Nextcloud OIDC integration
-
@joseph It seems the OIDC is working now, something wrong with Cloudflare that affect my Cloudron Installation,and follow your instruction I don exactly the same, backup and import, but now the Nextcloud is not responding with this error message
Feb 09 21:49:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.16.17:80 Feb 09 21:49:20 No such app enabled: user_ldap Feb 09 21:49:20 ==> Ensure OIDC settings Feb 09 21:49:21 Error: Could not download app user_oidc Feb 09 21:49:22 2025-02-09T21:49:22+07:00 Feb 09 21:49:22 Feb 09 21:49:22 There are no commands defined in the "user_oidc" namespace.@firmansi said in Nextcloud OIDC integration:
Feb 09 21:49:21 Error: Could not download app user_oidc
This seems to be the issue. Can you put the app in repair mode and try
sudo -u www-data php /app/code/occ app:install user_oidc? Maybe some dns or network related issue preventing it from download the app from nextcloud's store -
@firmansi said in Nextcloud OIDC integration:
Feb 09 21:49:21 Error: Could not download app user_oidc
This seems to be the issue. Can you put the app in repair mode and try
sudo -u www-data php /app/code/occ app:install user_oidc? Maybe some dns or network related issue preventing it from download the app from nextcloud's store -
@joseph Well, I think before I backup,i have to install the user_oidc first, because the container even can't start, I am doing the 2nd try
-
@firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)
@joseph Yes it works. it's a network issue, even I still don't know why it happens, I don't use any proxy in Cloudflare but anyway, how to change Identifier for the OIDC ? I have change the brand name as well when I see in env | grep CLOUDRON_OIDC, but still the identifier name still Cloudron in Registered Providers in Nextcloud OpenID backend integration
-
@firmansi I see. So, just to be clear: a fresh install of nextcloud with cloudron user management works? and you can also oidc login? the import should also work if that is the case (i.e it's not a network issue then)
@joseph All good. I can change the identifier too or the brand name shown in button.
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
-
@joseph All good. I can change the identifier too or the brand name shown in button.
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
-
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
@jdaviescoates Correct, the deletion back again after restart, but I am okay with this because this default setting actually acts like a guidance for me in case I forget default Cloudron setting that I can apply to other OIDC, I can simply just delete the default Brand Name button without affecting anything, including new Registered Provider I have set up
-
@firmansi said in Nextcloud OIDC integration:
I simply check env | grep CLOUDRON_OIDC and then delete the existing Registered Provider, and then create new Registered Provider by input the Identifier name as I wish and then input all parameters in CLOUDRON_OIDC
I doubt that'll survive an app restart.
But as @andreasdueren suggested above, given the Nextcloud OIDC app doesn't support displaying brand name, I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
@jdaviescoates said in Nextcloud OIDC integration:
I wonder if @staff could rename the provider to something more generic like "Open ID Connect" or "OIDC"?
Those terms are just generic technology terms. One should always have "Login with <provider>" . Like Login with gmail, Login with Github etc. Login with OIDC doesn't actually mean anything (unless it's providing some dropdown of providers after clicking the button). I think we should open a bug report upstream, seems easy to fix
-
I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about
Access forbidden State token does not matchAfter retrying "it just works" TM
Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.
-
I've had some issues with 2FA and nextcloud. On my android phone the freshly installed nextcloud app opens a browser page, I click "cloudron login" and get an error about
Access forbidden State token does not matchAfter retrying "it just works" TM
Also I used a new account to get into nextcloud, on my PC / firefox, and went to use my normal account afterwards but it automatically goes to the new account, is there a cookie / cached token or something I can delete to fix this? Clearing the entire cache is annoying.
@AartJansen I think you'll need to logout of your my.domain to logout then login again using the account you want to use. I now make more use of Firefox containers
-
O odie referenced this topic
