Hello
I have a nextcloud server on an Ubuntu VM with latest version.
I have a keycloak server that is connected by "OpenID Connect user backend " to nextcloud.
When I connect to nextcloud, keycloack allow or not depending on user/password credentials.
But keycloak is also used to allow “other user to other server”.
If a user alled to other app try to connect to nextcloud, a new account is created automaticly in nextcloud.
Is it possible to desactivate this auto creat function ?
=> And the “other user” will have a error message
Oups sorry I was looking in the nextcloud doumentation… not in the app.
Thanks a lot.
For other looking for the same answer :
Add in nextcloud config.phpo file
‘user_oidc’ => [
‘auto_provision’ => false,
],
Initialy I was trying in keycloak to deny nextcloud access if the user does not belong to a group called “nextcloud”
But did not succeed…
I know is is not the good forum but are you familiar with keycloak / nextcloud integration?
I succeed in keycloak to configure Autorization / Resources, Scopes, Policy, Permission
=> And when evaluating a user in group I get “permit” and user not in group I get “deny”
=> the user not in group can still access to nextcloud…
2 questions :
Is it possible for keycloak to block access to nextcloud?
or do I have to add something in the conf of the “user_oidc” ?
=> such as “‘userinfo_bearer_validation’ => true,” ?
Sorry not familiar with keycloak and documentation is not so easy for beginner
It sounds you are beginner in both NC and keycloak. the whole topic openidconnect is not easy so I recommend you to familiarize with the concepts before you push in production.
I feel this very offending as you are asking for help in bad forum? For me this is the right one and if you don’t like - nevermind…
I spend time searching solutions for my config. I didn’t had a goal to prohibit access from authenticated KC users to NC but I’m confident this is possible (on KC side as well).
but are you familiar with keycloak / nextcloud integration?