dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a4a57f7e87
lemonldap-ng/doc/sources/admin/applications/nextcloud.rst
Clément OUDOT f0e90213bb (doc) How to overwrite protocol in NextCloud
2021-03-04 15:13:30 +01:00

137 lines
3.7 KiB
ReStructuredText
Raw Blame History

NextCloud
=========
|image0|
Presentation
------------
`NextCloud <https://nextcloud.com/>`__ is a fork of Owncloud, suite of
client-server software for creating file hosting services and using
them.
This documentation explains how to interconnect LemonLDAP::NG and
NextCloud using SAML 2.0 protocol.
Pre-requisites
--------------
.. _nextcloud-1:
NextCloud
~~~~~~~~~
You need to `install the
software <https://docs.nextcloud.com/server/10/admin_manual/installation/index.html>`__.
.. tip::
If your NextCloud is behind a proxy (thus having a private
IP), metadata generated by NextCloud won't work.
Consider changing the configuration of NextCloud to force the domain and the protocol, in
**$nextcloudrootwww/config/config.php**, add the following:
.. code:: php
'overwritehost' => 'nextcloud.example.com',
'overwriteprotocol' => 'https',
You also need to enable the "SAML authentication" plugin in your
NextCloud. <code> + Apps -> Not enabled -> SAML authentication</code>
LL:NG
~~~~~
You need to enable SAML 2.0 issuer module in LL:NG:
::
"General Parameters -> Issuer modules -> SAML -> Activation"
|image1|
NextCloud, SAML 2.0 configuration
---------------------------------
Configuration of SAML 2.0 in NextCloud is pretty straightforward.
::
Administration -> SAML authentication
You will find the following fields:
- **Attribute to map the UID to**: Identity attribute provided by your
LL:NG that will be used as UID in NextCloud.
- **Identity Provider Data**:
- **Identifier of the IdP entity**: SAML Metadata URL of your LL:NG
- **URL Target of the IdP where the SP will send the Authentication
Request Message**: SingleSignOn URL of your LL:NG
- **URL Location of the IdP where the SP will send the SLO
Request**: SingleLogOut URL of your LL:NG
- **Public X.509 certificate of the IdP**: Certificate of your LL:NG
(see below for instructions)
We need a few steps to generate our LL:NG certificate (unless you
already have one). You first need to create a pair of SSH Keys in LL:NG:
::
SAML 2 Service -> Security Parameters -> Signature
and click "New keys" |image2|
Take the private key in a private.key file, and run the following:
::
openssl req -new -key private.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem
Copy/Paste the content of your new cert.pem in the "Public X.509
certificate of the IdP" field of your NextCloud.
Your fields should look like this: |image3|
You can now download your metadata xml file.
LL:NG, SAML 2.0 Service Provider configuration
----------------------------------------------
We now have to define a service provider (e.g our nextcloud) in LL:NG.
Go to "SAML service providers", click on "Add SAML SP" and name it as
you want (example : 'NextCloud')
In the new subtree 'NextCloud', open 'Metadata' and paste the content of
your previously downloaded file (or upload the file)
|image4|
Now go in "Exported attributes" and add, at least, the 'uid'
|image5|
Don't forget to save your configuration.
You are now good to go, and you can add the application in
:doc:`your menu<../portalmenu>` and
:doc:`your virtual hosts<../configvhost>`.
.. |image0| image:: /applications/nextcloud-logo.png
:class: align-center
.. |image1| image:: /applications/nextcloud_saml_activation.png
:class: align-center
.. |image2| image:: /applications/nextcloud_certificate_keys.png
:class: align-center
.. |image3| image:: /applications/nextcloud_saml_configuration.png
:class: align-center
.. |image4| image:: /applications/nextcloud_service_metadata.png
:class: align-center
.. |image5| image:: /applications/nextcloud_service_exportedattributes.png
:class: align-center
Reference in New Issue View Git Blame Copy Permalink