habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add nextcloud docs

Browse Source
This commit is contained in:
Jens Langhammer
2020-12-22 20:09:15 +01:00
parent 3ea39fe122
commit 001de38d85
3 changed files with 63 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
website/docs/integrations/services/nextcloud/index.md Normal file
View File

@ -0,0 +1,61 @@
---
title: NextCloud
---
## What is NextCloud
From https://en.wikipedia.org/wiki/Nextcloud
:::note
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
:::
:::warning
This setup only works, when NextCloud is running with HTTPS enabled.
:::
:::warning
In case something goes wrong with the configuration, you can use the URL `http://nextcloud.company/login?direct=1` to log in using the built-in authentication.
:::
## Preparation
The following placeholders will be used:
- `nextcloud.company` is the FQDN of the NextCloud install.
- `authentik.company` is the FQDN of the authentik install.
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
- ACS URL: `https://nextcloud.company/apps/user_saml/saml/metadata`
- Audience: `https://nextcloud.company/apps/user_saml/saml/acs`
- Issuer: `https://authentik.company`
- Service Provider Binding: `Post`
- Property mappings: Select all Autogenerated mappings.
You can of course use a custom signing certificate, and adjust durations.
## NextCloud
In NextCloud, navigate to `Settings`, then `SSO & SAML Authentication`.
Set the following values:
- Attribute to map the UID to.: `urn:oid:0.9.2342.19200300.100.1.1`
- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
- Identifier of the IdP entity (must be a URI): `https://authentik.company`
- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
Under Attribute mapping, set these values:
- Attribute to map the displayname to.: `urn:oid:2.16.840.1.113730.3.1.241`
- Attribute to map the email address to.: `urn:oid:0.9.2342.19200300.100.1.3`
- Attribute to map the users groups to.: `member-of`
## Group Quotas
Create a group for each different level of quota you want users to have. Set a custom attribute, for example called `nextcloud_quota`, to the quota you want, for example `15 GB`.
Afterwards, create a custom SAML Property Mapping with the name `SAML NextCloud Quota`.
Set the *SAML Name* to `nextcloud_quota`.
Set the *Expression* to `return user.group_attributes.get("nextcloud_quota", "1 GB")`, where `1 GB` is the default value for users that don't belong to another group (or have another value set).