Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
C

cruftex

@cruftex
About
Posts
2
Topics
1
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • I am missing (real) SSO
    C cruftex

    We use a reverse proxy setup. Many applications support extracting the logged in user from the HTTP headers. See this example for an explanation:
    https://wiki.jenkins.io/display/JENKINS/Reverse+Proxy+Auth+Plugin

    This way, OAuth or SAML or whatever auth protocol you choose needs only be supported by the reverse proxy.

    So far we were able to provide SSO for every application in our extranet.

    Regarding the private apps, you can already set access controls for apps, but they will still be available publicly. For the moment this is likely out of scope for Cloudron. Not sure maybe this belongs to some VPN setup for organizations with this requirement?

    Maybe there is a misunderstanding. For clarification:

    Every app in our setup is theoretically accessible from the public internet. If the user is not authenticated and does not have rights to access the app, no HTTP traffic is getting through to the app. This improves security. The app is accessible from the public internet, but not directly exposed to it.

  • I am missing (real) SSO
    C cruftex

    Hi all,

    I am vary excited to see what cloudron has achieved so far. Almost every app that runs within our internal infrastructure is available at cloudron. Switching to cloudron would mean a big relief for us.

    Key things that I miss in clourdron:

    • real SSO, meaning not only shared user credentials but only a single sign on is needed to access all apps
    • an option that makes an app only available to authenticated users, that is separate from the app itself. This is for security reasons, so an app is not exposed to the public internet. Practically, that means that all traffic needs to run through a proxy
    • With the above it becomes possible to do things like 2FA more easily and consistent

    At the current state it is not possible to fulfill security best practices that become a requirement at many companies now.

    That wish needs a lot of basic architectural changes, so I don't expect that this comes fast.

    In the meantime please clarify SSO in the docs. Better say clearly that you don't have SSO yet and that it is a shared user database and single credential login.

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search