diff --git a/website/docs/integrations/services/nextcloud/index.md b/website/docs/integrations/services/nextcloud/index.md index 516ef06af..51bca9dcf 100644 --- a/website/docs/integrations/services/nextcloud/index.md +++ b/website/docs/integrations/services/nextcloud/index.md @@ -27,10 +27,11 @@ The following placeholders will be used: Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: -- ACS URL: `https://nextcloud.company/apps/user_saml/saml/metadata` -- Audience: `https://nextcloud.company/apps/user_saml/saml/acs` +- ACS URL: `https://nextcloud.company/apps/user_saml/saml/acs` - Issuer: `https://authentik.company` - Service Provider Binding: `Post` +- Audience: `https://nextcloud.company/apps/user_saml/saml/metadata` +- Signing Keypair: Select any certificate you have. - Property mappings: Select all Autogenerated mappings. You can of course use a custom signing certificate, and adjust durations. @@ -41,14 +42,15 @@ In NextCloud, navigate to `Settings`, then `SSO & SAML Authentication`. Set the following values: -- Attribute to map the UID to.: `urn:oid:0.9.2342.19200300.100.1.1` +- Attribute to map the UID to.: `urn:oid:2.16.840.1.113730.3.1.241` - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` - Identifier of the IdP entity (must be a URI): `https://authentik.company` - URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml//sso/binding/redirect/` +- Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate Under Attribute mapping, set these values: -- Attribute to map the displayname to.: `urn:oid:2.16.840.1.113730.3.1.241` +- Attribute to map the displayname to.: `urn:oid:2.5.4.3` - Attribute to map the email address to.: `urn:oid:0.9.2342.19200300.100.1.3` - Attribute to map the users groups to.: `member-of`