How To Authenticate via SAML with Keycloak as Identity Provider
Goal
In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.
Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.
Variable Name | Variable Value |
---|---|
Keycloak Server URL | https://keycloak-server01.localenv.com:8443 |
Nextcloud Server URL | https://nc-general-demo.localenv.com |
Authentication Realm | localenv.com |
This procedure has been tested and validated with:
- Nextcloud Enterprise 24.0.4
- Keycloak Server 18.0.2
Procedure
Create a Realm
Create a Realm in Keycloak called localenv.com
:
From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.
Embrace the text string between a -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
tokens.
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.