External Provider (OIDC / OAuth) - Google Workspace
-
Hello everyone.
I'm trying to set up OpenID Connect (OIDC) so that my company's Google Workspace users can log into Cloudrun (and consequently services like Open WebUI) using OAuth, SSO, or any other method.
I searched extensively, and ChatGPT led me to the paid plan, but even then, the information it says would appear: an area to configure External Provider (OIDC/OAuth2).
Does anyone know what I can do? Is it possible to do this type of authentication with Google Workspace?
My version is v8.3.2 (Ubuntu 22.04.5 LTS).
Thank you! -
Hi James. I've been through this documentation and reread it at least a dozen times to figure out where I might be going wrong.
In User Directory (/#/user-directory), there's a Provider referenced as "Other."
I'm using:
- Server URL: ldaps://ldap.google.com:636 or ldaps://ldap.google.com
- Base DN: dc=mydomain,dc=com,dc=br
- Filter: (objectClass=person)
- Username field: uid
- Bind DN/Username (optional): credential-generated-by-google
- Bind Password (optional): psw-generated-by-google
When I save without the "Accept Self-signed certificate" option checked, I get the error "self-signed certificate."
When I save with the "Accept Self-signed certificate" option checked, I get "Incorrect bind password."
From everything I've read, it seems that for Google Workspace, I would need to make Cloudron use the certificate generated by Google Workspace LDAP. From the server where Cloudron is installed, I can perform tests and listings using the command
LDAPTLS_CERT=/root/cert.crt \ LDAPTLS_KEY=/root/cert.key \ ldapsearch -x \ -H ldaps://ldap.google.com:636 \ -D "credential-generated-by-google" \ -w 'psw-generated-by-google' \ -b dc=mydomain,dc=com,dc=br \ '(objectClass=person)' uidThe problem is that without the certificate, the integration doesn't work. That's what I understand is happening with Cloudron. Does that make sense? Can I force Cloudron to use the Google-generated certificate? Is there another way to do this integration that I haven't figured out yet?
Best regards
-
Hello everyone.
I'm trying to set up OpenID Connect (OIDC) so that my company's Google Workspace users can log into Cloudrun (and consequently services like Open WebUI) using OAuth, SSO, or any other method.
I searched extensively, and ChatGPT led me to the paid plan, but even then, the information it says would appear: an area to configure External Provider (OIDC/OAuth2).
Does anyone know what I can do? Is it possible to do this type of authentication with Google Workspace?
My version is v8.3.2 (Ubuntu 22.04.5 LTS).
Thank you! -
@Lomeu I like the missing
tinWorspacefrom the subject
Come and join the holy grail of self-hosting. No more Google Workspace. No need for that! -
@luckow said in External Provider (OIDC / OAuth) - Google Worspace:
I like the missing t in Worspace from the subject
'k' surely
