How To Authenticate via SAML with Keycloak as Identity Provider


In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.

Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.



Keycloak Server URL

Nextcloud Server URL

Authentication Realm



Create a Realm


Create a Realm in Keycloak called







From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.


Embrace the text string between a -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tokens.






Enable the SSO & SAML authentication application


 Login int

Attached Files
There are no attachments for this article.

If you have any questions or feedback on this article, do not hesitate to contact us. We are here to help you get the most out of Nextcloud.