Ok, I see. So the problem is that the Nextcloud SAML app doesn’t support additional user attributes like full name and groups right? Because I was under the impression that Keycloak and SAML does in general (thus no need for Ldap).
I am currently thinking to have Nextcloud as the central storage of user data and implement SAML more as convenience for login and to link to other SAML/OpenID supporting apps on my server. So I guess if Nextcloud uses SAML only for login, and I let Keycloak fetch the Nextcloud user data out of the NC database via a SQL command, it should be possible to manage the user’s groups etc in Nextcloud and have other apps access it through Keycloak?
To keep the system simple, I want to avoid adding another layer like LDAP to the mix (besides some other technical issues I have with it in my specific setup).
Yes, at least as far as I could see, the Nextcloud saml app doesn’t support it. Saml and keycloak itself would support it.
The way you describe it should work.
I guess you will have to write a custom user storage provider for keycloak, what shouldn’t be too difficult. There’s an example here:
Or propably you could just change the database scheme of the user storage provider already used…
But personaly I think it would be easier to use the ldap solution ;-).
About oauth2, I think that once this is solved, it will be usable:
ok now, it’s a while ago… But finally the client wanted to project, and I implemented it.
I documented here how to integrate Keycloak, SAML and nextcloud, without the need to patch user_saml (the above solution needs to patch it).
And here is described how to setup keycloak in a nicer way than above (docker and so on…)
Hopefully it will help somebody to save some hours of work ;-).
I need a dev for a freelance with authentication, if you guys know someone please let me know!