User Management: OpenID support (or SAML) #553
Comments
|
Not exactly what you want, but if you put the service behind oauth2-proxy and then disable auth in uptime-kuma, you can integrate with keycloak and all other oauth2 providers that oauth2-proxy supports. |
|
Thanks! That's interesting but I'd like to have the status page public, and be able to login for the dashboard (as now, but with Oauth). Is that doable with oauth2-proxy? |
|
Yes it is possible - the authetication is done in keycloak only. You need to set only which group from keycloak has access |
|
another alternative would be to use something like https://github.com/pomerium/pomerium (there are a few but this is one i have used in the past) |
|
FYI @eldiaboloz it works with this solution for now. Even if I'd like "real" OpenID integration, this is enough for my use case 👍 |
|
I think adding SSO integration (OAuth or SAML) would make this APP much more interesting for small businesses and small organisations, who already have a weak IT-department and trouble managing credentials... |
|
+1 i am looking for SSO integration at least either OIDC or SAML since I run keycloak in my environment |
|
If it matters at all, I also would find (basic) SAML or OIDC support useful |
|
I'm interested to the openID support to, and I'm interested to implement the functionality. @louislam , do you accept PR for this ? |
could you please post the relevant part of your docker-compose-file? |
|
I'm not using Docker at all. |
|
|
Hey @louislam how you going, How would you receive a PR adding a basic OIDC login mechanism? (Similar to this one.) Just a minimal integration whereby following a successful authentication with an Identity Provider, Uptime Kuma would check if there is an existing user in its system with a username matching the one extracted from the ID token issued by the IdP and log the user in to that account. This could be done using openid-client in under 500 lines of code in a day or two. FYI @olivierlambert |
|
Uptime Kuma being a really great FOSS status service watcher (emphasizing on the "FOSS" as most status page providers make you pay ridiculous fees for the service it is), OIDC support would be greatly appreciated |
Not related to #2280, but an offshoot of #128: The change suggested by @marekful seems quite daunting and really hard to implement+review.
|
|
A simple implementation with oidc-client-ts could achieve the same result as using ouath2-proxy. I don't think user management would have to be a thing, just check if the user has a configured group or role. All user management happens in the oidc provider. |
|
Yea the implementation of OIDC would be huge bonus for this app. Same as many we run keycloak to access everything and I would be super happy if we got just verification, yes this use is in this group he can log in... does not have to support full user management in app. and Log out button to work ( people tend to forgot it :D ) |
|
Been thinking about deploying this at work to provide some monitoring for our developers of services and having oauth2 would be SO much easier to handle. Something like an allowed domains thing too so then we can restrict which email domains can log in |
chakflying
changed the title
|
+1000 |
|
I started using beszel and it offloads its user management to PocketBase, which enables OIDC out of the box with some popular provides predefined! Another project which uses PB is UpSnap. |
That would be cool to get login working via an OpenID provider (using SSO in short, with Keycloak for example).
I know that
keycloak-jscan do it (https://www.keycloak.org/securing-apps/vue is a complete walk-through), or even https://www.npmjs.com/package/vue-oidc-client as a more generic one. There's also https://github.com/openid/AppAuth-JSI'm not fluent enough in Vue, but I can do the tests for you on a dedicated branch if you like 👍
The text was updated successfully, but these errors were encountered: