trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/integrations: clarify some steps Nextcloud SAML (#2222) 

I've updated the steps to provide some clarity around certain areas that tripped me up as a newcomer to authentik trying to follow these instructions.
This commit is contained in:
Neriderc 2022-02-03 22:15:57 +00:00 committed by GitHub
parent eaba8006e6
commit a0e451c5e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/integrations/services/nextcloud/index.md
View File

@ -25,13 +25,13 @@ The following placeholders will be used:
- `nextcloud.company` is the FQDN of the NextCloud install. - `nextcloud.company` is the FQDN of the NextCloud install.
- `authentik.company` is the FQDN of the authentik install. - `authentik.company` is the FQDN of the authentik install.
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: Create an application in authentik and note the slug you choose, as this will be used later. In the Admin Interface, go to Applications->Providers. Create a SAML provider with the following parameters:
- ACS URL: `https://nextcloud.company/apps/user_saml/saml/acs` - ACS URL: `https://nextcloud.company/apps/user_saml/saml/acs`
- Issuer: `https://authentik.company` - Issuer: `https://authentik.company`
- Service Provider Binding: `Post` - Service Provider Binding: `Post`
- Audience: `https://nextcloud.company/apps/user_saml/saml/metadata` - Audience: `https://nextcloud.company/apps/user_saml/saml/metadata`
- Signing Keypair: Select any certificate you have. - Signing certificate: Select any certificate you have.
- Property mappings: Select all Managed mappings. - Property mappings: Select all Managed mappings.
You can of course use a custom signing certificate, and adjust durations. You can of course use a custom signing certificate, and adjust durations.
@ -55,6 +55,8 @@ Under Attribute mapping, set these values:
- Attribute to map the email address to.: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` - Attribute to map the email address to.: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
- Attribute to map the users groups to.: `http://schemas.xmlsoap.org/claims/Group` - Attribute to map the users groups to.: `http://schemas.xmlsoap.org/claims/Group`
You should now be able to log in with authentik.
:::note :::note
If Nextcloud is behind a reverse proxy you may need to force Nextcloud to use HTTPS. If Nextcloud is behind a reverse proxy you may need to force Nextcloud to use HTTPS.
To do this you will need to add the line `'overwriteprotocol' => 'https'` to `config.php` in the Nextcloud `config\config.php` file To do this you will need to add the line `'overwriteprotocol' => 'https'` to `config.php` in the Nextcloud `config\config.php` file