Table of Contents

OAuth 2.0 SSO

Current considered solution is Authelia. Alternatively, Nextcloud seems to embed an identity provider starting from NC 14.

TODO: check whether the Nextcloud IDP exists and its capabilities

According to the documentation, it can be deployed either over bare metal (good, since we use LXCs), or over K8s.

The documentation references multiple deployment scenarios:

Using Oauth2 for MX authentication

Open Authentication v2.0 database - Dovecot

https://documentation.open-xchange.com/7.10.2/middleware/mail/dovecot/oauth_2.0_with_postfix_and_dovecot.html

Roundcube supports the XOAUTH2 mechanism starting from version 1.5

Configuring Roundcube to use Oauth2

Other applications

Dokuwiki

A maintained plugin exists (https://www.dokuwiki.org/plugin:oauth).

TODO: test the configuration and paste a sample here

Apache2

An Apache module is available in the Debian repositories, starting from Debian Jessie.

https://packages.debian.org/sid/libapache2-mod-auth-openidc

https://github.com/zmartzone/mod_auth_openidc

TODO: test the configuration and paste a sample here