Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. question about SAML authentication

question about SAML authentication

Scheduled Pinned Locked Moved Feature Requests
12 Posts 4 Posters 1.6k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      A Offline
      adisonverlice2
      wrote on last edited by
      #1

      hello.
      I was wondering if cloudron could act as a SAML2.0 IDP for users.
      thanks in advance

      remember, don't overlook security. be safe online

      1 Reply Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Cloudron does not implement a SAML IdentityProvider and there are no immediate plans to do so. I think you are the first one asking for this and the authentication system on Cloudron is more tailored to serve the installed apps, where so far LDAP and OpenID are the main supported systems.

        I will move this to the feature request forum section though.

        A 1 Reply Last reply
        0
        • nebulonN nebulon moved this topic from Support on
        • nebulonN nebulon

          Cloudron does not implement a SAML IdentityProvider and there are no immediate plans to do so. I think you are the first one asking for this and the authentication system on Cloudron is more tailored to serve the installed apps, where so far LDAP and OpenID are the main supported systems.

          I will move this to the feature request forum section though.

          A Offline
          A Offline
          adisonverlice2
          wrote on last edited by
          #3

          @nebulon 1. wait how did this post get moved and to what category? and2. I see. our SSO provider, duo, wants our SAML credentials, and wants an IDP. because of financial strains, we cannot get an IDP like Google workspace, or entra ID, etc.
          I've been looking for a free 1, but cannot find any good 1's, that's why I was wondering. duo also has active directory, but it needs the duo proxy service installed, and I don't know if it'll support LDAP or whatever it uses...

          remember, don't overlook security. be safe online

          brerlapnB 1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #4

            I moved this to our feature request forum category, since this would be a new feature to implement.

            For the other aspect, I am not that familiar with duo. Cloudron currently only support external auth or identity provider, which also support LDAP or ActiveDirectory.

            A 1 Reply Last reply
            0
            • nebulonN nebulon

              I moved this to our feature request forum category, since this would be a new feature to implement.

              For the other aspect, I am not that familiar with duo. Cloudron currently only support external auth or identity provider, which also support LDAP or ActiveDirectory.

              A Offline
              A Offline
              adisonverlice2
              wrote on last edited by
              #5

              @nebulon I see...

              remember, don't overlook security. be safe online

              1 Reply Last reply
              0
              • A Offline
                A Offline
                adisonverlice2
                wrote on last edited by
                #6

                wait someone upvoted my post?

                remember, don't overlook security. be safe online

                1 Reply Last reply
                0
                • A adisonverlice2

                  @nebulon 1. wait how did this post get moved and to what category? and2. I see. our SSO provider, duo, wants our SAML credentials, and wants an IDP. because of financial strains, we cannot get an IDP like Google workspace, or entra ID, etc.
                  I've been looking for a free 1, but cannot find any good 1's, that's why I was wondering. duo also has active directory, but it needs the duo proxy service installed, and I don't know if it'll support LDAP or whatever it uses...

                  brerlapnB Offline
                  brerlapnB Offline
                  brerlapn
                  wrote on last edited by brerlapn
                  #7

                  @adisonverlice2 Have you checked out Keycloak? I've seen someone here say that they've successfully packaged it for Cloudron. It's open source and can serve as an IDP. It also supports SAML (as well as OAuth 2.0 and OIDC). It may have a bit of a learning curve to set up, but it's well-regarded, has an active community, and is actively supported. Also looks like it supports Duo.

                  A 1 Reply Last reply
                  1
                  • brerlapnB brerlapn

                    @adisonverlice2 Have you checked out Keycloak? I've seen someone here say that they've successfully packaged it for Cloudron. It's open source and can serve as an IDP. It also supports SAML (as well as OAuth 2.0 and OIDC). It may have a bit of a learning curve to set up, but it's well-regarded, has an active community, and is actively supported. Also looks like it supports Duo.

                    A Offline
                    A Offline
                    adisonverlice2
                    wrote on last edited by
                    #8

                    @brerlapn heard of it, but is it a cloudron app? if so, I think it needs to be

                    remember, don't overlook security. be safe online

                    1 Reply Last reply
                    0
                    • A Offline
                      A Offline
                      adisonverlice2
                      wrote on last edited by
                      #9

                      @brerlapn I don't know if my message came through, but in case I didn't, I basically asked if keycloak was a cloudron application? if not, how can I get it using cloudron?

                      remember, don't overlook security. be safe online

                      brerlapnB 1 Reply Last reply
                      0
                      • A adisonverlice2

                        @brerlapn I don't know if my message came through, but in case I didn't, I basically asked if keycloak was a cloudron application? if not, how can I get it using cloudron?

                        brerlapnB Offline
                        brerlapnB Offline
                        brerlapn
                        wrote on last edited by
                        #10

                        @adisonverlice2 It's not in the official app store, but it was packaged for Cloudron by a user here: https://github.com/njsubedi/cloudron-keycloak

                        It sounds like you could also use a private repository for that image if you want to have a more managed pipeline for updates.

                        This was the thread where it was discussed in depth: https://forum.cloudron.io/topic/6310/keycloak-cloudron/92

                        1 Reply Last reply
                        0
                        • M Offline
                          M Offline
                          mrhyk93
                          wrote on last edited by
                          #11

                          I would like to see SAML support, many major services only works with SAML, like AWS new IAM Manager, or cloudflare Access in Zero Trust offering

                          A 1 Reply Last reply
                          1
                          • M mrhyk93

                            I would like to see SAML support, many major services only works with SAML, like AWS new IAM Manager, or cloudflare Access in Zero Trust offering

                            A Offline
                            A Offline
                            adisonverlice2
                            wrote on last edited by
                            #12

                            @mrhyk93 well actually, I did get openID connect to work with cloudflare access to cloudron.
                            the only caviot is that it can only except 35 characters for the secret.
                            they also except Google authentication, Facebook, and GitHub.
                            however, when using duo, that is, for cloudflareaccess, only supported for SAML.
                            while duo has generic OIDC, AD or SAML needs to be configured, and if i'm correct, cloudron, by itself, does not hold AD, just things like lDAP, with no actual AD.

                            remember, don't overlook security. be safe online

                            1 Reply Last reply
                            0
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search