Add OIDC (and/ or LDAP) support?

jdaviescoates

As far as I can tell, Leantime now supports OIDC - it'd be great to get this added on Cloudron if possible!

Configuration details here:
https://github.com/Leantime/docs/blob/master/installation/configuration.md#openid-conenct-oidc-configuration

Although I note that says still experimental

But it also supports LDAP, so perhaps we could have that in the meantime? (although really I think we should just try out the OIDC stuff given that's the direction Cloudron is moving in):

https://github.com/Leantime/docs/blob/master/installation/configuration.md#ldap-configuration

girish

OIDC is coming. Leantime needs a variant of OIDC which uses private keys. We are implementing this in our OIDC server. Seems the node module we use does not support it for some reason. A number of apps are stuck in this issue including documize, weblate, dokuwiki, guacamole etc.

jdaviescoates

@girish said in Add OIDC (and/ or LDAP) support?:

Leantime needs a variant of OIDC which uses private keys.

Ah yes, now you mention it I remember reading something about that on here previously

@girish said in Add OIDC (and/ or LDAP) support?:

We are implementing this in our OIDC server.

Great!

uwcrbc

Apologies for the revival if irrelevant.
I am just wondering if this is still on the map and if so, if there is any hint of time until release?

Many thanks,

joseph

This is in our TODO list. I think currently the latest Leantime does not work on Cloudron which we are fixing first.

girish

@uwcrbc currently, the release is blocked by https://github.com/Leantime/leantime/issues/2710#issuecomment-2422544379 . The CLI doesn't work anymore.

uwcrbc

@girish Looks like v.3.3.0 is out and includes your fix. Would you consider looking into OIDC with releasing Cloudron's related updated package? Thanks,

nebulon

Yes it is in our pipeline, but they changed quite a bit how they use laravel and introduced other issues which we have to fix. Somehow all script sourcing is now setup as http:// instead of https:// and thus the browser would block mixed content fetching on Cloudron. Something around the use of BASE_URL which we haven't pinned down yet.

leantime

There was an issue with BASE_URL in 3.3.0 but fixed in 3.3.1. Just make sure that LEAN_APP_URL is set as environment variable and that it contains "https://"

nebulon

Yes, we released the new version just a bit ago. It works well now again. Thanks a lot!

uwcrbc

@nebulon Just to confirm: I presume you are saying that the updated package works well, and that you are not saying that the OIDC login works well. Is this correct?

This would seem to match my test: the package does work well in the demo instance, but is without OIDC for now.

Also I suppose the App Status table here is updated regularly, but not automatically which would explain the info/package version discrepancies?

Many thanks again,

nebulon

oh right I guess the topic got mixed up a bit. The app currently does not have any OIDC integration yet.

max

Hi @nebulon I think the app does support OIDC, at least according to this article https://marketplace.leantime.io/product/installation-auth-provider/
Choice of LDAP (OL or AD), OIDC or Google SSO. Works with the open source installation: https://marketplace.leantime.io/product/leantime-open-source-installation/

max

If you need a license to integrate this I'm sure Marcel will oblige.
As it is an additional cost option, would you approach this in the same way as Cloudron did for FreeScout, where by default it installs with the app managing its own users, unless the license is purchased?

girish

@max is Marcel the author of leantime?

jdaviescoates

@girish said in Add OIDC (and/ or LDAP) support?:

@max is Marcel the author of leantime?

Seems so https://github.com/marcelfolaron

max

Hi, sorry, I missed your question, yes @jdaviescoates is correct Marcel is.