linux_server_manuals:nextcloud_saml_authentication_against_keycloak
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
linux_server_manuals:nextcloud_saml_authentication_against_keycloak [2023/06/25 15:37] – old revision restored (2023/06/25 14:55) admin | linux_server_manuals:nextcloud_saml_authentication_against_keycloak [2023/06/25 17:24] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Keycloak as (SAML) SSO-Authentication provider for Nextcloud ====== | ====== Keycloak as (SAML) SSO-Authentication provider for Nextcloud ====== | ||
- | We can use Keycloak as SSO (Single Sign On) authentication provider for nextcloud using SAML. < | + | We can use Keycloak as SSO (Single Sign On) authentication provider for nextcloud using SAML. < |
Before anything else you should have a working Keycloak installation ;-) : [[: | Before anything else you should have a working Keycloak installation ;-) : [[: | ||
Line 25: | Line 25: | ||
|**URL location of the IdP for SLO ** |< | |**URL location of the IdP for SLO ** |< | ||
|**Public x.509 certificate of the IdP** | |Copy here the public certificate of keycloak which you can find in **realm settings/ | |**Public x.509 certificate of the IdP** | |Copy here the public certificate of keycloak which you can find in **realm settings/ | ||
+ | |**Attribute to map the email to** |email| | | ||
+ | |**Attribute to map the User groups to** |Role|if you want to get the roles from keycloak. if you want to get the groups, use member, otherwise leave empty| | ||
|**Indicates whether the < | |**Indicates whether the < | ||
|**Indicates whether the < | |**Indicates whether the < | ||
Line 39: | Line 41: | ||
Then go to the **Client scopes** tab and delete the **roles_list** scope. It won't work since it is not configured as < | Then go to the **Client scopes** tab and delete the **roles_list** scope. It won't work since it is not configured as < | ||
- | Now below Assigned client scope click on the URL **< | + | Now below Assigned client scope click on the URL **< |
- | Then go to the **Client scopes** tab. If you don't need the role_list scope, just delete it. If you want to map roles, go to the Keycloak Menu **Client Scopes** click on **role list** (or create | + | Then create |
- | + | ||
- | Then create a new Mapper: | + | |
^setting^value| | ^setting^value| | ||
|**name** |username| | |**name** |username| | ||
- | |**mapper type** |user property| | ||
|**property** |username| | |**property** |username| | ||
|**SAML attribute name** |username| | |**SAML attribute name** |username| | ||
|**SAML attribute name format** |basic| | |**SAML attribute name format** |basic| | ||
- | So now everything should be working. Try to log in. If it doesn' | + | ^setting^value| |
- | < | + | |**name** |email| |
+ | |**property** |email| | ||
+ | |**SAML attribute name** |email| | ||
+ | |**SAML attribute name format** |basic| | ||
- | docker log keycloak | + | If you want to map the roles or groups to nextcloud add a **Role list** respectively **Group list** mapper (instead of User property). |
- | + | ||
- | </ | + | |
+ | ^setting^value| | ||
+ | |**name** |role list| | ||
+ | |** | ||
+ | Role attribute name ** |Role| | ||
+ | |**SAML attribute name format** |basic| | ||
+ | |** | ||
+ | Single Role Attribute ** |on| | ||
+ | So now everything should be working. Try to log in. If it doesn' | ||
linux_server_manuals/nextcloud_saml_authentication_against_keycloak.1687707473.txt.gz · Last modified: 2023/06/25 15:37 by admin