Please understand you’re asking for us to tell you which SSO method to implement for all of your services
No, but I can see why you might say that.
Right now there is a lot of gas out there, result = nowhere to go. For those not in the know, there isn’t even a ‘consider path A, B, or C’ place to start.
OTOH, if I knew what the heck options A, B, or C, were, I could start reading up on them, and begin evaluating what might make the most sense for my particular circumstances. As it stands now, I’m stuck in neutral.
Thus my posing of the questions. Pick the ‘SSO’ topic, and one drowns. Thus posing this question.
My suggestion for Nextcloud would be LDAP
LDAP in and of itself is not a solution. It’s a database. A storage. It’s clear in Nextcloud how to connect to it. But it doesn’t update it. Missing is … how do users populate that LDAP.
however since Nextcloud supports Gluu,
But in and of itself, is it an entire solution, or does it need the for cost oxd server?
Users don’t self-manage in the case of LDAP
Yes, they do, they must, here in this VPS environment. LDAP is a facility I set up. (One of the problems with LDAP is a lack of a real schema from the get go. [Not actually true.] In the sense that “Here’s a user.” doesn’t initially have a landing point.) The user setup must include go to < this link >, ‘register’, get on with your day. This VPS non-corporate environment requires that.
You give users their accounts
No. Not a corporate environment. i.e. No HR wherein at hiring an automatic LDAP population mechanism is triggered. They go to a link, indicate their interest, register, and proceed. Optionally, but not necessarily, there might be an approval mechanism.
LDAP doesn’t have a signup system… though Gluu or other solutions may hook into LDAP
Exactly. But a signup system is a necessity / part of the criteria within the OP. (And goes back to which ones have < that > that people like.)
But that is far out of scope for the Nextcloud system
But not out of scope for the users of this Nextcloud forum, within which we are talking here, who have rich experience using Nextcloud in the real world. (I don’t disagree with your point, for the nextcloud system, wherein appropriate addons are available. And upon which specific questions could be asked.)
Note: You do not need a commercial license (or a support plan) to use the Gluu Server in production.
Which is part of my point - the contradictory information. e.g. They do not say there, a Nextcloud production involving their provided Nextcloud addon.
They do say OpenID Connect SSO by Gluu - Apps - App Store - Nextcloud “you can deploy the free open source Gluu Server.”, the link to which then goes on to say (Homepage link) “Simple Pricing $ 0.33 USD/day for each active oxd installation”, (User Documentation) “Requirements# In order to use the NextCloud APP you will need a standard OP (like Google or a Gluu Server) and the oxd server.” and say elsewhere ‘oxd server’ ‘pricing’.
[Thus my questions in this forum as to anyone’s use / experience of it - as I can’t tell from the contradictory information available whether or not this is snake oil.]
If integration between LDAP, Gluu or another identity manager isn’t listed in the docs, you’ll need to look for either a partner document, or a community guide.
Which is what I have asked for in this thread.
But I don’t know if it’ll work with your other services
Let me worry about that. At the moment I can’t even discern the Nextcloud solution pathways. (Thus the OP.) [From which, the presumably multiple choices to be read up on, the most compatible one could take step 1 … if I knew which solutions’s step 1’s were candidates.]
Absolutely, you won’t necessarily need the Gluu plugin if it’s talking directly to LDAP.
Which only (finally) occurred to me through the process of posing and thinking through this thread. (Talking it out, as it were.)
we can only state with certainty what NC will support
Of course, that’s a given. Except … this is a community, whom’s experiences we all lean on. (I’ve yet to meet an admin that doesn’t have horror stories that they are keen on helping others avoid.)
The Nextcloud announcement actually points to Gluu for details on installing:
Yes, however I’ve not actually asked any installation questions - merely, Nextcloud users … have you found this viable? (And truly free.)
So, back to the original point:
What are people using for SSO solutions installed on the same server as their Nextcloud?
e.g. ‘Shibboleth’ is not an answer. From my going in circles, Shibboleth may be part of ‘a’ solution, but it’s not a starting point. vs ‘X’ implements a Shibboleth server < blah blah blah >. And it was found/not useful.
It’s knowing what ‘X’ is, to go there and start reading to determine efficacy per my environment, that’s the problem.
Put another way …
Through initial experimentation with Nextcloud, and installing OpenLDAP, it -eventually- became apparent that Nextcloud won’t populate LDAP (so users need another registration mechanism, but what), and OpenLDAP does not itself contain a schema (really), nor an interface to which users can get to to insert themselves. [e.g. A stock OpenLDAP schema may permit a person to be added, but as a Unix user, no e-mail field. So < secret sauce > must be added … and then the going up and down the technical facility chain begins. Figuring out which connects to what, and where the ultimate start and step one points are … are what this OP is all about.]
So … given my public Linux user group, how do I get my users into Nextcloud most easily and globally internet happilly way? The answer appears to be OpenID related. But … thus the purpose of the OP.
What is used to implement SSO (that Nextcloud can take advantage of)? ‘LDAP’ is not an answer, it’s a storage mechanism, a back end. The answer may be ‘includes’ or ‘talks to’ an LDAP server, but LDAP is not itself an answer.
What is?