This is in fact a multi-circle topic: the redesign of the user/member onboarding flow. In the document I have described the current pain points and some suggestions for redesigning the process in the new website. It should help us discuss the need for a user account / identity management server. We have the offer from IndieHosters to learn from their experience with keycloak. This document is a non-technical approach to explore what we could need short and mid-term.
It also provides ideas for making the meet.coop website the central place for users to deal with and get access to everything meet.coop.
Please have a look in the document, add comments, improvements and corrections as you see fit and feel free to comment here
BTW I have taken the flow diagrams that we initiated on Eileen’s miro board and described the key issues, usecases and possible plans for the future into this document:
I was halfway through making a new post about this when I realised I was basically duplicating your work @wouter. Thank you for starting this! I wonder if it’s worth adding “SSO” to the title to make clear that this is the place to discuss it.
One thing I wanted to add to the “pain points” is that operational members need at least 4 sets of credentials per person: Discourse, Nextcloud, Greenlight (possibly ×2), and Kimai.
And, on the technical platform, I thought it would be helpful to drop in the earlier thoughts from the tech circle:
As a post-script, Autonomic uses Keycloak and it’s OK but I share @unteem’s concerns with the UI.
Nextcloud also now does support OIDC so maybe hyda is a better solution, although it doesn’t sound like any of us has personal experience with it.
Last I checked a couple of months ago, Kimai doesn’t support any SSO protocols (LDAP, SAML, or OIDC) and the only option for login integration is LDAP – but I don’t think that should hold us up.
Autonomic could potentially help with implementation, especially if any budget can be allocated to this work.
thanks @3wc for recompiling these posts and the offer to help out with this. As we discussed last week, we look forward to first have an exploratory meeting to study 1) our needs and 2) the possible solution with keycloak. Our needs are somewhat drafty documented and I feel this is a moving target: the more the solution can provide us, the more interesting our needs
We look to plan a dedicated session in the first weeks of January where we get together with @unteem, hopefully @decentral1se and @3wc to get a better feel for keycloak as part of the solution and @georgiamoon, Eileen, @melissamcnab@osb@benhylau@Yurko to think of how we want to streamline our onboarding and user management with SSO. Also I’d like to invite @NickM from Resonate as they are struggling with similar challenges over there.
thanks to all for the great session, I learnt a lot and was happy to validate several doubts! Thanks to @unteem in particular. And to @georgiamoon for keeping notes - I have added to them after the meet, and included the links to the recordings of the session. See here the notes.