Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. Shared Authentication between Apps

Shared Authentication between Apps

Scheduled Pinned Locked Moved Discuss
16 Posts 5 Posters 2.3k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brianbB Offline
      brianbB Offline
      brianb
      wrote on last edited by
      #1

      Is there an existing solution (app) or even just codebase that would allow you to handle the authentication/membership for other apps?

      I am trying to build a community website and want to use Ghost for blog, Discourse as forum, wiki.js, and shopify for the store.

      Ghost has plugin to allow Discourse to handle comments but I believe it still requires separate authentication.

      Ghost has an odd setup for authentication as it has "members" which are email subscribers (customers) and another set of members they call Staff which are more like traditional users which can be authors/editors/admin.

      To make the community work really well and flow. I would like to have one user/member database that handles authentication between the various apps. Thanks to how Cloudron works I can access the mysql database for Ghost from the other apps like Discourse and Wiki.js. However it would still require some coding to make it all work together smoothly.

      So far it doesn't seem like Ghost has robust oAuth support, it is still considered "alpha" and in the experimental areas of the admin UI.

      Right now I'm just trying to make them all work nicely together. So if you know of an existing solution or know of someones git or github project please let me know.

      murgeroM jdaviescoatesJ 2 Replies Last reply
      1
      • brianbB brianb

        Is there an existing solution (app) or even just codebase that would allow you to handle the authentication/membership for other apps?

        I am trying to build a community website and want to use Ghost for blog, Discourse as forum, wiki.js, and shopify for the store.

        Ghost has plugin to allow Discourse to handle comments but I believe it still requires separate authentication.

        Ghost has an odd setup for authentication as it has "members" which are email subscribers (customers) and another set of members they call Staff which are more like traditional users which can be authors/editors/admin.

        To make the community work really well and flow. I would like to have one user/member database that handles authentication between the various apps. Thanks to how Cloudron works I can access the mysql database for Ghost from the other apps like Discourse and Wiki.js. However it would still require some coding to make it all work together smoothly.

        So far it doesn't seem like Ghost has robust oAuth support, it is still considered "alpha" and in the experimental areas of the admin UI.

        Right now I'm just trying to make them all work nicely together. So if you know of an existing solution or know of someones git or github project please let me know.

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by
        #2

        @briankb-0 Cloudron uses SSO (kind of, with LDAP) and the apps you listed should all be able to use that authentication. LDAP is shared on all apps that support it.,

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        micmcM 1 Reply Last reply
        3
        • murgeroM murgero

          @briankb-0 Cloudron uses SSO (kind of, with LDAP) and the apps you listed should all be able to use that authentication. LDAP is shared on all apps that support it.,

          micmcM Offline
          micmcM Offline
          micmc
          wrote on last edited by
          #3

          @murgero said in Shared Authentication between Apps:

          @briankb-0 Cloudron uses SSO (kind of, with LDAP) and the apps you listed should all be able to use that authentication. LDAP is shared on all apps that support it.,

          Yes, indeed, however in such case all these users must be registered in the actual Cloudron instance first, and that could become nightmarish depending on the amount of users to be registered. Unless there exist a way to bulk register users on a CR instance. 😮

          Ignorance is not an excuse anymore!
          https://AutomateKit.com

          jdaviescoatesJ 1 Reply Last reply
          1
          • micmcM micmc

            @murgero said in Shared Authentication between Apps:

            @briankb-0 Cloudron uses SSO (kind of, with LDAP) and the apps you listed should all be able to use that authentication. LDAP is shared on all apps that support it.,

            Yes, indeed, however in such case all these users must be registered in the actual Cloudron instance first, and that could become nightmarish depending on the amount of users to be registered. Unless there exist a way to bulk register users on a CR instance. 😮

            jdaviescoatesJ Offline
            jdaviescoatesJ Offline
            jdaviescoates
            wrote on last edited by
            #4

            @micmc said in Shared Authentication between Apps:

            Unless there exist a way to bulk register users on a CR instance.

            You can import users, see:
            https://docs.cloudron.io/user-management/#import-users

            Also relevant to this thread:
            https://docs.cloudron.io/user-management/#external-directory

            I use Cloudron with Gandi & Hetzner

            micmcM 1 Reply Last reply
            3
            • brianbB brianb

              Is there an existing solution (app) or even just codebase that would allow you to handle the authentication/membership for other apps?

