Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR results from an end-of-study project, and aims to add a SSO solution for enterprises for the CryptPad software.
This is at prototype stage, but can still be used as a good starting point for a further implementation into the software.
One limitation due to the nature of the Cryptpad software, is that the user still have to provide a dedicated Cryptpad password after the SSO login / registration, as this password is needed to generate their public and private keys.
Basic features:
How to configure
The following steps are required in order to be able to setup and test the PR changes.
First, setup a working normal CryptPad instance. This will be our base to setup the SSO.
In order to support SSO inside Nginx, we used the lua-resty-openidc library.
However, in order to have lua scripts to work inside Nginx, we need to use the OpenResty enhanced version of Nginx:
Then download
lua-resty-openidc
using the Openresty Packet Manager:The Nginx configuration file needs to be replaced by the following: sso.example.nginx.conf
You will also need the following file, to be placed in
/etc/nginx/
: oidc.confIn this file you will be able to configure your sso endpoints.
Also, in the
customize
folder of your CryptPad instance, override theapplication_config.js
, and add the followingso that SSO is enabled everywhere inside the instance.
Once you're done modifying the configuration files, you can start everything:
Further work
For now, only LDAP users of the server can have access to the instance. It could be great to also implement a system of guest user, who could have view rights on given pads.