Zum Hauptinhalt springen

General Information

Abstract

This service provides a builtin minimal OpenID Connect provider based on LibreGraph Connect (lico) for OpenCloud.

It is mainly targeted at smaller installations. For larger setups it is recommended to replace IDP with an external OpenID Connect Provider.

By default, it is configured to use the OpenCloud IDM service as its LDAP backend for looking up and authenticating users. Other backends like an external LDAP server can be configured via a set of enviroment variables.

Note that translations provided by the IDP service are not maintained via OpenCloud but part of the embedded LibreGraph Connect Identifier package.

Table of Contents

Configuration

Custom Clients

By default the idp service generates a OIDC client configuration suitable for using OpenCloud with the standard client applications (Web, Desktop, iOS and Android). If you need to configure additional client it is possible to inject a custom configuration via yaml. This can be done by adding a section clients to the idp section of the main configuration file (opencloud.yaml). This section needs to contain configuration for all clients (including the standard clients).

For example if you want to add a (public) client for use with the oidc-agent you would need to add this snippet to the idp section in opencloud.yaml.

clients:
- id: web
  name: OpenCloud Web App
  trusted: true
  secret: ""
  redirect_uris:
  - https://opencloud.k8s:9200/
  - https://opencloud.k8s:9200/oidc-callback.html
  - https://opencloud.k8s:9200/oidc-silent-redirect.html
  post_logout_redirect_uris: []
  origins:
  - https://opencloud.k8s:9200
  application_type: ""
- id: OpenCloudDesktop
  name: OpenCloud Desktop Client
  trusted: false
  secret: ""
  redirect_uris:
  - http://127.0.0.1
  - http://localhost
  post_logout_redirect_uris: []
  origins: []
  application_type: native
- id: OpenCloudAndroid
  name: OpenCloud Android App
  trusted: false
  secret: ""
  redirect_uris:
  - oc://android.opencloud.eu
  post_logout_redirect_uris:
  - oc://android.opencloud.eu
  origins: []
  application_type: native
- id: OpenCloudIOS
  name: OpenCloud iOS App
  trusted: false
  secret: ""
  redirect_uris:
  - oc://ios.opencloud.eu
  post_logout_redirect_uris:
  - oc://ios.opencloud.eu
  origins: []
  application_type: native
- id: oidc-agent
  name: OIDC Agent
  trusted: false
  secret: ""
  redirect_uris:
  - http://127.0.0.1
  - http://localhost
  post_logout_redirect_uris: []
  origins: []
  application_type: native