Nextcloud OIDC integration
-
@girish Since my installation is user not managed by Cloudron so I can't enable OIDC (but not just this, I can't curl the OIDC Server eventhough it's the same Cloudron server),i just want to let know the issue that I experience lately, after I updated Nextcloud including latest update with DNS Pinning, after update I can't login since the LDAP and Group Backend disabled automaticall after update, so i have to enable manually in Nextcloud Apps, the config in Nextcloud Setting for LDAP/AD Integration is a bit different than previously before update but anywhow I can still login back normally. Please be aware of this issue. Thanks
-
@girish Proposition to change the OpenID Identifier from "Cloudron" to "OpenID" or "SSO" since we can't have the branding from the Cloudron instance
-
@girish Since my installation is user not managed by Cloudron so I can't enable OIDC (but not just this, I can't curl the OIDC Server eventhough it's the same Cloudron server),i just want to let know the issue that I experience lately, after I updated Nextcloud including latest update with DNS Pinning, after update I can't login since the LDAP and Group Backend disabled automaticall after update, so i have to enable manually in Nextcloud Apps, the config in Nextcloud Setting for LDAP/AD Integration is a bit different than previously before update but anywhow I can still login back normally. Please be aware of this issue. Thanks
@firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:
- take backup of your nextcloud. download the backup configuration of this new backup
- install new nextcloud with cloudron user management
- import the backup from setup 1 . app -> backups -> import
It will work after this.
-
-
@firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:
- take backup of your nextcloud. download the backup configuration of this new backup
- install new nextcloud with cloudron user management
- import the backup from setup 1 . app -> backups -> import
It will work after this.
-
@firmansi the auth mechanism is chosen at install time. if you go behind cloudron's back and make changes to the app configuration, this will eventually not work. in your situation, you have installation nextcloud without LDAP/OIDC and then later configuring it inside the app manually. This won't work and is not supported. The way to fix this is like this:
- take backup of your nextcloud. download the backup configuration of this new backup
- install new nextcloud with cloudron user management
- import the backup from setup 1 . app -> backups -> import
It will work after this.
@joseph It seems the OIDC is working now, something wrong with Cloudflare that affect my Cloudron Installation,and follow your instruction I don exactly the same, backup and import, but now the Nextcloud is not responding with this error message
Feb 09 21:49:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.16.17:80 Feb 09 21:49:20 No such app enabled: user_ldap Feb 09 21:49:20 ==> Ensure OIDC settings Feb 09 21:49:21 Error: Could not download app user_oidc Feb 09 21:49:22 2025-02-09T21:49:22+07:00 Feb 09 21:49:22 Feb 09 21:49:22 There are no commands defined in the "user_oidc" namespace. -
@joseph It seems the OIDC is working now, something wrong with Cloudflare that affect my Cloudron Installation,and follow your instruction I don exactly the same, backup and import, but now the Nextcloud is not responding with this error message
Feb 09 21:49:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.16.17:80 Feb 09 21:49:20 No such app enabled: user_ldap Feb 09 21:49:20 ==> Ensure OIDC settings Feb 09 21:49:21 Error: Could not download app user_oidc Feb 09 21:49:22 2025-02-09T21:49:22+07:00 Feb 09 21:49:22 Feb 09 21:49:22 There are no commands defined in the "user_oidc" namespace.@firmansi said in Nextcloud OIDC integration:
Feb 09 21:49:21 Error: Could not download app user_oidc
This seems to be the issue. Can you put the app in repair mode and try
sudo -u www-data php /app/code/occ app:install user_oidc? Maybe some dns or network related issue preventing it from download the app from nextcloud's store -
@firmansi said in Nextcloud OIDC integration:
Feb 09 21:49:21 Error: Could not download app user_oidc
This seems to be the issue. Can you put the app in repair mode and try
sudo -u www-data php /app/code/occ app:install user_oidc? Maybe some dns or network related issue preventing it from download the app from nextcloud's store -
@joseph Well, I think before I backup,i have to install the user_oidc first, because the container even can't start, I am doing the 2nd try
-
@firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)
@joseph Yes it works. it's a network issue, even I still don't know why it happens, I don't use any proxy in Cloudflare but anyway, how to change Identifier for the OIDC ? I have change the brand name as well when I see in env | grep CLOUDRON_OIDC, but still the identifier name still Cloudron in Registered Providers in Nextcloud OpenID backend integration
-
@firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)
@joseph All good. I can change the identifier too or the brand name shown in button.
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
-
@joseph All good. I can change the identifier too or the brand name shown in button.
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
-
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
@jdaviescoates Correct, the deletion back again after restart, but I am okay with this because this default setting actually acts like a guidance for me in case I forget default Cloudron setting that I can apply to other OIDC, I can simply just delete the default Brand Name button without affecting anything, including new Registered Provider I have set up
-
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
@jdaviescoates said in Nextcloud OIDC integration:
I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
Those terms are just generic technology terms. One should always have "Login with <provider>" . Like Login with gmail, Login with Github etc. Login with OIDC doesn't actually mean anything (unless it's providing some dropdown of providers after clicking the button). I think we should open a bug report upstream, seems easy to fix
-
I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about
Access forbidden State token does not matchAfter retrying "it just works" TM
Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.
-
I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about
Access forbidden State token does not matchAfter retrying "it just works" TM
Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.
@AartJansen I think you'll need to logout of your my.domain to logout then login again using the account you want to use. I now make more use of Firefox containers
-
O odie referenced this topic
