Hello
I have a nextcloud server on an Ubuntu VM with latest version.
I have a keycloak server that is connected by "OpenID Connect user backend " to nextcloud.
When I connect to nextcloud, keycloack allow or not depending on user/password credentials.
But keycloak is also used to allow “other user to other server”.
If a user alled to other app try to connect to nextcloud, a new account is created automaticly in nextcloud.
Is it possible to desactivate this auto creat function ?
=> And the “other user” will have a error message
Oups sorry I was looking in the nextcloud doumentation… not in the app.
Thanks a lot.
For other looking for the same answer :
Add in nextcloud config.phpo file
‘user_oidc’ => [
‘auto_provision’ => false,
],
Initialy I was trying in keycloak to deny nextcloud access if the user does not belong to a group called “nextcloud”
But did not succeed…
I know is is not the good forum but are you familiar with keycloak / nextcloud integration?
I succeed in keycloak to configure Autorization / Resources, Scopes, Policy, Permission
=> And when evaluating a user in group I get “permit” and user not in group I get “deny”
=> the user not in group can still access to nextcloud…
2 questions :
Is it possible for keycloak to block access to nextcloud?
or do I have to add something in the conf of the “user_oidc” ?
=> such as “‘userinfo_bearer_validation’ => true,” ?
Sorry not familiar with keycloak and documentation is not so easy for beginner
It sounds you are beginner in both NC and #keycloak. the whole topic #openidconnect is not easy so I recommend you to familiarize with the concepts before you push in production.
I feel this very offending as you are asking for help in bad forum? For me this is the right one and if you don’t like - nevermind…
I spend time searching solutions for my config. I didn’t had a goal to prohibit access from authenticated KC users to NC but I’m confident this is possible (on KC side as well).
but are you familiar with keycloak / nextcloud integration?