Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

LDAP + 2FA support for Cloudron Apps

Scheduled Pinned Locked Moved Feature Requests
3 Posts 3 Posters 247 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • njN Offline
    njN Offline
    nj
    wrote on last edited by nj
    #1

    I am starting a new topic to keep the discussion to the point. Previous discussions are linked at the bottom of this post. This is to request Cloudron to support inline TOTP code with LDAP Password in the form password;2FCODE.

    ;TLDR User Stories

    Admin can choose to opt-in for password:2fcode feature from Settings.
    During authentication, Cloudron checks for the setting, and if enabled, splits password and 2fcode.
    Cloudron performs authentication based on password and the 2fa code.

    The last discussion with @girish ended with him mentioning that there's some standardization going on in the field of 2FA in custom fields of LDAP. Out of curiosity, I looked at the roadmaps of many open source projects and found that very few have any plans to standardize or even support TOTP secret through LDAP fields. I have no hopes of any standardization in the near future that Cloudron can look forward to.

    I am serious about security, and mandate everyone in my team to enable 2FA whenever possible. We're also using more and more new apps, and I'm seeing mandatory 2FA in individual apps a lot of trouble to go through.

    I already have 13 different entries for individual apps' 2FA codes, and the list is growing. Then there are the recovery codes of all apps written on dozens of pieces of paper - The situation is the same across the team, and it's only going to be worse when we stop using apps.

    Please do something about it! Pretty, please? šŸ™„

    More discussion on this topic:
    https://forum.cloudron.io/topic/3285/2fa-for-all-ldap-apps/39
    https://forum.cloudron.io/topic/2433/the-real-sso-with/1
    https://forum.cloudron.io/topic/1972/i-am-missing-real-sso/1

    Founder & OpenSource Lover. My Cloudron Apps

    girishG 1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    replied to nj on last edited by
    #2

    @nj Right. Making baby steps here. Already added 2FA now for the proxy auth in 6.1. Maybe we can add this feature to 6.2. I had created a task to implement this - https://git.cloudron.io/cloudron/box/-/issues/705 . It relied on mandatory 2FA which was implemented in 5.4.

    P 1 Reply Last reply
    1
  • P Offline
    P Offline
    plusone-nick
    replied to girish on last edited by
    #3

    @girish said in LDAP + 2FA support for Cloudron Apps:

    Making baby steps here.
    šŸ¦¾ Almost a slow walk šŸ˜‰šŸ™

    āœŒšŸ’™+1

    1 Reply Last reply
    1

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login
  • Don't have an account? Register
  • Login or register to search.