Keycloak With Nextcloud

zohaib09 · August 24, 2022, 5:45pm

Hi

I have just installed keycloak. Now i want to configure it with NC as a SSO. I am using openid Connect backend to connect it

SSL configuration

In conf folder of keycloak generated keystore as

keytool -genkeypair -alias sso.mydomain.cloud -keyalg RSA -keysize 2048 -validity 1825 -keystore server.keystore -dname “cn=sso.mydomain.cloud,o=Acme,c=GB” -keypass password -storepass password

in keycloak.conf, described only following lines

proxy=edge

http-enabled=true

http-port=8180

hostname=sso.mydomain.cloud

Then configure reverse proxy in apache with following config

VirtualHost *:80>
ServerName sso.mydomain.cloud

AllowEncodedSlashes NoDecode

ProxyPreserveHost On

RequestHeader set X-Forwarded-Proto “https”

RequestHeader set X-Forwarded-Port “443”

SSLProxyEngine on
ProxyPassReverse / https://127.0.0.1:8443/
ProxyPass / https://127.0.0.1:8443/
</VirtualHost
Then run certbot command to generate ssl certificate for my sso domain.

Then start keycloak as

./kc.sh start --https-key-store-password=password

This is my configuration at NC

When i click on SSO login i get this error on NC:

Could not the reach OpenID Connect provider

Could not reach provider at URLhttps://sso.mydomain.com/realms/SSO/protocol/openid-connect/auth

Error at keycloak

dolphinslairapps kc.sh[829823]: 2022-08-24 15:46:24,366 WARN [org.keycloak.events] (executor-thread-9) type=LOGIN_ERROR, realmId=62ac84de-b7f3-4823-a24e-bc5d4a1e9c5b, clientId=null, userId=null, ipAddress=IP, error=invalid_request

gsmith · August 26, 2022, 4:53am

hello,

Im running Nextcloud 24.0.3, I haven’t used Open ID I used SAML. No problems

This worked for me with a couple adjustments.

Janik von Rotz - Configure SAML Authentication for Nextcloud with Keycloack

tomz · September 6, 2022, 9:09am

Have you tried to hit your url via curl? Like so:

curl -v https://sso.mydomain.com/admin/master/console/

If the URL works you should get some keycloak generated html text back.

Alternatively I can share my working setup with NC + GitHub - pulsejet/nextcloud-oidc-login: Nextcloud login via a single OpenID Connect 1.0 provider and KC19.0.1
This is the related section in my config.php:

  'oidc_login_client_id' => 'Nextcloud',
  'oidc_login_client_secret' => 'mysecrect',
  'oidc_login_provider_url' => 'https://iam.mydomain.com/realms/myclient',
  'oidc_login_logout_url' => 'https://iam.mydomain.com/realms/myclient/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fcloud.mydomain.com%2F',
  'oidc_login_auto_redirect' => true,
  'oidc_login_redir_fallback' => true,
  'oidc_login_attributes' =>
  array (
    'id' => 'preferred_username',
    'mail' => 'email',
    'groups' => 'ownCloudGroups',
  ),

Topic		Replies	Views
Configure Oauth for Portainer Getting advice authentication	2	241	May 12, 2024
Keycloak 7.0.1: Login to Admin Console: open-id-connect uses http Configuring the server	5	3419	June 17, 2021
Realm Login on Subdomain Configuring the server admin-console , oidc	1	1603	March 1, 2021
Trouble setting up HTTPS Configuring the server	0	401	January 16, 2021
Keycloak with Cloudflare Tunnel not working Configuring the server	0	588	January 25, 2023

Keycloak With Nextcloud

AllowEncodedSlashes NoDecode

RequestHeader set X-Forwarded-Proto “https”

RequestHeader set X-Forwarded-Port “443”

Related Topics