[00:14:08]
<Yunohost Git/Infra notifications> [roundcube_ynh] yunohost-bot opened [pull request #260](https://github.com/YunoHost-Apps/roundcube_ynh/pull/260): Upgrade to v1.6.14
[00:14:15]
<Yunohost Git/Infra notifications> Autoupdater just ran, here are the results:
- 40 pending update PRs
- 14 new apps PRs: bentopdf, diagramsnet, dokos, invoiceninja5, jackett, lasuite-meet, liberaforms, n8n, nocodb, roundcube, sshwifty, syncserver-rs, tooljet, tunarr
- 8 failed apps updates: adminer, arn_messager, gogs, jenkins, passed, piped, planka, stirling-pdf
See the full log here: https://paste.yunohost.org/raw/lahuwedaqo
Autoupdate dashboard: https://apps.yunohost.org/dash?filter=autoupdate
[01:38:38]
<Yunohost Git/Infra notifications> Autoupdater just ran, here are the results:
- 52 pending update PRs
- 3 new apps PRs: liberaforms, outline, wallos
- 7 failed apps updates: adminer, arn_messager, gogs, jenkins, passed, planka, stirling-pdf
See the full log here: https://paste.yunohost.org/raw/lemuvafiso
Autoupdate dashboard: https://apps.yunohost.org/dash?filter=autoupdate
[02:41:02]
<Aleks (he/him/il/lui)> The autoupdater runs twice per night these days ...?
[12:01:52]
<orhtej2> > <@Alekswag:matrix.org> The autoupdater runs twice per night these days ...?
It's doing overtime for the times it didn't run at all
[12:19:48]
<m606> Hello, I don't really get how to configure `sso = true`. In several existing apps I see in the org (wallabag2, navidrome, miniflux) it seems there is nothing more than this param in manifest.toml. As if SSO settings were auto-discovered?
Whereas this app I am looking to package requires a SSO server URL to be defined: https://docs.comentario.app/en/configuration/frontend/domain/authentication/sso/
Also I wonder whether there could something annoying upstream, i.e. that this setting has to be added into the app's own config page (saved to the postreSQL DB?) and not the the backend .conf file as for other settings.
[12:20:20]
<m606> Hello, I don't really get how to configure `sso = true`. In several existing apps I see in the org (wallabag2, navidrome, miniflux) it seems there is nothing more than this param in manifest.toml. As if SSO settings were auto-discovered?
Whereas this app I am looking to package requires a SSO server URL to be defined: https://docs.comentario.app/en/configuration/frontend/domain/authentication/sso/
Also I wonder whether there could be something annoying upstream, i.e. that this setting has to be added into the app's own config page (saved to the postreSQL DB?) and not the the backend .conf file as for other settings.
[12:22:40]
<m606> Hello, I don't really get how to configure `sso = true`. In several existing apps I see in the org (wallabag2, navidrome, miniflux) it seems there is nothing more than this param in manifest.toml. As if SSO settings were auto-discovered?
Whereas this app I am looking to package requires a SSO server URL to be defined: https://docs.comentario.app/en/configuration/frontend/domain/authentication/sso/
Also I wonder whether there could be something annoying upstream, i.e. that this setting has to be added into the app's own config page (saved to the postreSQL DB?) and not into one of the backend config file ([env vars](https://docs.comentario.app/en/configuration/backend/static/) or [yaml secrets](https://docs.comentario.app/en/configuration/backend/secrets/)) as for other settings.
[12:28:13]
<tituspijean[m]> > Hello, I don't really get how to configure sso = true. In several existing apps I see in the org (wallabag2, navidrome, miniflux) it seems there is nothing more than this param in manifest.toml. As if SSO settings were auto-discovered?
It is only declarative, not auto-discovered. You should set it to `true` if the user does not need to re-enter their credentials when they are logged in on the YunoHost user portal.
[12:32:32]
<m606> Oh ok thanks. But then the SSO magic generally happens without further config ?
Here is a screenshot of this app internal config panel (other apps do not require such URL?):
[12:32:33]
<m606> https://aria.im/_bifrost/v1/media/download/AW8gXq_t4IfBootx7VQ-794Ixq5yjoPEFu1BlqCuN0rNkznGspGcU6Y9MvdyJ7NPdOS2mcsvMoVHAPyfd6etgCNCedCzurmwAG1hdHJpeC5vcmcvaHBFZ3lnUkZoakZVSWJPcWNMb1RrSHB3
[12:34:17]
<m606> well SSO URL here would be 127.0.0.1 ? https://doc.yunohost.org/en/dev/packaging/advanced/sso_ldap_integration
[12:48:55]
<orhtej2> > <@m606:matrix.org> Oh ok thanks. But then the SSO magic generally happens without further config ?
