WIP Nextcloud OIDC Authentication
This commit is contained in:
parent
260a779f1a
commit
ebc4ee6aa0
Binary file not shown.
After Width: | Height: | Size: 17 KiB |
Binary file not shown.
After Width: | Height: | Size: 23 KiB |
39
pages/02.linux/authentik/nextcloud-oidc/default.en.md
Normal file
39
pages/02.linux/authentik/nextcloud-oidc/default.en.md
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
title: Nextcloud OIDC
|
||||||
|
visible: false
|
||||||
|
media_order: authentik-create-provider.webp, authentik-create-application.webp
|
||||||
|
---
|
||||||
|
|
||||||
|
[toc]
|
||||||
|
|
||||||
|
https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/
|
||||||
|
|
||||||
|
This guide will be using OIDC with the [user_oidc](https://github.com/nextcloud/user_oidc) plugin.
|
||||||
|
|
||||||
|
## Authentik
|
||||||
|
|
||||||
|
### Create provider
|
||||||
|
|
||||||
|
First, a new provider needs to be created. The setting can be found under `Applications > Providers`, click `Create`
|
||||||
|
|
||||||
|
In the first screen, select `OAuth2/OpenID Provider` and click `Next`
|
||||||
|
|
||||||
|
![Screenshot of the provider creation page with settings filled in](authentik-create-provider.webp)
|
||||||
|
|
||||||
|
- _Authorization flow_: default-provider-authorization-implicit-consent (Choosing explicit consent instead means the user has to approve every login)
|
||||||
|
- _Client type_: Confidential
|
||||||
|
- _Client ID_: The auto generated value is fine, copy it for use later.
|
||||||
|
- _Client Secret_: **WARNING** user_oidc currently only supports values up to 64 characters in length. Make sure to trim the value below that, or generate a new secret with less characters. `openssl rand -base64 60` [Issue on user_oidc GitHub](https://github.com/nextcloud/user_oidc/issues/405)
|
||||||
|
- _Redirect URIs/Origins_: https://{NEXTCLOUD URL}/apps/user_oidc/code
|
||||||
|
- _Advanced protocol settings > Subject mode_: Based on the User's username, this setting should be used to ensure Nextcloud’s federated cloud ID will have a human-readable value
|
||||||
|
|
||||||
|
### Create application
|
||||||
|
|
||||||
|
Now it is time to create the application.
|
||||||
|
Go to `Applications > Applications` and click `Create`
|
||||||
|
Set a name and choose the previously created provider under the `Provider` setting.
|
||||||
|
Other settings can be left at their defaults.
|
||||||
|
|
||||||
|
![Screenshot of application creation dialog](authentik-create-application.webp)
|
||||||
|
|
||||||
|
## Nextcloud
|
Loading…
Reference in New Issue
Block a user