Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • New login notification email - Turn off?

    Solved Support
    3
    1 Votes
    3 Posts
    37 Views
    girishG

    Fixed in https://git.cloudron.io/cloudron/box/-/commit/649c06b6419386e6ca808a097d6b461020fc1ead

  • Cloudron OIDC & Alias-Domains

    Solved Support
    3
    2 Votes
    3 Posts
    143 Views
    nebulonN

    Will be fixed with next release: https://git.cloudron.io/cloudron/box/-/commit/ec7dabc1c72c2f34c3f3474bc4b3c903bb2d693d

  • 1 Votes
    6 Posts
    172 Views
    M

    I want my users to OIDC via Cloudron to Cloudflares App Launcher where I can put all avialiable softwares some are from cloudron others are just SAAS (cloudflare can do SAML for SAAS) Screenshot 2024-04-11 at 19.57.11.png Cloudron => Cloudflare Launcher => AWS

  • Apps SSO

    Solved Support
    13
    1 Votes
    13 Posts
    415 Views
    girishG

    @nebulon has fixed this now for the next release. The first login (from admin setup or via invite) of admin account and normal users now has an OIDC session automatically. This means that when you click the first OIDC app, you are logged in automatically.

  • 0 Votes
    2 Posts
    131 Views
    nebulonN

    Currently our OpenID provider does not issue any refresh_tokens yet. All clients created without the refresh_token grant type.

    For the moment it is only useful as an identity provider as such. But we will extend it further based on requirements. Will look into this for the coming releases.

  • WebFinger support for OIDC

    Moved Solved Feature Requests
    7
    2 Votes
    7 Posts
    317 Views
    M

    Never mind, my misunderstanding. I was able to use the wordpress-plugin "webfinger" on my main domain and just put in the my.<domain>-issuer-URL into the response, works fine!

  • [Bug?] Broken double-barrelled name and surname

    EspoCRM
    5
    0 Votes
    5 Posts
    217 Views
    girishG

    @p44 this was a bug in how cloudron parses names. I have added a workaround in https://git.cloudron.io/cloudron/box/-/commit/8a63f0368e5573014739d4c31ea9c2d53ac00701 for the next Cloudron release.

  • Serious OIDC EspoCRM issues!

    EspoCRM
    34
    2 Votes
    34 Posts
    1k Views
    P

    @marcusquinn Yes.. I tried to copy and paste that url, but it seems part of a redirection process, so pasted urls seems to be not good (or expired)...

  • 1 Votes
    5 Posts
    183 Views
    girishG

    Oops, I stand corrected about the login screen translation.

  • OIDC / routing question

    Support
    10
    1 Votes
    10 Posts
    513 Views
    jadudmJ

    OK.

    This was very exciting.

    I read some documentation. Specifically, https://docs.opnsense.org/manual/how-tos/nat_reflection.html.

    Once I slowed down, undid all the weird thrashing I did with various DNS shortcuts for route domains internally/directly (e.g. changing my unbound config, or creating aliases for my domain), and instead read the documentation for both reflection and hairpin NAT in OpnSense, I was good to go.

    Thank you for joining me on this journey where I create noise on the forum and discover that, by reading the manual, I can solve my own problems. 🙂

  • Missing icon in the OpenID Connect Provider window

    Solved Support
    3
    1 Votes
    3 Posts
    143 Views
    fbartelsF

    Already fixed bugs are the best bugs 😆

  • Add OIDC support to Discourse?

    Solved Discourse
    6
    1 Votes
    6 Posts
    320 Views
    nebulonN

    The package with OpenID integration for Cloudron SSO is released. However this currently only works with new app instances.

  • Help with OpenID OIDC

    Solved Discuss
    3
    0 Votes
    3 Posts
    237 Views
    archosA

    @luckow Thank you very much for the detailed explanation. It doesn't seem so complicated anymore. You have helped me a lot. Thank you very much indeed. 👍

  • OpenID Connect Server not working in Outline Notes

    Solved Support
    9
    1 Votes
    9 Posts
    603 Views
    girishG

    Link to docs for future reference - https://docs.cloudron.io/user-management/#endpoints

  • 6 Votes
    2 Posts
    770 Views
    fbartelsF

    The following configuration needs to be added to the identifier registration of Kopano Konnect to enable SSO with Rocketchat:

    - id: rocketchat.9wd.eu name: Rocketchat trusted: true application_type: web redirect_uris: - https://rocketchat.9wd.eu/_oauth/konnect

    Remember to restart Konnect after modifying the registry. If you want to verify that the configuration was properly loaded you have to modify log_level in /app/data/konnectd.cfg to read /app/data/konnectd.cfg. With another restart Konnect will then print a message like the following at startup:

    Apr 20 20:21:30 time="2020-04-20T18:21:30Z" level=debug msg="registered client" application_type=web client_id=rocketchat.9wd.eu insecure=false origins="[https://rocketchat.9wd.eu]" redirect_uris="[https://rocketchat.9wd.eu/_oauth/konnect]" trusted=true with_client_secret=false

    In Rocket.chat the following configuration needs to be added. For this go into the admin backend, select "OAuth" and there "Add custom oauth". I am using the following settings:

    URL: https://meet.9wd.eu Token Path: /konnect/v1/token Token Sent Via: Header Identity Token Sent Via: Same as "Token Sent Via" Identity Path: /konnect/v1/userinfo Authorize Path: /signin/v1/identifier/_/authorize Scope: openid profile email Id: rocketchat.9wd.eu Secret: rocketchat Login Style: Default Button Text: Kopano Konnect (needs to be something the user can relate to) Button Text Color: #FFFFFF Button Color: #13679A Username field: preferred_username Merge users: false

    After storing these log out of Rocket.chat and you will see a new button on your login page titled "Kopano Konnect", which will then use the new login method.

  • External OAuth applications

    Solved Support
    10
    0 Votes
    10 Posts
    699 Views
    nebulonN

    Since we have added an OpenID connect and thus some OAuth2 compatibility, I will mark this as solved finally.