All Categories
  • Authentication
  • Branding
  • Collaboration
  • Compliance
  • External Storage
  • Frequently Asked Questions
  • Installation
  • Operations
  • Partner Products
  • Scalability
  • Security
  • How To Authenticate via SAML with Keycloak as Identity Provider


    In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.

    Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.

    Variable Name Variable Value
    Keycloak Server URL
    Nextcloud Server URL
    Authentication Realm

    This procedure has been tested and validated with:

    • Nextcloud Enterprise 24.0.4
    • Keycloak Server 18.0.2


    Create a Realm

    Create a Realm in Keycloak called

    From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.

    Embrace the text string between a -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tokens.