Outline - a Notion-like open source app
@timconsidine on the topic of oidc. There is a fully featured oidc provider within the Kopano Meet app. For internal use I have even separated the oidc provider into a separate app.
I did write down how to configure external apps on cloudron against it in https://blog.9wd.eu/posts/cloudron-oidc-nextcloud/
Latest release includes generic oidc authentication. Hooked it up with keycloak and seems to be running fine.
Even though I liked your post, I only just re-spotted that this PR has been merged https://github.com/outline/outline/pull/2388
Looks like most of this other Authentication stuff has been done too:
@jdaviescoates Happy to share the code, just fired it up a couple of months ago to see if it would work. So should be regarded as a prototype only.
Keep in mind that it also requires a S3 compatible storage like minio. So full solution would actually require 3 apps to be running.
@klawitterb Nice thanks for sharing!
it also requires a S3 compatible storage like minio
Maybe this is a good time to bring up the Addon request: blob storage (s3) thread, which proposes a new "s3" addon in the same vein as the database addons that would create and manage s3-compatible buckets for apps automatically upon request in the app definition's manifest.
I have also packaged Outline: https://github.com/njsubedi/cloudron-outline, thanks to the work @klawitterb started. Still no success with
passport-ldapauthbut since I've also packaged Keycloak, LDAP auth is no longer a blocker for Outline. I also added some more details on the manifest/POSTINSTALL.md file if anyone is interested. It would be awesome if
miniowas available as an addon.
I recommend someone with more knowledge of
passport-ldapauthto try adding support for authenticating cloudron users.
@girish the app itself is great. I moved our team from Bookstack to Outline because it was extremely easy to create groups and assign permissions, default permission, etc. It also supports real-time collaboration on the document so we also started using it for meeting notes. So far, no issues. Working wonderfully inside cloudron with minio and keycloak both hosted alongside.
It is also pretty simple to keep updating regularly because of the simple migration command, and storage based on minio. No need to fuss with manual migration and storage, etc.
Also, I’d like to request S3 as an addon, because it’s trivial to create a bucket for an app, and an user for it, then grant “all” permissions on that bucket to that user.
@nj First. Top. Thank you so much to step into app packaging. But now here is the real world
Sorry to ask noob questions. And yes: I have to read the docs for keycloak. But to test your app package, there is a missing part in the "First time setup" from your app package.
On your OIDC Provider, follow these steps:1,2,3 done.
But then in 4:
And, the client is added to the reaml called "cloudron"
Where do I add the client to the realm in keycloak?
From the Realm settings perspective, I didn't find any settings for the client.
Client Registrationisn't the right tab
Same for the client perspective.
Yep. I know. SSO/IDM/SAML/LDAP/AD (<- and so on and on) is a complex topic. But hey. We are here for the Cloudron experience
@luckow Ey luckow! You already added the client to the realm Cloudron. Look at the navigation on the right side. Because if you click on the triangle, you can see you are right there. The Cloudron realm.
But that is no explanation for your user experience.
@luckow you need to find out why your client was not found.
luckow @ luckow not today. tomorrow is another day.
@luckow Without the tomatoes on my eyes, the solution is obvious.
Keycloak - Clients - Credentials:
Client Id and Secret does not mean that you take
ZIDdK...for both. Secret is secret. Where do you find the
Client Id? This is also simple.
Keycload - Clients
Yes. It's the name.
Sorry for hijacking this thread for my noob questions.