> Here is a screenshot of this app internal config panel (other apps do not require such URL?):
Magic happens as ssowat rewrites authorization header to current user credentials, if the app can map that to successful auth then sso works
[12:49:12]
<m606> Ok I get this now, thanks. And would you have a guess why this app requires SSO server URL and SSO token when other app do not seem to require that?
[12:56:52]
<tituspijean[m]> I think you should check its documentation to see the particulars, it seems they have their own SSO implementation.
[13:08:27]
<m606> password versus tokens, right ?
[13:08:27]
<orhtej2> > <@m606:matrix.org> well SSO URL here would be 127.0.0.1 ? https://doc.yunohost.org/en/dev/packaging/advanced/sso_ldap_integration
That's not the sso ssowat supports, we're doing password-based one
[13:14:24]
<orhtej2> > <@m606:matrix.org> password versus tokens, right ?
Yeah, we're not doing oidc flow
[13:14:25]
<m606> hmm so is this OIDC ? Because the app also offers OIDC auth, but upstream doc lists SSO as an alternative to OIDC: https://docs.comentario.app/en/configuration/frontend/domain/authentication/
[13:14:25]
<orhtej2> if app parses `authorization basic user:pass` you're golden
[13:26:48]
<miro5001> No, OIDC is planned for someday in 13.1
[14:18:07]
<m606> yep - I know the status of OIDC for YNH, but I meant in this specific app, is the SSO implemented (token-based) actually OIDC as I understand orhtej2 was suggesting? These is my first case dealing with SSO for an app (and I don't know OIDC in details), so I am a bit confused.
[14:21:11]
<orhtej2> > <@m606:matrix.org> hmm so is this OIDC ? Because the app also offers OIDC auth, but upstream doc lists SSO as an alternative to OIDC: https://docs.comentario.app/en/configuration/frontend/domain/authentication/
I think this is a case of 'words are hard', ynh offers nothing but authorization basic header
[14:21:45]
<m606> should I understand that the world of SSO is broad (as opposed to one or few standardized implementations), and the SSO system implemented in YNH is this auth header mechanism? i.e. that something with a server URL and a token (as in the app I mention) is of another nature ?
[14:38:20]
<m606> probably i'll just ask upstream about the implementation
[15:19:00]
<m606> https://gitlab.com/comentario/comentario/-/work_items/226
[15:46:46]
<m606> so yes upsteam dev tells me that Comentario uses an own, non-standard SSO implementation (https://edge.docs.comentario.app/en/configuration/frontend/domain/authentication/sso/interactive/). And it's API based with a payload bigger than just user:password, so I guess this won't be compatible with SSOWAT.
[16:04:02]
<orhtej2> > <@m606:matrix.org> so yes upsteam dev tells me that Comentario uses an own, non-standard SSO implementation (https://edge.docs.comentario.app/en/configuration/frontend/domain/authentication/sso/interactive/). And it's API based with a payload bigger than just user:password, so I guess this won't be compatible with SSOWAT.
Then sso=false and you're done
[23:06:21]
<Yunohost Git/Infra notifications> [borg_ynh] yunohost-bot opened [pull request #253](https://github.com/YunoHost-Apps/borg_ynh/pull/253): Upgrade to v1.4.4
[23:49:30]
<Yunohost Git/Infra notifications> [stirling-pdf_ynh] yunohost-bot opened [pull request #143](https://github.com/YunoHost-Apps/stirling-pdf_ynh/pull/143): Upgrade to v2.7.3
[23:54:53]
<Yunohost Git/Infra notifications> Autoupdater just ran, here are the results:
- 47 pending update PRs
- 23 new apps PRs: armadietto, audiobookshelf, borg, borgserver, dagu, discourse, dokos, esphome, fiduswriter, indico, jackett, lasuite-docs, mitra, nodebb, ollama, peertube, qui, sonarr, stirling-pdf, tooljet, tunarr, wallos, wekan
- 7 failed apps updates: adminer, arn_messager, gogs, jenkins, overleaf, passed, planka
See the full log here: https://paste.yunohost.org/raw/motidiseta
Autoupdate dashboard: https://apps.yunohost.org/dash?filter=autoupdate