Federated Authentication (Oauth2 / OIDC) #133

New Issue

MrUnknownDE · 2026-04-05T16:16:40+02:00

MrUnknownDE commented

2026-04-05 16:16:40 +02:00

Originally created by @senpro-ingwersenk on 10/27/2025

Is your feature request related to a problem? Please describe.
As part of a project, we are looking into E-Mail archival solutions and came across this. However, one feature we did not find, was OIDC or other kinds of federated authentication (like LDAP).

So, I would like to just put this out there as a feature request. :)

Describe the solution you'd like
I would like to be able to authenticate users either against an OIDC IdP or LDAP service to centralize user management to a degree. I am not looking for super sophisticated RBAC or anything - just enough of it to say that users in group X are allowed to go into the archive, at least. But mainly, I would like to keep my users managed centrally. We typically use Keycloak connected to our LDAP/AD, so both options are available to us (as well as many others that Keycloak supports).

Describe alternatives you've considered
A (less than optimal, to be honest) alternative would be to use proxy-headers. This is a known method - Grafana, for example, supports this and there are a few others. It works by picking up X-User-* request headers passed down by a reverse proxy - be it Traefik with a middleware, Pomerium or oauth2-proxy. Especially with the latter, this would probably the "simplest" implementation, but very much the least secure.

Additional context
We've basically had it "'till here" with REDDOXX and other commercial solutions. Installing blackboxes left and right is slightly annoying - and, we already have miniature Kubernetes instances deployed at locations, so we could reuse that - by creating an OpenArchiver Helm Chart, in case it doesn't already exist.

This is still very much in the "we're just checking things out" phase of things - but so far, OpenArchiver seems to be the most suitable solution - well, aside from missing OIDC/LDAP authentication.

Thank you and kind regards!

*Originally created by @senpro-ingwersenk on 10/27/2025* **Is your feature request related to a problem? Please describe.** As part of a project, we are looking into E-Mail archival solutions and came across this. However, one feature we did not find, was OIDC or other kinds of federated authentication (like LDAP). So, I would like to just put this out there as a feature request. :) **Describe the solution you'd like** I would like to be able to authenticate users either against an OIDC IdP or LDAP service to centralize user management to a degree. I am not looking for super sophisticated RBAC or anything - just _enough_ of it to say that users in group X are allowed to go into the archive, at least. But mainly, I would like to keep my users managed centrally. We typically use Keycloak connected to our LDAP/AD, so both options are available to us (as well as many others that Keycloak supports). **Describe alternatives you've considered** A (less than optimal, to be honest) alternative would be to use proxy-headers. This is a known method - Grafana, for example, supports this and there are a few others. It works by picking up `X-User-*` request headers passed down by a reverse proxy - be it Traefik with a middleware, Pomerium or oauth2-proxy. Especially with the latter, this would probably the "simplest" implementation, but very much the least secure. **Additional context** We've basically had it _"'till here"_ with REDDOXX and other commercial solutions. Installing blackboxes left and right is slightly annoying - and, we already have miniature Kubernetes instances deployed at locations, so we could reuse that - by creating an OpenArchiver Helm Chart, in case it doesn't already exist. This is still very much in the "we're just checking things out" phase of things - but so far, OpenArchiver seems to be the most suitable solution - well, aside from missing OIDC/LDAP authentication. Thank you and kind regards!

MrUnknownDE added the enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement labels 2026-04-05 16:16:40 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/OpenArchiver#133