How To Authenticate via SAML with Keycloak as Identity Provider
Goal
In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.
Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.
| Variable Name | Variable Value |
|---|---|
| Keycloak Server URL | https://keycloak-server01.localenv.com:8443 |
| Nextcloud Server URL | https://nc-general-demo.localenv.com |
| Authentication Realm | localenv.com |
This procedure has been tested and validated with:
- Nextcloud Enterprise 24.0.4
- Keycloak Server 18.0.2
Procedure
Create a Realm
Create a Realm in Keycloak called localenv.com:
From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.
Embrace the text string between a -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tokens.
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.