Hello, Yes, you still need a ldap/sql usersource. The sso server is just here to say "this user is allowed to access the application and its email is bla...@example.org" Then you need a ldap/sql usersource where bla...@example.org exist. That's so because there is additional information in the usersource needed by sogo.
Regards, -- Quentin Hivert || Alinto || R&D Lead Developer 19 Quai Perrache 69002 Lyon www.alinto.com -----Original Message----- From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of Desmond Schmidt Sent: vendredi 20 juin 2025 07:36 To: Christoph Zechner (zech...@vrvis.at) <users@sogo.nu> Subject: [SOGo] openid support for direct authentication Hi, does SOGo support the direct use of an OpenId Server for authentication? It says so in the release notes for version 5.12.0 (https://www.sogo.nu/news/2025/sogo-v5120-released.html). However, elsewhere I have found this guy who says that SOGo requires the use of an additional LDAP server for the provision of user metadata (https://www.markuspetermann.net/Linux/SOGo_with_OpenID_authentication.md), and that the Keycloak is only used to verify that the user exists. So which is correct? Desmond Schmidt Catalyst IT Australia