              I am trying to build a community website and want to use Ghost for blog, Discourse as forum, wiki.js, and shopify for the store.

              Ghost has plugin to allow Discourse to handle comments but I believe it still requires separate authentication.

              Ghost has an odd setup for authentication as it has "members" which are email subscribers (customers) and another set of members they call Staff which are more like traditional users which can be authors/editors/admin.

              To make the community work really well and flow. I would like to have one user/member database that handles authentication between the various apps. Thanks to how Cloudron works I can access the mysql database for Ghost from the other apps like Discourse and Wiki.js. However it would still require some coding to make it all work together smoothly.

              So far it doesn't seem like Ghost has robust oAuth support, it is still considered "alpha" and in the experimental areas of the admin UI.

              Right now I'm just trying to make them all work nicely together. So if you know of an existing solution or know of someones git or github project please let me know.

              jdaviescoatesJ Offline
              jdaviescoatesJ Offline
              jdaviescoates
              wrote on last edited by
              #5

              @briankb-0 said in Shared Authentication between Apps:

              I would like to have one user/member database that handles authentication between the various apps.

              Cloudron does that great with LDAP as @murgero mentioned.

              I really think your simplest solution is to make Cloudron the one user/member database.

              Saying that, I think this might also be another use case for a User Registration App or some other solution that lets people self-register on your Cloudron rather than Admins having to create or import them.

              Here's my post about that from yonks about. I'd still love a simple way to allow for Open Registration on my Cloudron:

              https://forum.cloudron.io/post/5339

              I use Cloudron with Gandi & Hetzner

              brianbB micmcM 2 Replies Last reply
              2
              • jdaviescoatesJ jdaviescoates

                @briankb-0 said in Shared Authentication between Apps:

                I would like to have one user/member database that handles authentication between the various apps.

                Cloudron does that great with LDAP as @murgero mentioned.

                I really think your simplest solution is to make Cloudron the one user/member database.

                Saying that, I think this might also be another use case for a User Registration App or some other solution that lets people self-register on your Cloudron rather than Admins having to create or import them.

                Here's my post about that from yonks about. I'd still love a simple way to allow for Open Registration on my Cloudron:

                https://forum.cloudron.io/post/5339

                brianbB Offline
                brianbB Offline
                brianb
                wrote on last edited by
                #6

                @jdaviescoates I'd much rather have a User Registration App as you described that using LDAP or even touching the user auth for cloudron itself.

                jdaviescoatesJ 1 Reply Last reply
                0
                • brianbB brianb

                  @jdaviescoates I'd much rather have a User Registration App as you described that using LDAP or even touching the user auth for cloudron itself.

                  jdaviescoatesJ Offline
                  jdaviescoatesJ Offline
                  jdaviescoates
                  wrote on last edited by
                  #7

                  @briankb-0 out of interest, may I ask why? I guess maybe just because Ghost doesn't have LDAP yet?

                  I use Cloudron with Gandi & Hetzner

                  brianbB 1 Reply Last reply
                  0
                  • jdaviescoatesJ jdaviescoates

                    @briankb-0 out of interest, may I ask why? I guess maybe just because Ghost doesn't have LDAP yet?

                    brianbB Offline
                    brianbB Offline
                    brianb
                    wrote on last edited by
                    #8

                    @jdaviescoates That's a good reason but more so I don't like the idea of sharing the authentication that controls the server or access to the server with any apps or a website's userbase.

                    jdaviescoatesJ 1 Reply Last reply
                    0
                    • brianbB brianb

                      @jdaviescoates That's a good reason but more so I don't like the idea of sharing the authentication that controls the server or access to the server with any apps or a website's userbase.

                      jdaviescoatesJ Offline
                      jdaviescoatesJ Offline
                      jdaviescoates
                      wrote on last edited by
                      #9

                      @briankb-0 I'm no security expert, and perhaps I'm being security naive, but Cloudron users can't control nor access the server in any way really. They can only access the apps they have access to.

