Apps SSO
-
Hello,
I am signed in to the my Cloudron dashboard and when I click on my Cubby app or Wordpress (enabled oath/sso) it asks me to sign in. Is it not supposed to sign me in automatically without typing in my credentials? Fyi - I also have 2FA setup for my account.
Thanks for the help! -
@esanchez When we initially started, we integrated apps using LDAP. With LDAP, the username/password is the same across all apps but it doesn't sign in automatically. Off late, we have started moving apps to use OpenID connect (OIDC). With this, apps can sign in automatically as well. Support for LDAP/OIDC is largely based on the app.
Back to the question: WordPress is still using LDAP and you have to enter the username/password of Cloudron to sign in. WordPress will be migrated to OIDC in the near future. Cubby uses OIDC so it should login automatically.
-
@jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron. Then I was able to sign in via a click of a button like Cubby. Since I was already signed in and authenticated to my dashboard I just found it odd how both Cubby and Wordpress took to me to the login(my.domain.com) page
-
-
@jdaviescoates Lol, let me clarify if I wasn't clear. Both my Wordpress and Cubby are setup for OIDC (Sign in via click of button). Yesterday I ran into an issue where I was signed in to my Cloudron dashboard, went over to Cubby, clicked the button and took me to the login form.
Same thing happened with my Wordpress app. I think it's because I have 2FA enable on my account because I tested with a non 2FA account and was able to login to the apps just fine. -
@esanchez thanks. But I also have 2FA on my account and the only times I found that I need to login again is when apps are using the Cloudron proxy auth plugin/ addon (ofthen this is when apps don't have proper auth themselves). When they have OIDC enabled I don't think I've ever had to re-enter my password and 2FA - the OIDC just checks if I'm logged into the Cloudron Dashboard and then logs me in with a single click.
-
@jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron.
Which plugin did you use? Usually the challenge is in migration of previous OIDC accounts into OIDC.
-
@esanchez ok, I can confirm your behvior but this is not 2fa related. When a user activates an account in Cloudron, there is no OIDC session created. Because of this one has to login again when using the first app. This is a unfortunate quirk, maybe we will fix it at some point...
But if you logout of dashboard after user account is activated and then login again, OIDC session is created (and apps can also use it).
-
@nebulon has fixed this now for the next release. The first login (from admin setup or via invite) of admin account and normal users now has an OIDC session automatically. This means that when you click the first OIDC app, you are logged in automatically.
-
-