Mattermost TE Gitlab auth with Cloudron
-
Hi Folks!
I wonder if anyone of you got Mattermost Team Edition to work with the Cloudron OIDC-Provider. I currently run a setup where I use Keycloak with Mattermost, but I want to replace it with cloudron – Mattermost-Support is currently the only dealstopper.
If I recall right, the issue with using the GitLab auth feature with any other OIDC IdP was that Mattermost Team Edition expects a claim "id", which needs to be an integer and unique to the user – and also be added to the userinfo.
As far as I can see currently, Cloudron does not support such a token and therefore can't be used with Mattermost Team Edition.
I know that Mattermost EE has a more broad support of sign-in methods. However, in these special circumstances, it is not an option because I have a high number of occasional users, which would render using Mattermost EE a financial disaster.
Mabe one of you have some wise thoughts on this. Thank you in advance!
-
@im-fabian afaik, the OpenID connect is not available in the free version . See https://mattermost.com/pricing/ .
Can you tell me how you are using Keycloak with Mattermost ? Are you in the Professional or Enterprise plan ?
-
@girish I am on the Team Edition. Indeed OpenID in a restricted manner is available, but it is designed to work with the default gitlab configuration only: https://docs.mattermost.com/onboard/sso-gitlab.html
There is nothing in the license which forbids to use this auth-endpoint for other purposes. Additionally you can change the text and color of the login button via the config.json.A tutorial for keycloak can be found here: https://medium.com/@mrtcve/mattermost-teams-edition-replacing-gitlab-sso-with-keycloak-dabf13ebb99e
-
@im-fabian said in Mattermost TE Gitlab auth with Cloudron:
If I recall right, the issue with using the GitLab auth feature with any other OIDC IdP was that Mattermost Team Edition expects a claim "id", which needs to be an integer and unique to the user – and also be added to the userinfo.
I guess this is something we should investigate.... (though Cloudron doesn't really have unique id integer per user)