                      And I think because all the apps are in their own containers, even if they compromise one, my understanding is that they can't from within that container do anything anywhere else, see:
                      https://docs.cloudron.io/security/#app-isolation-and-sandboxing

                      More on Cloudron security here:
                      https://docs.cloudron.io/security/

                      I use Cloudron with Gandi & Hetzner

                      brianbB girishG 3 Replies Last reply
                      1
                      • jdaviescoatesJ jdaviescoates

                        @briankb-0 I'm no security expert, and perhaps I'm being security naive, but Cloudron users can't control nor access the server in any way really. They can only access the apps they have access to.

                        And I think because all the apps are in their own containers, even if they compromise one, my understanding is that they can't from within that container do anything anywhere else, see:
                        https://docs.cloudron.io/security/#app-isolation-and-sandboxing

                        More on Cloudron security here:
                        https://docs.cloudron.io/security/

                        brianbB Offline
                        brianbB Offline
                        brianb
                        wrote on last edited by
                        #10

                        @jdaviescoates I will read up on cloudron auth.

                        regardless Ghost is almost "locked down" for external auth. I don't know why but all of my research the past few days show the request for oAuth going back to before v1 and in v4.7 (as of today) they still don't support it fully or even officially. It's stupid.

                        They SHOULD turn their amazing blog engine into a full CMS with robust authentication, isolating auth so you can use it however you need. I read up on running Ghost as a "HEADLESS CMS" but that's not what I want it for, doing so requires you to handle all the front end and theming. To me that defeats the purpose of Ghost. But I'm still just beginning to understand Ghost and the other apps so maybe I will find a way.

                        1 Reply Last reply
                        1
                        • jdaviescoatesJ jdaviescoates

                          @briankb-0 I'm no security expert, and perhaps I'm being security naive, but Cloudron users can't control nor access the server in any way really. They can only access the apps they have access to.

                          And I think because all the apps are in their own containers, even if they compromise one, my understanding is that they can't from within that container do anything anywhere else, see:
                          https://docs.cloudron.io/security/#app-isolation-and-sandboxing

                          More on Cloudron security here:
                          https://docs.cloudron.io/security/

                          brianbB Offline
                          brianbB Offline
                          brianb
                          wrote on last edited by
                          #11

                          @jdaviescoates Cloudron security sounds very well thought out and just what I need. I will continue to read and try to understand how to implement.

                          Does anyone know if Ghost support LDAP or is there a work around so Ghost will use Cloudron user auth?

                          jdaviescoatesJ girishG 2 Replies Last reply
                          1
                          • brianbB brianb

                            @jdaviescoates Cloudron security sounds very well thought out and just what I need. I will continue to read and try to understand how to implement.

                            Does anyone know if Ghost support LDAP or is there a work around so Ghost will use Cloudron user auth?

                            jdaviescoatesJ Offline
                            jdaviescoatesJ Offline
                            jdaviescoates
                            wrote on last edited by
                            #12

                            @briankb-0 said in Shared Authentication between Apps:

                            Does anyone know if Ghost support LDAP

                            I just had a little search around and it doesn't seem it does 😞

                            There was this https://github.com/TryGhost/passport-ghost but it's not been updated in years and is not just a read only archive

                            See also:
                            https://forum.ghost.org/t/sso-and-or-ldap-login-for-ghost/10016
                            https://forum.ghost.org/t/auth-via-ldap-or-oauth/1767
                            https://forum.ghost.org/t/put-ghost-behind-a-login/1433/3

                            That last post made me think that perhaps Cloudron's ProxyAuth addon could be optionally added to Ghost and that could maybe work somehow (I'm not really sure how though, because you still wouldn't actually be logged into Ghost)

                            I use Cloudron with Gandi & Hetzner

                            1 Reply Last reply
                            1
                            • jdaviescoatesJ jdaviescoates

                              @briankb-0 I'm no security expert, and perhaps I'm being security naive, but Cloudron users can't control nor access the server in any way really. They can only access the apps they have access to.

