<ahref="https://nextcloud.com/"class="urlextern"title="https://nextcloud.com/"rel="nofollow">NextCloud</a> is a fork of Owncloud, suite of client-server software for creating file hosting services and using them.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and NextCloud using <abbrtitle="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
You need to <ahref="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html"class="urlextern"title="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html"rel="nofollow">install the software</a>.
</p>
<divclass="notetip">If your NextCloud is behind a proxy (thus having a private <abbrtitle="Internet Protocol">IP</abbr>), metadata generated by NextCloud won't work.
<p>
Consider changing the configuration of NextCloud to force the domain, in <strong>$nextcloudrootwww/config/config.php</strong>, add the following:
<liclass="level1"><divclass="li"><strong>Attribute to map the UID to</strong>: Identity attribute provided by your LL:NG that will be used as UID in NextCloud.</div>
<liclass="level2"><divclass="li"><strong>Identifier of the IdP entity</strong>: <abbrtitle="Security Assertion Markup Language">SAML</abbr> Metadata <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong><abbrtitle="Uniform Resource Locator">URL</abbr> Target of the IdP where the SP will send the Authentication Request Message</strong>: SingleSignOn <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong><abbrtitle="Uniform Resource Locator">URL</abbr> Location of the IdP where the SP will send the SLO Request</strong>: SingleLogOut <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong>Public X.509 certificate of the IdP</strong>: Certificate of your LL:NG (see below for instructions)</div>
</li>
</ul>
</li>
</ul>
<p>
We need a few steps to generate our LL:NG certificate (unless you already have one).
You first need to create a pair of SSH Keys in LL:NG:
</p>
<preclass="code">SAML 2 Service -> Security Parameters -> Signature</pre>
<h2class="sectionedit7"id="llng_saml_20_service_provider_configuration">LL:NG, SAML 2.0 Service Provider configuration</h2>
<divclass="level2">
<p>
We now have to define a service provider (e.g our nextcloud) in LL:NG.
</p>
<p>
Go to “<abbrtitle="Security Assertion Markup Language">SAML</abbr> service providers”, click on “Add <abbrtitle="Security Assertion Markup Language">SAML</abbr> SP” and name it as you want (example : 'NextCloud')
</p>
<p>
In the new subtree 'NextCloud', open 'Metadata' and paste the content of your previously downloaded file (or upload the file)
You are now good to go, and you can add the application in <ahref="../portalmenu.html"class="wikilink1"title="documentation:2.0:portalmenu">your menu</a> and <ahref="../configvhost.html#lemonldapng_configuration"class="wikilink1"title="documentation:2.0:configvhost">your virtual hosts</a>.