Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • OIDC / routing question

    Support
    10
    1 Votes
    10 Posts
    249 Views

    OK.

    This was very exciting.

    I read some documentation. Specifically, https://docs.opnsense.org/manual/how-tos/nat_reflection.html.

    Once I slowed down, undid all the weird thrashing I did with various DNS shortcuts for route domains internally/directly (e.g. changing my unbound config, or creating aliases for my domain), and instead read the documentation for both reflection and hairpin NAT in OpnSense, I was good to go.

    Thank you for joining me on this journey where I create noise on the forum and discover that, by reading the manual, I can solve my own problems. 🙂

  • Add OIDC support to Discourse?

    Solved Discourse
    6
    1 Votes
    6 Posts
    128 Views

    The package with OpenID integration for Cloudron SSO is released. However this currently only works with new app instances.

  • 0 Votes
    5 Posts
    476 Views

    @cbeams Whoops, you are right. It's indeed bookstack and not wikijs!

    Also, I think using cloudflare as a front to wikijs should work. Let us know if it doesn't.

  • 3 Votes
    3 Posts
    250 Views

    Agree, thanks for putting the links @fbartels . I will close that thread here in favor of the others.

  • 3 Votes
    21 Posts
    1k Views

    i didn't know cloudron was like active directory. or had active directory builtin.

  • 6 Votes
    2 Posts
    680 Views

    The following configuration needs to be added to the identifier registration of Kopano Konnect to enable SSO with Rocketchat:

    - id: rocketchat.9wd.eu name: Rocketchat trusted: true application_type: web redirect_uris: - https://rocketchat.9wd.eu/_oauth/konnect

    Remember to restart Konnect after modifying the registry. If you want to verify that the configuration was properly loaded you have to modify log_level in /app/data/konnectd.cfg to read /app/data/konnectd.cfg. With another restart Konnect will then print a message like the following at startup:

    Apr 20 20:21:30 time="2020-04-20T18:21:30Z" level=debug msg="registered client" application_type=web client_id=rocketchat.9wd.eu insecure=false origins="[https://rocketchat.9wd.eu]" redirect_uris="[https://rocketchat.9wd.eu/_oauth/konnect]" trusted=true with_client_secret=false

    In Rocket.chat the following configuration needs to be added. For this go into the admin backend, select "OAuth" and there "Add custom oauth". I am using the following settings:

    URL: https://meet.9wd.eu Token Path: /konnect/v1/token Token Sent Via: Header Identity Token Sent Via: Same as "Token Sent Via" Identity Path: /konnect/v1/userinfo Authorize Path: /signin/v1/identifier/_/authorize Scope: openid profile email Id: rocketchat.9wd.eu Secret: rocketchat Login Style: Default Button Text: Kopano Konnect (needs to be something the user can relate to) Button Text Color: #FFFFFF Button Color: #13679A Username field: preferred_username Merge users: false

    After storing these log out of Rocket.chat and you will see a new button on your login page titled "Kopano Konnect", which will then use the new login method.

  • I am missing (real) SSO

    Discuss
    13
    2 Votes
    13 Posts
    848 Views

    @thetomester13 said in I am missing (real) SSO:

    @jdaviescoates I took a quick look at some video tutorials, but I didn't see how Keycloak would be able to log the user into other applications without having said application specifically implementing the Keycloak integration.

    You've already looked into it more than me. I guess Indiehosters have implemented Keycloak integration into the apps they've integrated in their Liiibre service (perhaps they maintain forks or something, or have contributed upstream).