Hello!
Im trying to use nextcloud with openid-connect via keycloak.
The overall configuration works and the login with keycloak users are working.
But i can’t map any groups (for example “admin”) from keycloak to nextcloud.
I searched for solutions and every blog/site mostly is doing the same settings as me, but still doens’t want to work…
My configuration for nextcloud 28.0.5
Social Login App:
Title: keycloak
Authorize url: keycloakserverurl/realms/realmname/protocol/openid-connect/auth
Token url: keycloakserverurl/realms/realmname/protocol/openid-connect/token
User info url: keycloakserverurl/realms/realmname/protocol/openid-connect/userinfo
Logout url: keycloakserverurl/realms/realmname/protocol/openid-connect/logout
Client ID: nextcloud
Client Secret: MyClientSecret
Scope: openid
Groups claim: nextcloud-roles
My Keycloak configuration:
client-ID: nextcloud
Root URL: mynextcloudserverurl
Valid redirect URLs: mynextcloudserverurl/*
Web Origins: mynextcloudserverurl
Client authentication ON
Authentication flow:
- Standard flow ON
- Direct access grants ON
- Implicit flow ON
Clients → Client details → roles → “admin” (for the admin group)
Clients → Client details → Client scopes → “nextcloud-dedicted” → add prefdefined mappers
Mapper type: User Client Role
Name: client roles
Client-ID: nextcloud
Token Claim Name: nextcloud-roles
Claim JSON Type: String
Add to ID token ON
Add to access token ON
Add to userinfo ON
Add to token ON
Full Scope allowed OFF
Created a Group “Nextcloud_Admins” with the client role “admin” from nextcloud.
Put a user in the group.
Login works, but no group mapping happens.
Also if i do the evaluate test for the nextcloud client in keycloak im getting following under “Generated acces token”
],
"resource_access": {
"nextcloud": {
"roles": [
"admin"
]
What am I doing wrong or did I missed a settings?
