Enable LDAP and Cloudron SSO After App is Installed
-
I skipped opting for SSO when installing apps. According to the Cloudron Docs in Users & Groups section you need to select SSO at the time of app installation.
Assuming an app support LDAP. Is it possible to add LDAP support (Cloudron SSO) to an app after it is installed?
-
This has long been on our tasklist. Essentially there is no technical reason why the LDAP/SSO feature could not be enabled/disabled after installation. The main blocking point is that we are not really comfortable currently with how apps behave. Some might purge user-data if users go away which may result in dataloss.
-
@nebulon said in Enable LDAP and Cloudron SSO After App is Installed:
Essentially there is no technical reason why the LDAP/SSO feature
There's many variation in app support:
-
What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).
-
Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).
-
-
-
@lukas With LDAP based sign on, automatic login is not possible (just not possible technically). In 7.4, we have made Cloudron an OIDC provider. You can create OIDC secrets from the dashboard and integrate it into apps yourself. OIDC supports automatic login.
The next step for us is to evaluate how good/bad the integration is across apps and integrate them into app packages (just like we do for LDAP). So far, we have evaluated a bunch of app and the results are promising! But there are also some quirks - for example, the nextcloud OIDC integration always prefixes the username. This means that your username on nextcloud is cloudron-lukas , for example. But in the long run, if OIDC works well, we will switch over completely. I expect this to take a good 3-4 months at the minimum.