Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Apps SSO

Apps SSO

Scheduled Pinned Locked Moved Solved Support
oidcsso
13 Posts 3 Posters 3.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #2

    @esanchez When we initially started, we integrated apps using LDAP. With LDAP, the username/password is the same across all apps but it doesn't sign in automatically. Off late, we have started moving apps to use OpenID connect (OIDC). With this, apps can sign in automatically as well. Support for LDAP/OIDC is largely based on the app.

    Back to the question: WordPress is still using LDAP and you have to enter the username/password of Cloudron to sign in. WordPress will be migrated to OIDC in the near future. Cubby uses OIDC so it should login automatically.

    E 1 Reply Last reply
    1
    • girishG girish

      @esanchez When we initially started, we integrated apps using LDAP. With LDAP, the username/password is the same across all apps but it doesn't sign in automatically. Off late, we have started moving apps to use OpenID connect (OIDC). With this, apps can sign in automatically as well. Support for LDAP/OIDC is largely based on the app.

      Back to the question: WordPress is still using LDAP and you have to enter the username/password of Cloudron to sign in. WordPress will be migrated to OIDC in the near future. Cubby uses OIDC so it should login automatically.

      E Offline
      E Offline
      esanchez
      wrote on last edited by
      #3

      @girish I had to re-enter my credentials for Cubby. I think it might be due to my account having 2FA enabled.

      1 Reply Last reply
      0
      • jdaviescoatesJ Online
        jdaviescoatesJ Online
        jdaviescoates
        wrote on last edited by
        #4

        Perhaps Cubby is still using proxy auth @nebulon ? and perhaps @girish meant Surfer? 🤷

        I use Cloudron with Gandi & Hetzner

        E 1 Reply Last reply
        0
        • jdaviescoatesJ jdaviescoates

          Perhaps Cubby is still using proxy auth @nebulon ? and perhaps @girish meant Surfer? 🤷

          E Offline
          E Offline
          esanchez
          wrote on last edited by
          #5

          @jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron. Then I was able to sign in via a click of a button like Cubby. Since I was already signed in and authenticated to my dashboard I just found it odd how both Cubby and Wordpress took to me to the login(my.domain.com) page

          jdaviescoatesJ girishG 2 Replies Last reply
          1
          • E esanchez

            @jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron. Then I was able to sign in via a click of a button like Cubby. Since I was already signed in and authenticated to my dashboard I just found it odd how both Cubby and Wordpress took to me to the login(my.domain.com) page

            jdaviescoatesJ Online
            jdaviescoatesJ Online
            jdaviescoates
            wrote on last edited by
            #6

            @esanchez said in Apps SSO:

            Then I was able to sign in via a click of a button like Cubby.

            But above you said you weren't able to do that with Cubby?

            @esanchez said in Apps SSO:

            I had to re-enter my credentials for Cubby.

            Now I'm confused 🙂

            I use Cloudron with Gandi & Hetzner

            E 1 Reply Last reply
            0
            • jdaviescoatesJ jdaviescoates

              @esanchez said in Apps SSO:

              Then I was able to sign in via a click of a button like Cubby.

              But above you said you weren't able to do that with Cubby?

              @esanchez said in Apps SSO:

              I had to re-enter my credentials for Cubby.

              Now I'm confused 🙂

              E Offline
              E Offline
              esanchez
              wrote on last edited by
              #7

              @jdaviescoates Lol, let me clarify if I wasn't clear. Both my Wordpress and Cubby are setup for OIDC (Sign in via click of button). Yesterday I ran into an issue where I was signed in to my Cloudron dashboard, went over to Cubby, clicked the button and took me to the login form.
              Same thing happened with my Wordpress app. I think it's because I have 2FA enable on my account because I tested with a non 2FA account and was able to login to the apps just fine.

              jdaviescoatesJ girishG 2 Replies Last reply
              1
              • E esanchez

                @jdaviescoates Lol, let me clarify if I wasn't clear. Both my Wordpress and Cubby are setup for OIDC (Sign in via click of button). Yesterday I ran into an issue where I was signed in to my Cloudron dashboard, went over to Cubby, clicked the button and took me to the login form.
                Same thing happened with my Wordpress app. I think it's because I have 2FA enable on my account because I tested with a non 2FA account and was able to login to the apps just fine.

                jdaviescoatesJ Online
                jdaviescoatesJ Online
                jdaviescoates
                wrote on last edited by
                #8

                @esanchez thanks. But I also have 2FA on my account and the only times I found that I need to login again is when apps are using the Cloudron proxy auth plugin/ addon (ofthen this is when apps don't have proper auth themselves). When they have OIDC enabled I don't think I've ever had to re-enter my password and 2FA - the OIDC just checks if I'm logged into the Cloudron Dashboard and then logs me in with a single click.

                I use Cloudron with Gandi & Hetzner

                1 Reply Last reply
                0
                • E esanchez

                  @jdaviescoates Lol, let me clarify if I wasn't clear. Both my Wordpress and Cubby are setup for OIDC (Sign in via click of button). Yesterday I ran into an issue where I was signed in to my Cloudron dashboard, went over to Cubby, clicked the button and took me to the login form.
                  Same thing happened with my Wordpress app. I think it's because I have 2FA enable on my account because I tested with a non 2FA account and was able to login to the apps just fine.

                  girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #9

                  @esanchez this shouldn't be related to 2FA. We have 2FA enabled on all our Cloudrons as well and we don't see this behavior. Could it be that you have a browser plugin/extension that clears sessions/cookies?

                  1 Reply Last reply
                  1
                  • E esanchez

                    @jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron. Then I was able to sign in via a click of a button like Cubby. Since I was already signed in and authenticated to my dashboard I just found it odd how both Cubby and Wordpress took to me to the login(my.domain.com) page

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #10

                    @esanchez said in Apps SSO:

                    @jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron.

                    Which plugin did you use? Usually the challenge is in migration of previous OIDC accounts into OIDC.

                    E 1 Reply Last reply
                    1
                    • girishG girish

                      @esanchez said in Apps SSO:

                      @jdaviescoates @girish I enabled OIDC in Wordpress by installing a plugin then configuring OIDC with Cloudron.

                      Which plugin did you use? Usually the challenge is in migration of previous OIDC accounts into OIDC.

                      E Offline
                      E Offline
                      esanchez
                      wrote on last edited by
                      #11

                      @girish the plugin is called 'miniOrange OAuth'. So far it's been working fine.

                      1 Reply Last reply
                      1
                      • girishG Offline
                        girishG Offline
                        girish
                        Staff
                        wrote on last edited by
                        #12

                        @esanchez ok, I can confirm your behvior but this is not 2fa related. When a user activates an account in Cloudron, there is no OIDC session created. Because of this one has to login again when using the first app. This is a unfortunate quirk, maybe we will fix it at some point...

                        But if you logout of dashboard after user account is activated and then login again, OIDC session is created (and apps can also use it).

                        1 Reply Last reply
                        1
                        • girishG Offline
                          girishG Offline
                          girish
                          Staff
                          wrote on last edited by girish
                          #13

                          @nebulon has fixed this now for the next release. The first login (from admin setup or via invite) of admin account and normal users now has an OIDC session automatically. This means that when you click the first OIDC app, you are logged in automatically.

                          1 Reply Last reply
                          2
                          • girishG girish marked this topic as a question on
                          • girishG girish has marked this topic as solved on
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Bookmarks
                          • Search