bewcloud
[Feature Request] SSO support
Are there any plans to introduce SSO functionality? I want to connect with openid.
Hi @rolestack thanks for suggesting this! I don't plan to as that would make this require an external service, but I would certainly approve a PR which adds that functionality as an optional config setting.
Hi
do you have any other updates on this? I found this awesome app on selfhosted
I've fallen in love with self hosting I'm trying to deploy a bunch of stuff.
But it's a hassle to log in to each service I desperately need SSO, LDAP, etc....
Thank you
Hi @enchove I see some votes, so I might eventually consider building it. How would this be useful to you? Would you configure your own client id + secret for Google/Microsoft SSO in .env, for example?
Most people who want this feature are probably looking for integration with self-hosted SSO solutions like Keycloak, Authentik, or Authelia. I'm using Authentik myself.
Most other apps I integrated with authentik try and implement support for the OpenID endpoint discovery features, which basically reduces the required configuration to (correct me if I am wrong)
- Client ID
- Client Secret
- Discovery URL of the Identity Provider
- (optional but exceptionally useful) Attribute to prefer as user name
- (optional but some people will appreciate it) switch to turn off auto registration
Most software will create and enroll a user if they are able to sign in successfully with a third party provider but the user does not exist locally. Some people like to disable this to have more control over which services are usable with simpler OIDC servers that do not allow to define policies per service/client-id - or to allow people to sign in with Google but only allow pre-approved accounts to be used and not all google users :D.
Some providers like Google or - especially - github will require some hard coded defaults for special settings so they work out of the box but generally most people using this will appreciate to use their home lab OIDC server I guess :).
Additional Bonus: since Radicale - which you refer to in your FAQ about CalDAV - supports third party auth one could get closer to a newcloud or groupware-like experience by employing a simple third party auth provider if desired (optional of course) with none of the burden of managing users, acces, interoperability etc lying with bewcloud or radicale.
Spreading data over several services that are each well suited for their scope of work gets much easier when one does not have to manage users in each app. I read the purpose of bewcloud very close to this sentiment: build a slim and focued app for file and data sharing/management. Leave the complexities to other software. Optional Third Party Auth seems very much in line with this to me :)
Thanks for the details @juliadin, these are helpful! I'm planning to start working on a more robust config soon, to prepare for working on this (and other optional features) next.
Happy to help. If you need help testing or documenting features (this or something else) let me know. I am an absoulute dud at coding but I can write :)