How To Authenticate via SAML with Keycloak as Identity Provider
In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.
Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.
|Variable Name||Variable Value|
|Keycloak Server URL||https://keycloak-server01.localenv.com:8443|
|Nextcloud Server URL||https://nc-general-demo.localenv.com|
This procedure has been tested and validated with:
- Nextcloud Enterprise 24.0.4
- Keycloak Server 18.0.2
Create a Realm
Create a Realm in Keycloak called
From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.
Embrace the text string between a
-----BEGIN CERTIFICATE----- and
-----END CERTIFICATE----- tokens.
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.
Customers and Partners
Log in for full accessLog in