How To Authenticate via SAML with Keycloak as Identity Provider
Goal
In this article, we explain the step-by-step procedure to configure Keycloak as the SSO SAML-based Identity Provider for a Nextcloud instance.
Throughout the article, we are going to use the following variables values. These values must be adjusted to have the same configuration working in your infrastructure.
Keycloak Server URL | https://keycloak-server01.localenv.com:8443 |
Nextcloud Server URL | https://nc-general-demo.localenv.com |
Authentication Realm | nc-general-demo.localenv.com |
Procedure
Create a Realm
Create a Realm in Keycloak called nc-general-demo.localenv.com:
From Realm Settings→Keys, copy the field Public Keys→Certificate and keep it aside as you will need to paste it into the field Public X.509 certificate of the IdP in the SSO & SAML Authentication settings.
Embrace the text string between a -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tokens.
Enable the SSO & SAML authentication application
Login int
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.