linux_server_manuals:nextcloud_saml_authentication_against_keycloak
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
linux_server_manuals:nextcloud_saml_authentication_against_keycloak [2023/06/25 15:09] – [Keycloak configuration] admin | linux_server_manuals:nextcloud_saml_authentication_against_keycloak [2023/06/25 17:24] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Keycloak as (SAML) SSO-Authentication provider for Nextcloud ====== | ====== Keycloak as (SAML) SSO-Authentication provider for Nextcloud ====== | ||
- | We can use Keycloak as SSO (Single Sign On) authentication provider for nextcloud using SAML. < | + | We can use Keycloak as SSO (Single Sign On) authentication provider for nextcloud using SAML. < |
Before anything else you should have a working Keycloak installation ;-) : [[: | Before anything else you should have a working Keycloak installation ;-) : [[: | ||
Line 25: | Line 25: | ||
|**URL location of the IdP for SLO ** |< | |**URL location of the IdP for SLO ** |< | ||
|**Public x.509 certificate of the IdP** | |Copy here the public certificate of keycloak which you can find in **realm settings/ | |**Public x.509 certificate of the IdP** | |Copy here the public certificate of keycloak which you can find in **realm settings/ | ||
+ | |**Attribute to map the email to** |email| | | ||
+ | |**Attribute to map the User groups to** |Role|if you want to get the roles from keycloak. if you want to get the groups, use member, otherwise leave empty| | ||
|**Indicates whether the < | |**Indicates whether the < | ||
|**Indicates whether the < | |**Indicates whether the < | ||
Line 34: | Line 36: | ||
Then click an **Download metadata XML** and save the file, you'll need it for Keycloak. | Then click an **Download metadata XML** and save the file, you'll need it for Keycloak. | ||
- | __false__ | + | ===== Keycloak configuration ===== |
+ | |||
+ | In keycloak go to clients and choose " | ||
+ | |||
+ | Then go to the **Client scopes** tab and delete the **roles_list** scope. It won't work since it is not configured as < | ||
+ | Now below Assigned client scope click on the URL **< | ||
+ | |||
+ | Then create multiple new mappers: **add Mapper/by configuration/ | ||
+ | |||
+ | ^setting^value| | ||
+ | |**name** |username| | ||
+ | |**property** |username| | ||
+ | |**SAML attribute name** |username| | ||
+ | |**SAML attribute name format** |basic| | ||
+ | |||
+ | ^setting^value| | ||
+ | |**name** |email| | ||
+ | |**property** |email| | ||
+ | |**SAML attribute name** |email| | ||
+ | |**SAML attribute name format** |basic| | ||
+ | |||
+ | If you want to map the roles or groups to nextcloud add a **Role list** respectively **Group list** mapper (instead of User property). | ||
+ | |||
+ | ^setting^value| | ||
+ | |**name** |role list| | ||
+ | |** | ||
+ | Role attribute name ** |Role| | ||
+ | |**SAML attribute name format** |basic| | ||
+ | |** | ||
+ | Single Role Attribute ** |on| | ||
+ | |||
+ | So now everything should be working. Try to log in. If it doesn' | ||
linux_server_manuals/nextcloud_saml_authentication_against_keycloak.1687705748.txt.gz · Last modified: 2023/06/25 15:09 by admin