Hello, Yes, you still need a ldap/sql usersource. The sso server is just here to say "this user is allowed to access the application and its email is [email protected]" Then you need a ldap/sql usersource where [email protected] exist. That's so because there is additional information in the usersource needed by sogo.
Regards, -- Quentin Hivert || Alinto || R&D Lead Developer 19 Quai Perrache 69002 Lyon www.alinto.com -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Desmond Schmidt Sent: vendredi 20 juin 2025 07:36 To: Christoph Zechner ([email protected]) <[email protected]> Subject: [SOGo] openid support for direct authentication Hi, does SOGo support the direct use of an OpenId Server for authentication? It says so in the release notes for version 5.12.0 (https://www.sogo.nu/news/2025/sogo-v5120-released.html). However, elsewhere I have found this guy who says that SOGo requires the use of an additional LDAP server for the provision of user metadata (https://www.markuspetermann.net/Linux/SOGo_with_OpenID_authentication.md), and that the Keycloak is only used to verify that the user exists. So which is correct? Desmond Schmidt Catalyst IT Australia
