Keycloak & Cloudron
-
@girish Great stuff! We're a bit stuck on this one at the moment: https://github.com/njsubedi/cloudron-keycloak/issues/7#issuecomment-1384001649
-
@Sam_uk besides Keycloak - have you tried the new
OpenID Connect Providerfeature in Cloudron v. 7.4?@luckow Thanks, this is a great news!
However, this solution is not possible for us because we use modules in some apps that synchronizes groups and roles with Keycloak.
And it would be too much work to migrate all or ecosystem to another SSO.
Moreover, users would need to recreate their password. -
@BrutalBirdie thanks for testing, will prioritize getting this published.
-
@Sam_uk while this is not exactly keycloak, have you seen https://docs.cloudron.io/user-management/#openid-connect ? Does this help in your case? So far in our testing with various apps, we are quite positive that this is a very feature.
@nebulon Yes, thanks.
However, this solution is not possible for us because we use modules in some apps that synchronizes groups and roles with Keycloak.
And it would be too much work to migrate all or ecosystem to another SSO.
Moreover, users would need to recreate their password. -
@nebulon Yes, thanks.
However, this solution is not possible for us because we use modules in some apps that synchronizes groups and roles with Keycloak.
And it would be too much work to migrate all or ecosystem to another SSO.
Moreover, users would need to recreate their password.Does anyone have insight into this build problem? https://github.com/njsubedi/cloudron-keycloak/issues/7#issuecomment-1384001649
I can make a modest budget available to resolve this issue, if you're interested in doing this as paid work then please DM me.
cc @cuzy-app
-
Does anyone have insight into this build problem? https://github.com/njsubedi/cloudron-keycloak/issues/7#issuecomment-1384001649
I can make a modest budget available to resolve this issue, if you're interested in doing this as paid work then please DM me.
cc @cuzy-app
-
@girish thanks for your comment on this. Despite spending a couple of hours more on it we cannot work it out. Could you (or anyone else who understands Cloudron) see if they are able to replicate our issue please?
-
@Sam_uk unfortunately, this seems quite app specific. So, I have to spend some time with the app to understand what has changed between releases etc.
@girish Thanks. What are your intentions around the Keycloak app? Are you still planning to implement it on Cloudron?
I'm considering cutting my losses and just putting it on a normal Vserver.
If you do plan to make it an official app then it might be worth continuing to debug the Cloudron version.
-
@girish Thanks. What are your intentions around the Keycloak app? Are you still planning to implement it on Cloudron?
I'm considering cutting my losses and just putting it on a normal Vserver.
If you do plan to make it an official app then it might be worth continuing to debug the Cloudron version.
@Sam_uk we have nothing against it, if that's what you are asking
It just takes time to package/test/publish new apps. We have @vladimir-d helping us out with packaging/publishing, but he has quite a bit on his plate still.I would say, you can always set it up separately for the moment. When we have the Cloudron app, I guess you can migrate. Not sure if keycloak has import/export.
-
@Sam_uk we have nothing against it, if that's what you are asking
It just takes time to package/test/publish new apps. We have @vladimir-d helping us out with packaging/publishing, but he has quite a bit on his plate still.I would say, you can always set it up separately for the moment. When we have the Cloudron app, I guess you can migrate. Not sure if keycloak has import/export.
-
@girish I'm already running Keycloak in Cloudron! I just can't update it.
Can I pay you to bump it up @vladimir-d to do list?
@Sam_uk while keycloak is in our roadmap, it's not in our immediate roadmap. But, if you are in the market for paying a developers salary for a week or so, please contact us at support@ . Just want to set expectations here, this is going to be many times over the cloudron cost itself by nature of developer salary.
-
Just took a closer look at that package https://github.com/njsubedi/cloudron-keycloak/blob/main/CloudronManifest.json#L22
It does Cloudron LDAP integration, so @Sam_uk maybe it would be good to understand the setup and use-case for keycloak in such a context, especially with the addition of OpenId Connect in Cloudron recently.
-
If you work with any organisation, you quickly find the majority still reuse passwords, don't use password managers correctly, and just want one login for all apps.
They don't know or care what is SaaS or internal.
They just want one login, password, maybe 2FA and that to get them into everything they will ever need.
The company also wants one off-switch for their access to everything.
Right now, you're options are using Google, Microsoft or one of the SSO providers, like Auth0, Okta. They are all lock-in by design services.
Keycloak is the only open-source solution, that I know of, to this, without tying you to never-ending per-user costs.
Unless you think you can make Cloudron LDAP and OpenID work as Single Sign-On (SSO) as a service for all the other non-Cloudron apps that support SSO?
Web Design https://www.evergreen.je
Development https://brandlight.org
Life https://marcusquinn.com -
If you work with any organisation, you quickly find the majority still reuse passwords, don't use password managers correctly, and just want one login for all apps.
They don't know or care what is SaaS or internal.
They just want one login, password, maybe 2FA and that to get them into everything they will ever need.
The company also wants one off-switch for their access to everything.
Right now, you're options are using Google, Microsoft or one of the SSO providers, like Auth0, Okta. They are all lock-in by design services.
Keycloak is the only open-source solution, that I know of, to this, without tying you to never-ending per-user costs.
Unless you think you can make Cloudron LDAP and OpenID work as Single Sign-On (SSO) as a service for all the other non-Cloudron apps that support SSO?
@marcusquinn said in Keycloak & Cloudron:
Unless you think you can make Cloudron LDAP and OpenID work as Single Sign-On (SSO) as a service for all the other non-Cloudron apps that support SSO?
That's what has been added to 7.4. Internal apps will slowly get migrated from ldap. For external app, you can create oidc client tokens.
-
I apologize if this was already mentioned, but another use case is to use Keycloak outside of Cloudron. Basically hosting the app inside Cloudron but used for other apps. For example, say we have an externally hosted app and we want to integrate Keycloak.
I do this with some other apps, where we host the services inside Cloudron but they're used outside on other customer sites and such (EX: Stats, Directus, Cloudsurfer).
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
-
I apologize if this was already mentioned, but another use case is to use Keycloak outside of Cloudron. Basically hosting the app inside Cloudron but used for other apps. For example, say we have an externally hosted app and we want to integrate Keycloak.
I do this with some other apps, where we host the services inside Cloudron but they're used outside on other customer sites and such (EX: Stats, Directus, Cloudsurfer).
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
@JLX89 said in Keycloak & Cloudron:
While OpenID integration is great, I personally would want to use Keycloak outside of Cloudron users, if possible.
Can you elaborate a bit more on this? Is this because it feels more trusted/better features or something else? Or maybe you have extensively used keycloak in the past and like that tool. That's fine too, just trying to get some information here.
-
Our problem is that we have developed a Keycloak module for Humhub (see https://marketplace.humhub.com/module/auth-keycloak/description) wich synchronizes groups, emails, etc...
And all our network is configured with Keycloak.
Moreover, if we change, we need to ask to all our users to change the password.
So we don't want to change for another SSO, especially since Keycloak works very well and meets our needs well.
Thanks! -
Our problem is that we have developed a Keycloak module for Humhub (see https://marketplace.humhub.com/module/auth-keycloak/description) wich synchronizes groups, emails, etc...
And all our network is configured with Keycloak.
Moreover, if we change, we need to ask to all our users to change the password.
So we don't want to change for another SSO, especially since Keycloak works very well and meets our needs well.
Thanks!
