Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    LDAP + 2FA support for Cloudron Apps

    Feature Requests
    3
    3
    55
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nj last edited by nj

      I am starting a new topic to keep the discussion to the point. Previous discussions are linked at the bottom of this post. This is to request Cloudron to support inline TOTP code with LDAP Password in the form password;2FCODE.

      ;TLDR User Stories

      Admin can choose to opt-in for password:2fcode feature from Settings.
      During authentication, Cloudron checks for the setting, and if enabled, splits password and 2fcode.
      Cloudron performs authentication based on password and the 2fa code.

      The last discussion with @girish ended with him mentioning that there's some standardization going on in the field of 2FA in custom fields of LDAP. Out of curiosity, I looked at the roadmaps of many open source projects and found that very few have any plans to standardize or even support TOTP secret through LDAP fields. I have no hopes of any standardization in the near future that Cloudron can look forward to.

      I am serious about security, and mandate everyone in my team to enable 2FA whenever possible. We're also using more and more new apps, and I'm seeing mandatory 2FA in individual apps a lot of trouble to go through.

      I already have 13 different entries for individual apps' 2FA codes, and the list is growing. Then there are the recovery codes of all apps written on dozens of pieces of paper - The situation is the same across the team, and it's only going to be worse when we stop using apps.

      Please do something about it! Pretty, please? šŸ™„

      More discussion on this topic:
      https://forum.cloudron.io/topic/3285/2fa-for-all-ldap-apps/39
      https://forum.cloudron.io/topic/2433/the-real-sso-with/1
      https://forum.cloudron.io/topic/1972/i-am-missing-real-sso/1

      girish 1 Reply Last reply Reply Quote 3
      • girish
        girish Staff @nj last edited by

        @nj Right. Making baby steps here. Already added 2FA now for the proxy auth in 6.1. Maybe we can add this feature to 6.2. I had created a task to implement this - https://git.cloudron.io/cloudron/box/-/issues/705 . It relied on mandatory 2FA which was implemented in 5.4.

        P 1 Reply Last reply Reply Quote 1
        • P
          plusone-nick @girish last edited by

          @girish said in LDAP + 2FA support for Cloudron Apps:

          Making baby steps here.
          šŸ¦¾ Almost a slow walk šŸ˜‰šŸ™

          1 Reply Last reply Reply Quote 1
          • First post
            Last post