All Categories
  • Authentication
  • Branding
  • Collaboration
  • Compliance
  • External Storage
  • Frequently Asked Questions
  • Installation
  • Operations
  • Partner Products
  • Scalability
  • Security
  • How To Authenticate via SAML with Keycloak as Identity Provider

    Goal

    In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.

    Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.

    Variable Name Variable Value
    Keycloak Server URL https://keycloak-server01.localenv.com:8443
    Nextcloud Server URL https://nc-general-demo.localenv.com
    Authentication Realm localenv.com

    This procedure has been tested and validated with:

    • Nextcloud Enterprise 24.0.4
    • Keycloak Server 18.0.2

    Procedure

    Create a Realm

    Create a Realm in Keycloak called localenv.com:

    From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.

    Embrace the text string between a -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tokens.