Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • 2 Votes
    2 Posts
    94 Views
    J

    @harryz A way to migrate the data is:

    Create a backup of the app Install a new app instance with Cloudron user management Import the backup into new instance . https://docs.cloudron.io/backups/#import-app-backup

    Please double, no triple check the user management setup after import. The reason we don't have an easy way to change the SSO is because each app acts very differently when moving auth providers. Especially creation of default accounts, admin accounts, registration etc is all very app specific.

  • Extra Auth

    Moved Feature Requests
    5
    1 Votes
    5 Posts
    302 Views
    J

    @fbartels said in Extra Auth:

    Android app then also this app needs to know how to pass the "extra auth".

    Good point! In all likelihood it will break APIs

  • Apps SSO

    Solved Support
    13
    1 Votes
    13 Posts
    1k Views
    girishG

    @nebulon has fixed this now for the next release. The first login (from admin setup or via invite) of admin account and normal users now has an OIDC session automatically. This means that when you click the first OIDC app, you are logged in automatically.

  • OIDC / routing question

    Support
    10
    1 Votes
    10 Posts
    995 Views
    jadudmJ

    OK.

    This was very exciting.

    I read some documentation. Specifically, https://docs.opnsense.org/manual/how-tos/nat_reflection.html.

    Once I slowed down, undid all the weird thrashing I did with various DNS shortcuts for route domains internally/directly (e.g. changing my unbound config, or creating aliases for my domain), and instead read the documentation for both reflection and hairpin NAT in OpnSense, I was good to go.

    Thank you for joining me on this journey where I create noise on the forum and discover that, by reading the manual, I can solve my own problems. 🙂

  • Add OIDC support to Discourse?

    Solved Discourse
    6
    1 Votes
    6 Posts
    629 Views
    nebulonN

    The package with OpenID integration for Cloudron SSO is released. However this currently only works with new app instances.

  • Restricting app access to logged-in Cloudron users

    Support
    5
    0 Votes
    5 Posts
    877 Views
    girishG

    @cbeams Whoops, you are right. It's indeed bookstack and not wikijs!

    Also, I think using cloudflare as a front to wikijs should work. Let us know if it doesn't.

  • Status/Plans for *REAL* SSO in Cloudron

    Support
    3
    3 Votes
    3 Posts
    501 Views
    nebulonN

    Agree, thanks for putting the links @fbartels . I will close that thread here in favor of the others.

  • The "real" SSO with

    Moved Feature Requests
    21
    3 Votes
    21 Posts
    2k Views
    adisonA

    i didn't know cloudron was like active directory. or had active directory builtin.

  • 6 Votes
    2 Posts
    1k Views
    fbartelsF

    The following configuration needs to be added to the identifier registration of Kopano Konnect to enable SSO with Rocketchat:

    - id: rocketchat.9wd.eu name: Rocketchat trusted: true application_type: web redirect_uris: - https://rocketchat.9wd.eu/_oauth/konnect

    Remember to restart Konnect after modifying the registry. If you want to verify that the configuration was properly loaded you have to modify log_level in /app/data/konnectd.cfg to read /app/data/konnectd.cfg. With another restart Konnect will then print a message like the following at startup:

    Apr 20 20:21:30 time="2020-04-20T18:21:30Z" level=debug msg="registered client" application_type=web client_id=rocketchat.9wd.eu insecure=false origins="[https://rocketchat.9wd.eu]" redirect_uris="[https://rocketchat.9wd.eu/_oauth/konnect]" trusted=true with_client_secret=false

    In Rocket.chat the following configuration needs to be added. For this go into the admin backend, select "OAuth" and there "Add custom oauth". I am using the following settings:

    URL: https://meet.9wd.eu Token Path: /konnect/v1/token Token Sent Via: Header Identity Token Sent Via: Same as "Token Sent Via" Identity Path: /konnect/v1/userinfo Authorize Path: /signin/v1/identifier/_/authorize Scope: openid profile email Id: rocketchat.9wd.eu Secret: rocketchat Login Style: Default Button Text: Kopano Konnect (needs to be something the user can relate to) Button Text Color: #FFFFFF Button Color: #13679A Username field: preferred_username Merge users: false

    After storing these log out of Rocket.chat and you will see a new button on your login page titled "Kopano Konnect", which will then use the new login method.

  • I am missing (real) SSO

    Discuss
    13
    2 Votes
    13 Posts
    2k Views
    jdaviescoatesJ

    @thetomester13 said in I am missing (real) SSO:

    @jdaviescoates I took a quick look at some video tutorials, but I didn't see how Keycloak would be able to log the user into other applications without having said application specifically implementing the Keycloak integration.

    You've already looked into it more than me. I guess Indiehosters have implemented Keycloak integration into the apps they've integrated in their Liiibre service (perhaps they maintain forks or something, or have contributed upstream).