Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Enable LDAP and Cloudron SSO After App is Installed

Enable LDAP and Cloudron SSO After App is Installed

Scheduled Pinned Locked Moved Feature Requests
7 Posts 5 Posters 1.1k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brianbB Offline
      brianbB Offline
      brianb
      wrote on last edited by
      #1

      I skipped opting for SSO when installing apps. According to the Cloudron Docs in Users & Groups section you need to select SSO at the time of app installation.

      Assuming an app support LDAP. Is it possible to add LDAP support (Cloudron SSO) to an app after it is installed?

      robiR 1 Reply Last reply
      1
      • brianbB brianb

        I skipped opting for SSO when installing apps. According to the Cloudron Docs in Users & Groups section you need to select SSO at the time of app installation.

        Assuming an app support LDAP. Is it possible to add LDAP support (Cloudron SSO) to an app after it is installed?

        robiR Offline
        robiR Offline
        robi
        wrote on last edited by
        #2

        @briankb-0 It's best to install a new app with SSO enabled and migrate the data.

        Conscious tech

        1 Reply Last reply
        1
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #3

          This has long been on our tasklist. Essentially there is no technical reason why the LDAP/SSO feature could not be enabled/disabled after installation. The main blocking point is that we are not really comfortable currently with how apps behave. Some might purge user-data if users go away which may result in dataloss.

          girishG 1 Reply Last reply
          2
          • nebulonN nebulon

            This has long been on our tasklist. Essentially there is no technical reason why the LDAP/SSO feature could not be enabled/disabled after installation. The main blocking point is that we are not really comfortable currently with how apps behave. Some might purge user-data if users go away which may result in dataloss.

            girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            @nebulon said in Enable LDAP and Cloudron SSO After App is Installed:

            Essentially there is no technical reason why the LDAP/SSO feature

            There's many variation in app support:

            • What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).

            • Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).

            L 1 Reply Last reply
            2
            • girishG girish moved this topic from Support on
            • girishG girish

              @nebulon said in Enable LDAP and Cloudron SSO After App is Installed:

              Essentially there is no technical reason why the LDAP/SSO feature

              There's many variation in app support:

              • What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).

              • Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).

              L Offline
              L Offline
              lukas
              wrote on last edited by
              #5

              @girish I hope I am in the right place with my question:

              Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

              girishG 2 Replies Last reply
              0
              • L lukas

                @girish I hope I am in the right place with my question:

                Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by girish
                #6

                @lukas With LDAP based sign on, automatic login is not possible (just not possible technically). In 7.4, we have made Cloudron an OIDC provider. You can create OIDC secrets from the dashboard and integrate it into apps yourself. OIDC supports automatic login.

                The next step for us is to evaluate how good/bad the integration is across apps and integrate them into app packages (just like we do for LDAP). So far, we have evaluated a bunch of app and the results are promising! But there are also some quirks - for example, the nextcloud OIDC integration always prefixes the username. This means that your username on nextcloud is cloudron-lukas , for example. But in the long run, if OIDC works well, we will switch over completely. I expect this to take a good 3-4 months at the minimum.

                1 Reply Last reply
                2
                • L lukas

                  @girish I hope I am in the right place with my question:

                  Is it possible for Cloudron users to automatically log in to the installed apps via SSO?

                  girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  @lukas Forgot to link to the docs - https://docs.cloudron.io/user-management/#openid-connect

                  1 Reply Last reply
                  2
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search