Skip to content

Instantly share code, notes, and snippets.

@realslacker

realslacker/HOWTO Nextcloud SAML Login with AzureAD.md

Last active April 3, 2024 18:31
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save realslacker/7a8d79755f706aae76175df9c27b797d to your computer and use it in GitHub Desktop.
Save realslacker/7a8d79755f706aae76175df9c27b797d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
HOWTO Nextcloud SAML Login with AzureAD.md

Enable Nextcloud SAML Login using AzureAD

Create an Enterprise App for Nextcloud

  1. Open the Azure admin portal - https://portal.azure.com
  2. Open Azure Active Directory > Enterprise applications
  3. Click the + New application link at the top
  4. Search for "Azure AD SAML Toolkit" in the gallery
  5. Click on "Azure AD SAML Toolkit"
  6. Enter "Nextcloud" in the Name and click the Add button
  7. When the app opens click on "Single sign-on"
  8. Click the pencil icon on the Basic SAML Configuration
  9. Fill in the required fields:
  10. Save the settings
  11. Download the Federation Metadata XML under the SAML Signing Certificate section

Configure Nextcloud

  1. Enable the "SSO & SAML authentication" app in Nextcloud

  2. Navigate to the "SSO & SAML authentication" configuration page ( Settings > SSO & SAML authentication )

  3. Optionally enable "Allow the use of multiple user back-ends"

  4. Under General

  5. Identity Provider Data (show optional Identity Provider settings)

    • Identifier of the IdP entity => Azure AD Identifier from section 4 of the Azure App

    • URL Target of the IdP where the SP will send the Authentication Request Message => Login URL from section 4 of the Azure App

    • URL Location of the IdP where the SP will send the SLO Request => Logout URL from section 4 of the Azure App

    • Public X.509 certificate of the IdP => extract the X509Certificate from the Federation Metadata XML

      PS C:\> ([xml](Get-Content -Path .\Nextcloud.xml)).EntityDescriptor.Signature.KeyInfo.X509Data.X509Certificate | Set-Clipboard

  6. Attribute Mapping

  7. Make note of the direct login URL, typically https://nextcloud.domain.com/login?direct=1

Note: If you use the Nextcloud container you may have to include index.php in your URLs.

@bankmrc054
Copy link

https://sekureco42.ch/posts/nextcloud-sso-with-azure-active-directory/

@b3nis
Copy link

b3nis commented Nov 12, 2023

https://sekureco42.ch/posts/nextcloud-sso-with-azure-active-directory/

@bankmrc054, thank you so much! It works now. I am very grateful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment