Skip to content

Commit 691ecbd

Browse files
committed
website/integrations: add opencloud integration
1 parent f992754 commit 691ecbd

1 file changed

Lines changed: 89 additions & 0 deletions

File tree

  • website/integrations/chat-communication-collaboration/opencloud
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
---
2+
title: Integrate with OpenCloud
3+
sidebar_label: OpenCloud
4+
support_level: community
5+
---
6+
7+
## What is OpenCloud?
8+
9+
> OpenCloud is an open-source content collaboration platform for storing, syncing, and sharing files, built on the Infinite Scale (oCIS) architecture.
10+
>
11+
> -- https://opencloud.eu
12+
13+
## Preparation
14+
15+
The following placeholders are used in this guide:
16+
17+
- `opencloud.company` is the FQDN of the OpenCloud installation.
18+
- `authentik.company` is the FQDN of the authentik installation.
19+
- `opencloud` is the slug of the authentik application.
20+
21+
This guide covers the [`opencloud-compose`](https://github.com/opencloud-eu/opencloud-compose) Docker deployment. OpenCloud authenticates only through OpenID Connect.
22+
23+
## authentik configuration
24+
25+
1. Log in to authentik as an administrator and open the Admin interface.
26+
2. Navigate to **Applications** > **Applications** and click **New Application**.
27+
- **Application**: provide a name and note the **slug**.
28+
- **Choose a Provider type**: select **OAuth2/OpenID Connect**.
29+
- **Configure the Provider**:
30+
- **Client type**: `Public`
31+
- **Client ID**: `web`
32+
- **Redirect URIs**: add the following entries (each row's first dropdown is the matching mode, the second is the type):
33+
- Type **Authorization**, **Strict**: `https://opencloud.company/oidc-callback.html`
34+
- Type **Authorization**, **Strict**: `https://opencloud.company/oidc-silent-redirect.html`
35+
- Type **Post Logout**, **Strict**: `https://opencloud.company/`
36+
- **Signing Key**: select any available key.
37+
- **Scopes**: `openid`, `profile`, `email`.
38+
- **Invalidation flow** (under **Flow settings**): `default-invalidation-flow` (**Default - Invalidation flow**). The default provider invalidation flow does not end the authentik session, which causes OpenCloud to immediately log back in after logout. If you want to use `default-provider-invalidation-flow` and keep your authentik session on logout, remove the Post Logout Redirect URI that you set above.
39+
3. Click **Submit**.
40+
41+
## OpenCloud configuration
42+
43+
In the `opencloud-compose` project, enable the external IdP overlay in `COMPOSE_FILE`. This replaces OpenCloud's built-in IdP, so login goes through authentik only.
44+
45+
```bash
46+
COMPOSE_FILE=docker-compose.yml:idm/external-idp.yml:custom/authentik-roles.yml
47+
```
48+
49+
Set the OIDC values in `.env`:
50+
51+
```bash
52+
OC_DOMAIN=opencloud.company
53+
IDP_DOMAIN=authentik.company
54+
IDP_ISSUER_URL=https://authentik.company/application/o/<slug>/
55+
OC_OIDC_CLIENT_ID=web
56+
OC_OIDC_CLIENT_SCOPES=openid profile email
57+
WEBFINGER_WEB_OIDC_CLIENT_ID=web
58+
WEBFINGER_WEB_OIDC_CLIENT_SCOPES=openid profile email
59+
```
60+
61+
:::info
62+
`WEBFINGER_WEB_OIDC_CLIENT_ID` is required — the Web UI reads its client ID from WebFinger, and login will not start if it is empty.
63+
:::
64+
65+
Create `custom/authentik-roles.yml` to assign every user the default role:
66+
67+
```yaml
68+
---
69+
services:
70+
opencloud:
71+
environment:
72+
PROXY_ROLE_ASSIGNMENT_DRIVER: "default"
73+
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "true"
74+
```
75+
76+
Recreate the stack:
77+
78+
```bash
79+
docker compose up -d
80+
```
81+
82+
## Verification
83+
84+
Open `https://opencloud.company` in a new browser window. You are redirected to authentik to log in, and after authenticating you are returned to OpenCloud.
85+
86+
## Resources
87+
88+
- [OpenCloud documentation](https://docs.opencloud.eu/)
89+
- [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose)

0 commit comments

Comments
 (0)