Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Wishlist
  3. Shibboleth IdP

Shibboleth IdP

Scheduled Pinned Locked Moved App Wishlist
5 Posts 3 Posters 1.2k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimcavoliJ Offline
      jimcavoliJ Offline
      jimcavoli
      App Dev
      wrote on last edited by
      #1

      https://www.shibboleth.net/products/identity-provider/

      Docs: https://wiki.shibboleth.net/confluence/display/IDP30/Home

      Shibboleth is notoriously tough to get deployed, but in the more controlled/predictable environment of Cloudron, it would be hugely simplified. This would allow a great to have a way to make Cloudron a truly authoritative system of record for user authentication across cloud solutions, including SaaS products that can't be self-hosted.

      To be fair, this one might be a bit too much of a beast; an alternative like LL::NG (https://lemonldap-ng.org/welcome/) are better-dockerized and close enough on feature parity that it may be preferable.

      1 Reply Last reply
      0
      • fbartelsF Offline
        fbartelsF Offline
        fbartels
        App Dev
        wrote on last edited by
        #2

        Something like shibboleth would probably work way better as a native functionality (your own cloudron identify provider) than as an app. While I personally would no longer bet on SAML I would welcome to have a official openid connect support in Cloudron. There is already oauth 2.0, so it should not be too hard to make this openid connect compatible if there is enough request for it.

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #3

          Agree with @fbartels that identify providers are probably better suited to be delivered from the platform, so other apps can be well integrated and tested. I don't really know shibboleth but openID seems to be supported by various apps as well, but I don't know the internals of that when it comes to how the apps have implemented support for it. If it is similar to OAuth where parts like user listing or profile email update within the app practically does not exist, then LDAP is likely still preferred.

          1 Reply Last reply
          0
          • jimcavoliJ Offline
            jimcavoliJ Offline
            jimcavoli
            App Dev
            wrote on last edited by
            #4

            Yeah, I can get behind that school of thought. Good points made, and given full ability to pick and choose, I'd lean away from SAML, but it is one of the more widely supported options for SSO.

            Specifically here, I was thinking about SSO for external services, like a SaaS product, especially one without an on-prem variant that could run on Cloudron, so that you can make the Cloudron user store an authoritative source of truth for necessarily off-Cloudron products.

            1 Reply Last reply
            0
            • jimcavoliJ Offline
              jimcavoliJ Offline
              jimcavoli
              App Dev
              wrote on last edited by
              #5

              Thinking about it, if there were going to be a bigger, badder SSO solution "baked in" to the platform, keycloak (https://www.keycloak.org) may be the better tool to close some of that gap than Shibboleth for the job (OpenID Connect, OAuth 2.0, and SAML support built-in; similar flexibility on the backend). My main thought in the use case of SSO apps is that SSO as a platform component is, to date, a platform-internal feature, and I think there's a huge benefit to being able to essentially treat Cloudron as your authoritative directory / user store and leverage it for SSO with SaaS and other strictly off-host products.

              1 Reply Last reply
              2
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search