                              And I think because all the apps are in their own containers, even if they compromise one, my understanding is that they can't from within that container do anything anywhere else, see:
                              https://docs.cloudron.io/security/#app-isolation-and-sandboxing

                              More on Cloudron security here:
                              https://docs.cloudron.io/security/

                              girishG Offline
                              girishG Offline
                              girish
                              Staff
                              wrote on last edited by girish
                              #13

                              @jdaviescoates said in Shared Authentication between Apps:

                              @briankb-0 I'm no security expert, and perhaps I'm being security naive, but Cloudron users can't control nor access the server in any way really. They can only access the apps they have access to.

                              This is correct. Cloudron users do not have access to the server. With 'User' role, all one can do is to login to the dashboard, change their name/password and then click on apps to access. They can't configure or manage apps. Only 'Admin' role can manage apps.

                              'Owner' is "assumed" to have access to the server. There is no way to access the server from the dashboard though, neither do we have a mechanism to give 'Owner' access to the server. They have to have ssh keys (this is intentionally kept outside cloudron scope).

                              https://docs.cloudron.io/user-management/#roles

                              1 Reply Last reply
                              1
                              • brianbB brianb

                                @jdaviescoates Cloudron security sounds very well thought out and just what I need. I will continue to read and try to understand how to implement.

                                Does anyone know if Ghost support LDAP or is there a work around so Ghost will use Cloudron user auth?

                                girishG Offline
                                girishG Offline
                                girish
                                Staff
                                wrote on last edited by
                                #14

                                @briankb-0 said in Shared Authentication between Apps:

                                Does anyone know if Ghost support LDAP or is there a work around so Ghost will use Cloudron user auth?

                                From what I recall many years ago, they were not going to add LDAP. Maybe check in their forum (https://forum.ghost.org/) if that has changed.

                                1 Reply Last reply
                                0
                                • jdaviescoatesJ jdaviescoates

                                  @micmc said in Shared Authentication between Apps:

                                  Unless there exist a way to bulk register users on a CR instance.

                                  You can import users, see:
                                  https://docs.cloudron.io/user-management/#import-users

                                  Also relevant to this thread:
                                  https://docs.cloudron.io/user-management/#external-directory

                                  micmcM Offline
                                  micmcM Offline
                                  micmc
                                  wrote on last edited by
                                  #15

                                  @jdaviescoates said in Shared Authentication between Apps:

                                  @micmc said in Shared Authentication between Apps:

                                  Unless there exist a way to bulk register users on a CR instance.

                                  You can import users, see:
                                  https://docs.cloudron.io/user-management/#import-users

                                  Also relevant to this thread:
                                  https://docs.cloudron.io/user-management/#external-directory

                                  There you go, thanks that's great! 🙂

                                  Ignorance is not an excuse anymore!
                                  https://AutomateKit.com

                                  1 Reply Last reply
                                  0
                                  • jdaviescoatesJ jdaviescoates

                                    @briankb-0 said in Shared Authentication between Apps:

                                    I would like to have one user/member database that handles authentication between the various apps.

                                    Cloudron does that great with LDAP as @murgero mentioned.

                                    I really think your simplest solution is to make Cloudron the one user/member database.

                                    Saying that, I think this might also be another use case for a User Registration App or some other solution that lets people self-register on your Cloudron rather than Admins having to create or import them.

                                    Here's my post about that from yonks about. I'd still love a simple way to allow for Open Registration on my Cloudron:

                                    https://forum.cloudron.io/post/5339

                                    micmcM Offline
                                    micmcM Offline
                                    micmc
                                    wrote on last edited by
                                    #16

                                    @jdaviescoates said in Shared Authentication between Apps:

                                    I'd still love a simple way to allow for Open Registration on my Cloudron:

                                    https://forum.cloudron.io/post/5339

                                    I agree that would be great also.

                                    Ignorance is not an excuse anymore!
                                    https://AutomateKit.com

                                    1 Reply Last reply
                                    0
                                    Reply
                                    • Reply as topic
                                    Log in to reply
                                    • Oldest to Newest
                                    • Newest to Oldest
                                    • Most Votes


                                      • Login

                                      • Don't have an account? Register

                                      • Login or register to search.
                                      • First post
                                        Last post
                                      0
                                      • Categories
                                      • Recent
                                      • Tags
                                      • Popular
                                      • Bookmarks
                                      • Search