Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • External Provider (OIDC / OAuth) - Google Workspace

    Unsolved Support oidc
    7
    1 Votes
    7 Posts
    72 Views
    jamesJ
    Hello @Lomeu Unfortunately I can't provide much support with the Google Workspace LDAP. Just to make sure, you did follow the google guide for LDAP clients? https://support.google.com/a/answer/9048434?sjid=18438745481174821656-EU
  • Clearing OIDC... cookie? user? -- How to log in and out?

    Solved Support oidc
    4
    1 Votes
    4 Posts
    156 Views
    jadudmJ
    @jdaviescoates and @girish: Excellent. Thank you. I can work with this. Very much appreciated.
  • OpenID Connect Error on iOS

    Traccar oidc
    20
    0 Votes
    20 Posts
    914 Views
    H
    @james the developer has released v5.1.1 which is supposed to have fixed the issue, however I am still experiencing the same behavior when I try to sign into the iOS app using OpenID. Can you please test on your iPhone and advise if it is the same for you as well?
  • 1 Votes
    3 Posts
    161 Views
    Z
    Indeed they're back when they login with OIDC, thanks for the tips. This ticket can be closed I think.
  • Can't use OpenID login due to unknown certificate

    Solved Support oidc certificates
    6
    1
    1 Votes
    6 Posts
    233 Views
    J
    @Mamouti if you need (smallish) changes to the packages, feel free to submit MRs . All the packages are at https://git.cloudron.io/packages/
  • OpenID login page blank on Firefox

    Solved Support firefox openid oidc
    5
    1 Votes
    5 Posts
    172 Views
    J
    MetaMask the crypto wallet? Not sure why that could be causing problems, but maybe a question for the MetaMask people.
  • OIDC login broken with 8.1.0 update

    Solved Directus directus oidc client
    9
    1 Votes
    9 Posts
    494 Views
    M
    thanks @nebulon & @girish, this does indeed fix everything, appreciate it
  • 0 Votes
    6 Posts
    861 Views
    nebulonN
    In OpenID there is no well supported way to log out users from services which used the OpenID for authentication (in Cloudron case the apps). Those app have their own session and session handling. So there is mostly likely no way around this unless an app would start using OAuth2 access and refresh tokens (but implementation of that was spotty in the past which sparked OpenID connect in the first place) For a start if you logout of the dashboard, subsequent app logins (from a state where the app has no login session) then Cloudron will prompt you to login with a username. If that is not happening the Oidc session was still alive. The best way I found was to use container tabs in like firefox and probably other browsers, which maintain isolated sessions. This is also how I use other services like Digitalocean where we have multiple accounts with different roles.
  • OpendID Connect: openid/session/end endpoint

    Solved Support oidc
    2
    0 Votes
    2 Posts
    254 Views
    nebulonN
    Good catch, we have to fixup the docs here. The OpenID provider session logout, triggered by the app used to be there, but we found that no app supports this properly so it got removed. For nextcloud, we have some changes to soon enable OIDC login by default in the package, so may not be worth it to investigate just now in your case.
  • External Wordpress with Cloudron OIDC

    Solved Support oidc wordpress
    2
    0 Votes
    2 Posts
    277 Views
    D
    Oops nm I figured out the right Wordpress login url and redirect pattern to use
  • New login notification email - Turn off?

    Solved Support oidc notification
    4
    1 Votes
    4 Posts
    235 Views
    U
    Thank you @girish - Sounds promising. Looking forward to v8.
  • Cloudron OIDC & Alias-Domains

    Solved Support oidc
    3
    1
    2 Votes
    3 Posts
    651 Views
    nebulonN
    Will be fixed with next release: https://git.cloudron.io/cloudron/box/-/commit/ec7dabc1c72c2f34c3f3474bc4b3c903bb2d693d
  • 1 Votes
    6 Posts
    595 Views
    M
    I want my users to OIDC via Cloudron to Cloudflares App Launcher where I can put all avialiable softwares some are from cloudron others are just SAAS (cloudflare can do SAML for SAAS) [image: 1712858310234-screenshot-2024-04-11-at-19.57.11-resized.png] Cloudron => Cloudflare Launcher => AWS
  • Apps SSO

    Solved Support oidc sso
    13
    1 Votes
    13 Posts
    2k Views
    girishG
    @nebulon has fixed this now for the next release. The first login (from admin setup or via invite) of admin account and normal users now has an OIDC session automatically. This means that when you click the first OIDC app, you are logged in automatically.
  • 0 Votes
    2 Posts
    447 Views
    nebulonN
    Currently our OpenID provider does not issue any refresh_tokens yet. All clients created without the refresh_token grant type. For the moment it is only useful as an identity provider as such. But we will extend it further based on requirements. Will look into this for the coming releases.
  • WebFinger support for OIDC

    Moved Solved Feature Requests webfinger oidc
    9
    2 Votes
    9 Posts
    2k Views
    R
    Seconded, also interested in this for the tailscale angle
  • [Bug?] Broken double-barrelled name and surname

    EspoCRM oidc
    5
    0 Votes
    5 Posts
    1k Views
    girishG
    @p44 this was a bug in how cloudron parses names. I have added a workaround in https://git.cloudron.io/cloudron/box/-/commit/8a63f0368e5573014739d4c31ea9c2d53ac00701 for the next Cloudron release.
  • Serious OIDC EspoCRM issues!

    EspoCRM espocrm oidc
    34
    2
    2 Votes
    34 Posts
    6k Views
    P
    @marcusquinn Yes.. I tried to copy and paste that url, but it seems part of a redirection process, so pasted urls seems to be not good (or expired)...
  • 1 Votes
    5 Posts
    864 Views
    girishG
    Oops, I stand corrected about the login screen translation.
  • OIDC / routing question

    Support oidc sso
    10
    1 Votes
    10 Posts
    2k Views
    jadudmJ
    OK. This was very exciting. I read some documentation. Specifically, https://docs.opnsense.org/manual/how-tos/nat_reflection.html. Once I slowed down, undid all the weird thrashing I did with various DNS shortcuts for route domains internally/directly (e.g. changing my unbound config, or creating aliases for my domain), and instead read the documentation for both reflection and hairpin NAT in OpnSense, I was good to go. Thank you for joining me on this journey where I create noise on the forum and discover that, by reading the manual, I can solve my own problems.