search

overleaf / overleaf

A web-based collaborative LaTeX editor
GNU Affero General Public License v3.0
13.76k stars 1.41k forks source link

OpenID Connect Support #1005

Open KaratekHD opened 2 years ago

KaratekHD commented 2 years ago

I am currently thinking about deploying Overleaf as part of a bunch of self hosted solutions that we use for school (because what the school provides is not that great). Currently we use HedgeDoc for quick collaborative note taking, but when I found out about Overleaf I immediately thought that it would be super cool to have it for documents that are more than just notes. Problem is, I use Keycloak for Authentication using OpenIDc, which seems not to be supported in Overleaf. Am I just missing something or are there plans to implement OpenIDc in the future? Thank you - Jens

PS: I know that Overleaf Server Pro does support SAML, but buying a license for only ~5 people does not really make sense, especially since we only use this for school and don't make any profit with it.

sparkcyf commented 2 years ago

I am currently thinking about deploying Overleaf as part of a bunch of self hosted solutions that we use for school (because what the school provides is not that great). Currently we use HedgeDoc for quick collaborative note taking, but when I found out about Overleaf I immediately thought that it would be super cool to have it for documents that are more than just notes. Problem is, I use Keycloak for Authentication using OpenIDc, which seems not to be supported in Overleaf. Am I just missing something or are there plans to implement OpenIDc in the future? Thank you - Jens

PS: I know that Overleaf Server Pro does support SAML, but buying a license for only ~5 people does not really make sense, especially since we only use this for school and don't make any profit with it.

You may modified the AuthenticationController.js and the AuthenticationManager.js to add a wrapper of the registration process to enable keycloak openid auth or LDAP auth of the overleaf instance. You may check the modified code here: https://mirrors.sustech.edu.cn/git/sustech-cra/overleaf-ldap-oauth2/-/tree/main/ldap-overleaf-sl/sharelatex

(I also wrote a brief article about these modifications in Chinese: https://sparktour.me/2022/06/11/self-host-overleaf-with-ldap-and-oauth2-support/)

maltegrosse commented 1 year ago

@sparkcyf seems like a nice solution. is there a keycloak (openid) standalone functionality available? does it also supports openid scopes like groups/roles?

sparkcyf commented 1 year ago

@mserranom

Hi, I just add a builtin openid connect client in the keyclock and change the "Client Authenticator" settings to "Clientid and Secret" without any other modifications. If you want to support the openid scopes, you may add some futher conditional judgment in AuthenticationController.js to allow specify group/roles to login via your provider.

image image
Unacoli commented 1 year ago

Hello !

Is there any news about a OpenID support working directly in overleaf without having to modify some code ?

Ty !

VPaulV commented 1 year ago

@sparkcyf this is great, thank you! By any chance could you update it for the overleaf 3.5 when have time?

microbearlogist commented 1 year ago

@sparkcyf Do you know if your nice Oauth implementation works with the the 4.xx of overleaf? (I'm fiddling with it but so far without success)

VPaulV commented 9 months ago

https://github.com/smhaller/ldap-overleaf-sl - LDAP for 4.1.1 is available here