OIDC for Nextcloud?
-
@girish said in OIDC for Nextcloud?:
@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...
@andreasdueren the work has been done but it's not integrated yet.
Perhaps create a new unstable experimental Nexcloud-OIDC package that has OIDC baked in and let us all do the testing?
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
-
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
@girish I'm about to set up a new NC instance and would love to have this integrated sooner than later so I can onboard people with it directly instead of having to migrate them later on.
-
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
-
@girish is there maybe a way to enable OIDC in the package but leave it disabled for people to enable it manually?
@andreasdueren the work is there in this branch - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc but we haven't tested it. It will take some time to test and publish it. Will try to get it out next week.
-
@andreasdueren the work is there in this branch - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc but we haven't tested it. It will take some time to test and publish it. Will try to get it out next week.
@girish thank you that would be amazing. Let me know if you need help testing
-
@andreasdueren unfortunately, the oidc plugin broke - https://github.com/nextcloud/user_oidc/issues/1024
-
@andreasdueren this is pushed as unstable now.
It will be in unstable for a while since I am on/off because am traveling for FOSDEM.
@girish sweeeeet, will test this right now
Edit: Is there a way to pass Full name and E-Mail via OpenID? That's something I had been struggling with with my other setup as well.
-
@andreasdueren it's picked up for me by default.
@girish This may be a compatibility issue with my preexisting openID plugin. Testing.
-
Currently getting this. It's a pretty fresh installation so not sure what's going on yet.
-
Currently getting this. It's a pretty fresh installation so not sure what's going on yet.
@andreasdueren if we take that error at face value, it's unable to connect to my.domain.com . Can you check from web terminal of nextcloud, if you are able to
curl https://my.domain.com/.well-known/openid-configuration?Also, do other oidc apps work?
-
@andreasdueren if we take that error at face value, it's unable to connect to my.domain.com . Can you check from web terminal of nextcloud, if you are able to
curl https://my.domain.com/.well-known/openid-configuration?Also, do other oidc apps work?
@Joseph curl works. So does oidc on another app.
-
@andreasdueren can you also check if you can curl the openid-configuration from web terminal of nextcloud? do you see any errors in nextcloud logs? everything looks correct otherwise...
-
@andreasdueren can you also check if you can curl the openid-configuration from web terminal of nextcloud? do you see any errors in nextcloud logs? everything looks correct otherwise...
@Joseph You mean
curl https://my.domain.com/.well-known/openid-configuration? Yes that's what I tested. Returned values as expected. -
@andreasdueren can you also check if you can curl the openid-configuration from web terminal of nextcloud? do you see any errors in nextcloud logs? everything looks correct otherwise...
@andreasdueren you may have already done this but I think the key bit of info was this:
@joseph said in OIDC for Nextcloud?:
from web terminal of nextcloud
(emphasis added)
-
@andreasdueren you may have already done this but I think the key bit of info was this:
@joseph said in OIDC for Nextcloud?:
from web terminal of nextcloud
(emphasis added)
@jdaviescoates Yes, I did that (emphasis added)
-
@andreasdueren I am out of ideas if there is nothing in the logs and the curl works... can you drop a mail to support@cloudron.io please, so we can debug it?
-
@andreasdueren I am out of ideas if there is nothing in the logs and the curl works... can you drop a mail to support@cloudron.io please, so we can debug it?
@Joseph It's not super urgent right now, this is only a test instance I spun up and I'm traveling right now. I might reach out at a later point in time.
