Keycloak & Cloudron
-
Been following Keycloak for a while but still have meta question - why is this valuable for Cloudron? Isn't CR moving over to a similar auth mechanism? The nerd in me wants to deploy this, but not sure what it gives me beyond what's already provided by CR?
-
From a technical perspective: Since Cloudron - the platform - is capable of being an OIDC provider, there is no need for Keycloak on Cloudron. From a documentation and integration perspective, Keycloak is widely used in the documentation of various FOSS and proprietary software.
If Cloudron - the company - is able to provide more documentation and integration guidance (perhaps with the help of the community), the gap between Keycloak and Cloudron may be smaller in the future.
From an IAM perspective, I have no idea if Cloudron - the platform and the company - is ready to support more enterprise features.
IMHO: if you are happy with Cloudron's OIDC features, you are well served by Cloudron and don't need any more features from Keycloak.
IMHO: Having Keycloak in a private repo to have it as an app on Cloudron is a quick way to have a development environment for your software development. In this case: Keycloak is just another app on Cloudron among the other 100+ apps to fulfill your needs in projects or your personal digital life. -
Do we have some Keycloak experts here?
Got some question that need answers that my searches could not. -
just as a note.
I am using the Keycloak app now in production soooooooo if something breaks on updates I will know it first. -
I didn't have those settings @BrutalBirdie but have now added them and restarted and I'm still not seeing them in the keycloak webui
-
-
wait, so how do I use this with cloudron?
-
-
@jdaviescoates Every time it updates it loses it's email config, so users can't get password resets etc.
I've kind of given up hoping it will be fixed. It just works on Elest.io, it's worth $10/m to me to have reliability.
I accept this is an unofficial package, and that's just how it goes. If I didn't mind being locked into Cloudron it looks like the on-board OIDC works nicely now, but that didn't exist when I set it up & I'd prefer data portability.
-
@Sam_uk said in Keycloak & Cloudron:
@jdaviescoates Every time it updates it loses it's email config, so users can't get password resets etc.
I've kind of given up hoping it will be fixed. It just works on Elest.io, it's worth $10/m to me to have reliability.
I accept this is an unofficial package, and that's just how it goes. If I didn't mind being locked into Cloudron it looks like the on-board OIDC works nicely now, but that didn't exist when I set it up & I'd prefer data portability.
Fair enough. Although I guess it it were an official app you likely wouldn't have those issues.
I also read a post on there somewhere (which I've just spent ages trying but failing to find again) where someone was asking about details of Cloudron's OIDC implementation and features, and when I read it I thought of discussion I'd had with you and how it might be appropriate to not have Cloudron as the ultimate source of truth about users.
I'd love to understand more about to what extent having users primarily on Cloudron locks you into using Cloudron