docs: add nextcloud docs
This commit is contained in:
parent
3ea39fe122
commit
001de38d85
|
@ -82,7 +82,7 @@ class PolicyAccessView(AccessMixin, View):
|
|||
policy_engine.build()
|
||||
result = policy_engine.result
|
||||
LOGGER.debug(
|
||||
"AccessMixin user_has_access",
|
||||
"PolicyAccessView user_has_access",
|
||||
user=user,
|
||||
app=self.application,
|
||||
result=result,
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
title: NextCloud
|
||||
---
|
||||
|
||||
## What is NextCloud
|
||||
|
||||
From https://en.wikipedia.org/wiki/Nextcloud
|
||||
|
||||
:::note
|
||||
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
This setup only works, when NextCloud is running with HTTPS enabled.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
In case something goes wrong with the configuration, you can use the URL `http://nextcloud.company/login?direct=1` to log in using the built-in authentication.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `nextcloud.company` is the FQDN of the NextCloud install.
|
||||
- `authentik.company` is the FQDN of the authentik install.
|
||||
|
||||
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://nextcloud.company/apps/user_saml/saml/metadata`
|
||||
- Audience: `https://nextcloud.company/apps/user_saml/saml/acs`
|
||||
- Issuer: `https://authentik.company`
|
||||
- Service Provider Binding: `Post`
|
||||
- Property mappings: Select all Autogenerated mappings.
|
||||
|
||||
You can of course use a custom signing certificate, and adjust durations.
|
||||
|
||||
## NextCloud
|
||||
|
||||
In NextCloud, navigate to `Settings`, then `SSO & SAML Authentication`.
|
||||
|
||||
Set the following values:
|
||||
|
||||
- Attribute to map the UID to.: `urn:oid:0.9.2342.19200300.100.1.1`
|
||||
- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
|
||||
- Identifier of the IdP entity (must be a URI): `https://authentik.company`
|
||||
- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
|
||||
|
||||
Under Attribute mapping, set these values:
|
||||
|
||||
- Attribute to map the displayname to.: `urn:oid:2.16.840.1.113730.3.1.241`
|
||||
- Attribute to map the email address to.: `urn:oid:0.9.2342.19200300.100.1.3`
|
||||
- Attribute to map the users groups to.: `member-of`
|
||||
|
||||
## Group Quotas
|
||||
|
||||
Create a group for each different level of quota you want users to have. Set a custom attribute, for example called `nextcloud_quota`, to the quota you want, for example `15 GB`.
|
||||
|
||||
Afterwards, create a custom SAML Property Mapping with the name `SAML NextCloud Quota`.
|
||||
Set the *SAML Name* to `nextcloud_quota`.
|
||||
Set the *Expression* to `return user.group_attributes.get("nextcloud_quota", "1 GB")`, where `1 GB` is the default value for users that don't belong to another group (or have another value set).
|
|
@ -103,6 +103,7 @@ module.exports = {
|
|||
"integrations/services/gitlab/index",
|
||||
"integrations/services/harbor/index",
|
||||
"integrations/services/home-assistant/index",
|
||||
"integrations/services/nextcloud/index",
|
||||
"integrations/services/rancher/index",
|
||||
"integrations/services/sentry/index",
|
||||
"integrations/services/sonarr/index",
|
||||
|
|
Reference in New Issue