Is this a valid approach to enable OAUTH2?

As I was browsing the community forum I stumbled on this post, which lead me to look deeper into Oauth2_Proxy. I found it an interesting approach to enable SSO for passbolt, however, it doesn’t really integrate directly with Passbolt’s authentication.

Now, when I look more at some techniques to get this going, I came across this forum post about a CakePHP plugin that could possibly enable me to do this.

I’m curious if combining Oauth2_Proxy and this CakePHP plugin I would be able to achieve my desired functionality?

P.S: I understand that the pro version offers this, but that’s not in the stars right now.

Hi @GermaineNocturnal and welcome to the forum,

Sorry to put my sales suit, but SSO with azure and google is available with the pro version if its possible for you.
You can send an email to sales@passbolt.com if you want to know more

1 Like

Thank you, Max, for mentioning the availability of the SSO functionality in the pro version. While I understand that option exists, I’m still interested in exploring other possibilities for now. If you have any insights or suggestions regarding the combination of OAuth2_Proxy (Or something like it) and the CakePHP plugin, I would greatly appreciate it. I’m keen to explore these alternatives further to see if they can meet my current needs. Thank you!

@GermaineNocturnal Many users have worked out new approaches to meet their requirements. When you get to that point please share it with the community so others can benefit.

But, can you elaborate a bit more on your needs? What is the objective?

The idea is to somehow enable SSO and get it integrated with Passbolt’s authentication. I want to simplify the login process as much as I can. So, the idea would be to allow logging in to passbolt through Oauth2/Azure AD/SAML, whichever is the easiest to implement without consistent debugging. I’m not expecting much, but it’s definitely something I’m curious to see if I can apply on my own.

If you’ve come across techniques other users have shared, please don’t hesitate to link them. Thanks.

@GermaineNocturnal Is this for just you or a team?

At best I’d like to get it working for my family using their google accounts or maybe some other variations. Ultimately it’s out of a sense of curiosity and a desire to tinker and explore.

I can respect that.

Regarding this feature specifically, I’m not aware of anyone else’s work on it as the pasabolt dev team worked toward offering this in the Pro version after years of users having requested it but it not being available.

All are welcome to tinker, but as this feature is already being offered and further developed in the Pro version, the need for it is being met that way.

Passbolt is open source but 100% of development and vision is determined by the internal team after feedback from users and the community. Ultimately we are all working together on bugfixes and security toward a better product in either the Pro or CE version.

I hope this helps your understanding of the matter, and thanks for being a part of the community!

2 Likes