Keycloak & Cloudron
-
If you work with any organisation, you quickly find the majority still reuse passwords, don't use password managers correctly, and just want one login for all apps.
They don't know or care what is SaaS or internal.
They just want one login, password, maybe 2FA and that to get them into everything they will ever need.
The company also wants one off-switch for their access to everything.
Right now, you're options are using Google, Microsoft or one of the SSO providers, like Auth0, Okta. They are all lock-in by design services.
Keycloak is the only open-source solution, that I know of, to this, without tying you to never-ending per-user costs.
Unless you think you can make Cloudron LDAP and OpenID work as Single Sign-On (SSO) as a service for all the other non-Cloudron apps that support SSO?
@marcusquinn said in Keycloak & Cloudron:
Unless you think you can make Cloudron LDAP and OpenID work as Single Sign-On (SSO) as a service for all the other non-Cloudron apps that support SSO?
That's what has been added to 7.4. Internal apps will slowly get migrated from ldap. For external app, you can create oidc client tokens.
-
I apologize if this was already mentioned, but another use case is to use Keycloak outside of Cloudron. Basically hosting the app inside Cloudron but used for other apps. For example, say we have an externally hosted app and we want to integrate Keycloak.
I do this with some other apps, where we host the services inside Cloudron but they're used outside on other customer sites and such (EX: Stats, Directus, Cloudsurfer).
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
-
I apologize if this was already mentioned, but another use case is to use Keycloak outside of Cloudron. Basically hosting the app inside Cloudron but used for other apps. For example, say we have an externally hosted app and we want to integrate Keycloak.
I do this with some other apps, where we host the services inside Cloudron but they're used outside on other customer sites and such (EX: Stats, Directus, Cloudsurfer).
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
@JLX89 said in Keycloak & Cloudron:
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
Can you elaborate a bit more on this? Is this because it feels more trusted/better features or something else? Or maybe you have extensively used keycloak in the past and like that tool. That's fine too, just trying to get some information here.
-
Our problem is that we have developed a Keycloak module for Humhub (see https://marketplace.humhub.com/module/auth-keycloak/description) wich synchronizes groups, emails, etc...
And all our network is configured with Keycloak.
Moreover, if we change, we need to ask to all our users to change the password.
So we don't want to change for another SSO, especially since Keycloak works very well and meets our needs well.
Thanks! -
Our problem is that we have developed a Keycloak module for Humhub (see https://marketplace.humhub.com/module/auth-keycloak/description) wich synchronizes groups, emails, etc...
And all our network is configured with Keycloak.
Moreover, if we change, we need to ask to all our users to change the password.
So we don't want to change for another SSO, especially since Keycloak works very well and meets our needs well.
Thanks! -
@JLX89 said in Keycloak & Cloudron:
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
Can you elaborate a bit more on this? Is this because it feels more trusted/better features or something else? Or maybe you have extensively used keycloak in the past and like that tool. That's fine too, just trying to get some information here.
@girish Sure thing! We operate a few websites both on our Cloudron server and external hosts. Cloudron really is used for a mix of personal usage, projects, and a small amount of business use. We don't provide many people with accounts on our server and try to keep things separate. For our use case, we'd like to integrate Keycloak as an SSO Solution with a few different projects -- but we do not want user management to touch Cloudron in anyway. Essentially we host some apps for external usage on Cloudron, because it's just much easier to manage with all of the Cloudron features. Does this help?
@Sam_uk said in Keycloak & Cloudron:
@JLX89 @marcusquinn do you have access to any budgets that might help part-fund this work?
Not really at the moment, we had planned on using this for an open source project if it's rolled out on Cloudron.
-
@girish Sure thing! We operate a few websites both on our Cloudron server and external hosts. Cloudron really is used for a mix of personal usage, projects, and a small amount of business use. We don't provide many people with accounts on our server and try to keep things separate. For our use case, we'd like to integrate Keycloak as an SSO Solution with a few different projects -- but we do not want user management to touch Cloudron in anyway. Essentially we host some apps for external usage on Cloudron, because it's just much easier to manage with all of the Cloudron features. Does this help?
@Sam_uk said in Keycloak & Cloudron:
@JLX89 @marcusquinn do you have access to any budgets that might help part-fund this work?
Not really at the moment, we had planned on using this for an open source project if it's rolled out on Cloudron.
@JLX89 ANy examples of the apps that Keycloak would work with for you?
-
@JLX89 ANy examples of the apps that Keycloak would work with for you?
-
@marcusquinn So far the plan would be using Keycloak for Discourse, a few JavaScript Apps, and potentially a few yet to be determined external SaaS services.
@JLX89 OK. I think I get what you're thinking. With OpenID as a feature in Cloudron, Cloudron is still performing the function of an App, but with limited functionality.
Whereas with Keycloak you have a genuine, dedicated portable app.
I see the value. I guess now a question of official app store understanding, packaging and maintenance bandwidth, compared to the total demand for using.
-
I'm testing Keycloak on Elest.io now and it seems good so far https://elest.io/fully-managed-services?cat=Applications
-
@jdaviescoates @Sam_uk I think this was on /r/selfhosted some years ago...
Edit: here - https://old.reddit.com/r/selfhosted/comments/szhqq1/launching_a_fully_managed_opensource_platform_for/ . Note that it's not (in my definition) selfhosted.
-
@Sam_uk said in Keycloak & Cloudron:
It looks like those pages are sorted by popularity, so interesting to see where each thing is ranking with their users.
-
My costs would be about 10x Cloudron for the compute resources I'm hosting it on: https://elest.io/pricing
-
Update - @nj thanks for the repo
https://github.com/njsubedi/cloudron-keycloak/pull/9
Upgraded from 20.0.3.
Looks good and working so far.
-
Update - @nj thanks for the repo
https://github.com/njsubedi/cloudron-keycloak/pull/9
Upgraded from 20.0.3.
Looks good and working so far.
@BrutalBirdie said in Keycloak & Cloudron:
Looks good and working so far.
get it into the app store?
-
@BrutalBirdie said in Keycloak & Cloudron:
Looks good and working so far.
get it into the app store?
@jdaviescoates For that is needs the unit tests writing, that's the typical difference between custom self-install and app store.
