Getting cloudron auth back
I have not played much with the newer package version from my current understanding:
- The authentication from the old package is app proxy based, allowing a user to use his/her/their cloudron's credential.
- The authentication of the new package is a completely separated Stirling pdf authentication model (no LDAP/OIDC)
This means users have yet to deal with a new username/password combo.
It also means that admins have to deal with the whole setup/password reset work overhead.
Also, no 2FA.
Yet I understand that this is the direction Stirling-PDF is going to. Maybe OIDC is planned down the line.
I also know of the enablelogin option which appeared in the latest release. However this simply opens the app instance to the public and does not bring back the Cloudron app proxy authentication (unless I overlooked something and their is a way to do this??).
All in all, this isn't a complain - I understand the predicament of Cloudron package following the app development. This is intended as an explanation about while one would need it.
@uwcrbc great explainer that's exactly the situation we find ourselves in. We added cloudron auth initially because upstream had no auth. But now it has auth, so it's always better to use upstream auth. I hope they implement LDAP or OIDC. Stirling is also a relatively new app still very much in development, so one has to give it time.
Another aspect was that Stirling has an API. If we use cloudron auth, this prevents API use. Many people already mentioned that the API is one of the main use cases for Stirling.
@girish Thanks for this.
I did not know about the API limitation but this seems logical.
Let's hope indeed that LDAP/OIDC is on there roadmap.
According to their Github, features request seems to be on their Discord. Possibly their roadmap too.
Yet Discord is a bridge too far for me. Maybe a fellow "Cloudronite" with a discord account has already checked this though?