<ahref="https://nextcloud.com/"class="urlextern"title="https://nextcloud.com/"rel="nofollow">NextCloud</a> is a fork of Owncloud, suite of client-server software for creating file hosting services and using them.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and NextCloud using <abbrtitle="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
You need to <ahref="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html"class="urlextern"title="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html"rel="nofollow">install the software</a>.
</p>
<divclass="notetip">If your NextCloud is behind a proxy (thus having a private <abbrtitle="Internet Protocol">IP</abbr>), metadata generated by NextCloud won't work.
<p>
Consider changing the configuration of NextCloud to force the domain, in <strong>$nextcloudrootwww/config/config.php</strong>, add the following:
<liclass="level1"><divclass="li"><strong>Attribute to map the UID to</strong>: Identity attribute provided by your LL:NG that will be used as UID in NextCloud.</div>
<liclass="level2"><divclass="li"><strong>Identifier of the IdP entity</strong>: <abbrtitle="Security Assertion Markup Language">SAML</abbr> Metadata <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong><abbrtitle="Uniform Resource Locator">URL</abbr> Target of the IdP where the SP will send the Authentication Request Message</strong>: SingleSignOn <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong><abbrtitle="Uniform Resource Locator">URL</abbr> Location of the IdP where the SP will send the SLO Request</strong>: SingleLogOut <abbrtitle="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<liclass="level2"><divclass="li"><strong>Public X.509 certificate of the IdP</strong>: Certificate of your LL:NG (see below for instructions)</div>
</li>
</ul>
</li>
</ul>
<p>
We need a few steps to generate our LL:NG certificate (unless you already have one).
You first need to create a pair of SSH Keys in LL:NG:
</p>
<preclass="code">SAML 2 Service -> Security Parameters -> Signature</pre>
Go to "<abbrtitle="Security Assertion Markup Language">SAML</abbr> service providers", click on "Add <abbrtitle="Security Assertion Markup Language">SAML</abbr> SP" and name it as you want (example : 'NextCloud')
You are now good to go, and you can add the application in <ahref="../portalmenu.html"class="wikilink1"title="documentation:2.0:portalmenu">your menu</a> and <ahref="../configvhost.html#lemonldapng_configuration"class="wikilink1"title="documentation:2.0:configvhost">your virtual hosts</a>.