question about SAML authentication
-
Cloudron does not implement a SAML IdentityProvider and there are no immediate plans to do so. I think you are the first one asking for this and the authentication system on Cloudron is more tailored to serve the installed apps, where so far LDAP and OpenID are the main supported systems.
I will move this to the feature request forum section though.
-
N nebulon moved this topic from Support on
-
@nebulon 1. wait how did this post get moved and to what category? and2. I see. our SSO provider, duo, wants our SAML credentials, and wants an IDP. because of financial strains, we cannot get an IDP like Google workspace, or entra ID, etc.
I've been looking for a free 1, but cannot find any good 1's, that's why I was wondering. duo also has active directory, but it needs the duo proxy service installed, and I don't know if it'll support LDAP or whatever it uses... -
I moved this to our feature request forum category, since this would be a new feature to implement.
For the other aspect, I am not that familiar with duo. Cloudron currently only support external auth or identity provider, which also support LDAP or ActiveDirectory.
-
wait someone upvoted my post?
-
@adisonverlice2 Have you checked out Keycloak? I've seen someone here say that they've successfully packaged it for Cloudron. It's open source and can serve as an IDP. It also supports SAML (as well as OAuth 2.0 and OIDC). It may have a bit of a learning curve to set up, but it's well-regarded, has an active community, and is actively supported. Also looks like it supports Duo.
-
@brerlapn I don't know if my message came through, but in case I didn't, I basically asked if keycloak was a cloudron application? if not, how can I get it using cloudron?
-
@adisonverlice2 It's not in the official app store, but it was packaged for Cloudron by a user here: https://github.com/njsubedi/cloudron-keycloak
It sounds like you could also use a private repository for that image if you want to have a more managed pipeline for updates.
This was the thread where it was discussed in depth: https://forum.cloudron.io/topic/6310/keycloak-cloudron/92
-
@mrhyk93 well actually, I did get openID connect to work with cloudflare access to cloudron.
the only caviot is that it can only except 35 characters for the secret.
they also except Google authentication, Facebook, and GitHub.
however, when using duo, that is, for cloudflareaccess, only supported for SAML.
while duo has generic OIDC, AD or SAML needs to be configured, and if i'm correct, cloudron, by itself, does not hold AD, just things like lDAP, with no actual AD.
