn't find any settings for the client.
AndClient Registration
isn't the right tabSame for the client perspective.
Yep. I know. SSO/IDM/SAML/LDAP/AD (<- and so on and on) is a complex topic. But hey. We are here for the Cloudron experience
-
@luckow Ey luckow! You already added the client to the realm Cloudron. Look at the navigation on the right side. Because if you click on the triangle, you can see you are right there. The Cloudron realm.
But that is no explanation for your user experience.
@luckow you need to find out why your client was not found.
luckow @ luckow not today. tomorrow is another day. -
@luckow Without the tomatoes on my eyes, the solution is obvious.
Keycloak - Clients - Credentials:
Client Id and Secret does not mean that you take
ZIDdK...
for both. Secret is secret. Where do you find theClient Id
? This is also simple.Keycload - Clients
Yes. It's the name.Sorry for hijacking this thread for my noob questions.
-
Thank you very much @luckow. I got the email and thought "what is this email?!". But then thought it might be you. I appreciate you giving me this account.
This is an interesting app. It's another riff on Notion/Anytype friendly mark-up note taking/knowledge management/database app.
My main personal complaint with all these apps is they require always online access. There is no realistic way to use it offline.
I'm going to stay with it and see how it all works. As a wiki-type collaboration app it's certainly a very nice alternative to having to learn yet another markdown flavour.
-
@jdaviescoates Give me an email address to send the invitation link to
-
@luckow said in Outline - a Notion-like open source app:
@jdaviescoates Give me an email address to send the invitation link to
Sent via chat dm on here
-
@nj I found this post yesterday. Well written. Most of my problems (including the minio) were tomatoes on my eyes. And to be fair, misleading error messages in log files & browser console didn't make it any easier.
Let's see what the app packaging staff can tweak themselves. IMHO minio only for image storage is a big cannon as a solution. -
@nj Wow that's great!
The blog post installs keycloak as an app, but it might work better as a built-in addon that provides ODIC to any app that requests it. I suspect that there are more apps that authenticate via ODIC exclusively, and I can see there are some apps that could use it as an alternative to LDAP.
After some more research, it seems that OAuth used to be the default authentication method for Cloudron apps but it was removed in 2020 due to lack of support in apps. Has the authentication landscape changed in the last 2 years? Is now a good time to add it back? How does SAML look now?
-
@infogulch FWIW, I don't mind adding OpenID into cloudron. It was OAuth that wasn't a great idea. My understanding is that OpenID is more uniform and standardized. @nebulon and @fbartels probably know more about this though.
I guess I mean OpenID connect (OIDC) and not OpenID. I don't know the difference between these terms
-
@girish how about adding oidc as another addon and just ferderate to LDAP? Something like https://github.com/dexidp/dex could be used for this.
Only thinking out loud, never used this myself. Stumpled over it while working on other projects. -
@klawitterb yes, I don't see why not. But as mentioned, I am speaking beyond my expertise here I think @nebulon will know how much work it is on Cloudron side.
-
@klawitterb said in Outline - a Notion-like open source app:
as another addon
Yes, oidc should definitely be an addon (even better if one could just add addons during runtime of an app, so that one does not need to remove and reinstall apps to enable it). But instead of going third party it should be something native to the stack, like the https://docs.cloudron.io/packaging/addons/#proxyauth addon to benefit from existing sessions and the 2fa Cloudron already provides.
-
So I was curious about my proposal and just tried this. Seems to work quote well. Much easier than setting up a fully fledged identity provider like keycloak imho.
Basically dex is a go app which is controlled by a yaml config. Currently just running it inside the outline app itself with a little nginx proxy in front of it. When logging in it redirects to the login mask from dex which then authenticates the user from cloudrons LDAP.