SSO prototype #749
Closed
SSO prototype #749
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
June 13, 2021 22:00
* Modify login / register pages * Modify default configuration * Add feature to save SSO user data in the server
ghost
added
the
This was referenced Feb 4, 2023
|
What's the status with respect to LDAP implementation? |
|
Hello @vncntwbr, this PR won't probably ever be merged but we will be working on Single Sign-On (SSO) soon. As you can see it's listed on our public roadmap that you can find on the bottom of our website. We haven't decided anything yet regarding the different protocols we'll be implementing, so I can't promise anything regarding Lightweight Directory Access Protocol (LDAP). 😊 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR results from an end-of-study project, and aims to add a SSO solution for enterprises for the CryptPad software.
This is at prototype stage, but can still be used as a good starting point for a further implementation into the software.
One limitation due to the nature of the Cryptpad software, is that the user still have to provide a dedicated Cryptpad password after the SSO login / registration, as this password is needed to generate their public and private keys.
Basic features:
How to configure
The following steps are required in order to be able to setup and test the PR changes.
First, setup a working normal CryptPad instance. This will be our base to setup the SSO.
In order to support SSO inside Nginx, we used the lua-resty-openidc library.
However, in order to have lua scripts to work inside Nginx, we need to use the OpenResty enhanced version of Nginx:
Then download
lua-resty-openidcusing the Openresty Packet Manager:The Nginx configuration file needs to be replaced by the following: sso.example.nginx.conf
You will also need the following file, to be placed in
/etc/nginx/: oidc.confIn this file you will be able to configure your sso endpoints.
Also, in the
customizefolder of your CryptPad instance, override theapplication_config.js, and add the followingso that SSO is enabled everywhere inside the instance.
Once you're done modifying the configuration files, you can start everything:
Further work
For now, only LDAP users of the server can have access to the instance. It could be great to also implement a system of guest user, who could have view rights on given pads.