Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Enable LDAP and Cloudron SSO After App is Installed

Enable LDAP and Cloudron SSO After App is Installed

Scheduled Pinned Locked Moved Feature Requests
7 Posts 5 Posters 1.2k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • brianbB Offline
    brianbB Offline
    brianb
    wrote on last edited by
    #1

    I skipped opting for SSO when installing apps. According to the Cloudron Docs in Users & Groups section you need to select SSO at the time of app installation.

    Assuming an app support LDAP. Is it possible to add LDAP support (Cloudron SSO) to an app after it is installed?

    robiR 1 Reply Last reply
    1
    • brianbB brianb

      I skipped opting for SSO when installing apps. According to the Cloudron Docs in Users & Groups section you need to select SSO at the time of app installation.

      Assuming an app support LDAP. Is it possible to add LDAP support (Cloudron SSO) to an app after it is installed?

      robiR Offline
      robiR Offline
      robi
      wrote on last edited by
      #2

      @briankb-0 It's best to install a new app with SSO enabled and migrate the data.

      Conscious tech

      1 Reply Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #3

        This has long been on our tasklist. Essentially there is no technical reason why the LDAP/SSO feature could not be enabled/disabled after installation. The main blocking point is that we are not really comfortable currently with how apps behave. Some might purge user-data if users go away which may result in dataloss.

        girishG 1 Reply Last reply
        2
        • nebulonN nebulon

          This has long been on our tasklist. Essentially there is no technical reason why the LDAP/SSO feature could not be enabled/disabled after installation. The main blocking point is that we are not really comfortable currently with how apps behave. Some might purge user-data if users go away which may result in dataloss.

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @nebulon said in Enable LDAP and Cloudron SSO After App is Installed:

          Essentially there is no technical reason why the LDAP/SSO feature

          There's many variation in app support:

          • What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).

          • Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).

          L 1 Reply Last reply
          2
          • girishG girish moved this topic from Support on
          • girishG girish

            @nebulon said in Enable LDAP and Cloudron SSO After App is Installed:

            Essentially there is no technical reason why the LDAP/SSO feature

            There's many variation in app support:

            • What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).

            • Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).

            L Offline
            L Offline
            lukas
            wrote on last edited by
            #5

            @girish I hope I am in the right place with my question:

            Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

            girishG 2 Replies Last reply
            0
            • L lukas

              @girish I hope I am in the right place with my question:

              Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by girish
              #6

              @lukas With LDAP based sign on, automatic login is not possible (just not possible technically). In 7.4, we have made Cloudron an OIDC provider. You can create OIDC secrets from the dashboard and integrate it into apps yourself. OIDC supports automatic login.

              The next step for us is to evaluate how good/bad the integration is across apps and integrate them into app packages (just like we do for LDAP). So far, we have evaluated a bunch of app and the results are promising! But there are also some quirks - for example, the nextcloud OIDC integration always prefixes the username. This means that your username on nextcloud is cloudron-lukas , for example. But in the long run, if OIDC works well, we will switch over completely. I expect this to take a good 3-4 months at the minimum.

              1 Reply Last reply
              2
              • L lukas

                @girish I hope I am in the right place with my question:

                Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                @lukas Forgot to link to the docs - https://docs.cloudron.io/user-management/#openid-connect

                1 Reply Last reply
                2
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search