Why self-hosting is important (this time: identity providers)

luckow

https://techcrunch.com/2022/03/22/okta-january-hack-breach/

Since Cloudron 7.1.x you are able to be your own identity provider. Let's hope something like keycloak comes to the App Store and you don't have to rely on third parties anymore.

girish

okta's update https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ but lapsus has replied on telegram. You can read it all here - https://news.ycombinator.com/item?id=30769537

robi

@luckow said in Why self-hosting is important (this time: identity providers):

Since Cloudron 7.1.x you are able to be your own identity provider.

For the other users reading this later, perhaps detail how this is possible.

LoudLemur

@robi
Federated, self-hosted identity provision could be a very important alternative to state-imposed digital ID. I think there is a real prospect of our governments shutting people out from society/internet connection unless they comply with their own digital passports, which might end up going from phones to being implanted into our bodies. Some people argue this has already happened.

fbartels

@LoudLemur said in Why self-hosting is important (this time: identity providers):

state-imposed digital ID

While it's important to have federation of ids and not just trust some big corporation. The thing is however that there are some cases where you need a verified id (legal transactions) and for these there is almost no way around either an id coming from your country of residence or maybe another institution such as banks.

In the netherlands we have https://www.digid.nl/ which makes life so much easier.

robi

@LoudLemur I agree with you. The why is obvious.

However that doesn't address my previous message; as in How to do this with Cloudron to support X million users.

luckow

@robi To give a few words of clarification. My intent was not to say: hey, build the new Okta with your Cloudron instance (on say a $20 VPS at Digitalocean).

Having your own identity provider means, in my world: you don't have to rely on third-party software to connect YOUR users to apps. In the first step (with Cloudron v. 7.1.x), all your users in Cloudron LDAP use locally installed apps and also apps running outside your Cloudron with an LDAP connector.
You can scale some apps (e.g., Gitlab) to a separate VPS or bare metal and connect that app to your Cloudron instance. Or install apps that are not available in the app store.
Limitation: you need apps with LDAP capabilities.

If the Cloudron app store offers an app like Keycloak or Authentik, you also have the option of connecting apps via OpenID Connect or Oauth.

What we don't get in the short term: Cloudron LDAP/SSO as a social login button on relevant third party SaaS offerings That's the place for auth0, twitter, facebook, gitlab, github ....

LoudLemur

@luckow Events like this might be useful for some targeted marketing. If Cloudron kept a blog of some sort, we might be able to recruit new users by publishing a story highlighting how Cloudron self-hosting can offer an alternative to the usual, proprietary options.

In this case, people might be looking for some other solution for providing identity. After creating the article, ensuring that it is disseminated to platforms where it is more likely to receive a read would help. It would need visiting sites like slashdot, reddit, etc and linking the story with a brief introductory paragraph.