Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:nextcloud [2016/09/02 21:15] (current)
Line 1: Line 1:
 +====== NextCloud ======
 +
 +{{ :​applications:​nextcloud-logo.png?​nolink |}}
 +
 +===== Presentation =====
 +
 +[[https://​nextcloud.com/​|NextCloud]] is a fork of Owncloud, suite of client-server software for creating file hosting services and using them.
 +
 +This documentation explains how to interconnect LemonLDAP::​NG and NextCloud using SAML 2.0 protocol.
 +
 +===== Pre-requisites =====
 +
 +==== NextCloud ====
 +
 +You need to [[https://​docs.nextcloud.com/​server/​10/​admin_manual/​installation/​index.html|install the software]].
 +
 +<note tip>
 +If your NextCloud is behind a proxy (thus having a private IP), metadata generated by NextCloud won't work.
 +
 +Consider changing the configuration of NextCloud to force the domain, in **$nextcloudrootwww/​config/​config.php**,​ add the following:
 +<code php>'​overwritehost'​ => '​nextcloud.example.com',</​code>​
 +</​note>​
 +
 +You also need to enable the "SAML authentication"​ plugin in your NextCloud.
 +<​code>​ + Apps -> Not enabled -> SAML authentication</​code>​
 +
 +==== LL:NG ====
 +
 +You need to enable SAML 2.0 issuer module in LL:NG:
 +<​code>"​General Parameters -> Issuer modules -> SAML -> Activation"</​code>​
 +{{ :​applications:​nextcloud_saml_activation.png?​nolink |}}
 +
 +===== NextCloud, SAML 2.0 configuration =====
 +
 +Configuration of SAML 2.0 in NextCloud is pretty straightforward.
 +<​code>​Administration -> SAML authentication</​code>​
 +You will find the following fields:
 +  * **Attribute to map the UID to**: Identity attribute provided by your LL:NG that will be used as UID in NextCloud.
 +  * **Identity Provider Data**:
 +    * **Identifier of the IdP entity**: SAML Metadata URL of your LL:NG
 +    * **URL Target of the IdP where the SP will send the Authentication Request Message**: SingleSignOn URL of your LL:NG
 +    * **URL Location of the IdP where the SP will send the SLO Request**: SingleLogOut URL of your LL:NG
 +    * **Public X.509 certificate of the IdP**: Certificate of your LL:NG (see below for instructions)
 +
 +We need a few steps to generate our LL:NG certificate (unless you already have one).
 +You first need to create a pair of SSH Keys in LL:NG:
 +<​code>​SAML 2 Service -> Security Parameters -> Signature</​code>​
 +and click "New keys"
 +{{ :​applications:​nextcloud_certificate_keys.png?​nolink |}}
 +
 +Take the private key in a private.key file, and run the following:
 +<​code>​
 +openssl req -new -key private.key -out cert.csr
 +openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem
 +</​code>​
 +
 +Copy/Paste the content of your new cert.pem in the "​Public X.509 certificate of the IdP" field of your NextCloud.
 +
 +Your fields should look like this: 
 +{{ :​applications:​nextcloud_saml_configuration.png?​nolink |}}
 +
 +You can now download your metadata xml file.
 +
 +===== LL:NG, SAML 2.0 Service Provider configuration =====
 +
 +We now have to define a service provider (e.g our nextcloud) in LL:NG.
 +
 +Go to "SAML service providers",​ click on "Add SAML SP" and name it as you want (example : '​NextCloud'​)
 +
 +In the new subtree '​NextCloud',​ open '​Metadata'​ and paste the content of your previously downloaded file (or upload the file)
 +
 +{{ :​applications:​nextcloud_service_metadata.png?​nolink |}}
 +
 +Now go in "​Exported attributes"​ and add, at least, the '​uid'​
 +
 +{{ :​applications:​nextcloud_service_exportedattributes.png?​nolink |}}
 +
 +Don't forget to save your configuration.
 +
 +You are now good to go, and you can add the application in [[.:​..:​portalmenu|your menu]] and [[.:​..:​configvhost#​lemonldapng_configuration|your virtual hosts]].
 +