1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:applications:nextcloud</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,applications,nextcloud"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nextcloud.html"/>
<link rel="contents" href="nextcloud.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:nextcloud","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#nextcloud1">NextCloud</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL:NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#nextcloud_saml_20_configuration">NextCloud, SAML 2.0 configuration</a></div></li>
<li class="level1"><div class="li"><a href="#llng_saml_20_service_provider_configuration">LL:NG, SAML 2.0 Service Provider configuration</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="nextcloud">NextCloud</h1>
<div class="level1">
<p>
<img src="nextcloud-logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "NextCloud" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://nextcloud.com/" class="urlextern" title="https://nextcloud.com/" rel="nofollow">NextCloud</a> is a fork of Owncloud, suite of client-server software for creating file hosting services and using them.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and NextCloud using <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [74-345] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [346-373] -->
<h3 class="sectionedit4" id="nextcloud1">NextCloud</h3>
<div class="level3">
<p>
You need to <a href="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html" class="urlextern" title="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html" rel="nofollow">install the software</a>.
</p>
<div class="notetip">If your NextCloud is behind a proxy (thus having a private <abbr title="Internet Protocol">IP</abbr>), metadata generated by NextCloud won't work.
<p>
Consider changing the configuration of NextCloud to force the domain, in <strong>$nextcloudrootwww/config/config.php</strong>, add the following:
</p>
<pre class="code php"><span class="st_h">'overwritehost'</span> <span class="sy0">=></span> <span class="st_h">'nextcloud.example.com'</span><span class="sy0">,</span></pre>
</div>
<p>
You also need to enable the “<abbr title="Security Assertion Markup Language">SAML</abbr> authentication” plugin in your NextCloud.
</p>
<pre class="code"> + Apps -> Not enabled -> SAML authentication</pre>
</div>
<!-- EDIT4 SECTION "NextCloud" [374-966] -->
<h3 class="sectionedit5" id="llng">LL:NG</h3>
<div class="level3">
<p>
You need to enable <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 issuer module in LL:NG:
</p>
<pre class="code">"General Parameters -> Issuer modules -> SAML -> Activation"</pre>
<p>
<img src="nextcloud_saml_activation.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT5 SECTION "LL:NG" [967-1168] -->
<h2 class="sectionedit6" id="nextcloud_saml_20_configuration">NextCloud, SAML 2.0 configuration</h2>
<div class="level2">
<p>
Configuration of <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 in NextCloud is pretty straightforward.
</p>
<pre class="code">Administration -> SAML authentication</pre>
<p>
You will find the following fields:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Attribute to map the UID to</strong>: Identity attribute provided by your LL:NG that will be used as UID in NextCloud.</div>
</li>
<li class="level1"><div class="li"> <strong>Identity Provider Data</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Identifier of the IdP entity</strong>: <abbr title="Security Assertion Markup Language">SAML</abbr> Metadata <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr> Target of the IdP where the SP will send the Authentication Request Message</strong>: SingleSignOn <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr> Location of the IdP where the SP will send the SLO Request</strong>: SingleLogOut <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong>Public X.509 certificate of the IdP</strong>: Certificate of your LL:NG (see below for instructions)</div>
</li>
</ul>
</li>
</ul>
<p>
We need a few steps to generate our LL:NG certificate (unless you already have one).
You first need to create a pair of SSH Keys in LL:NG:
</p>
<pre class="code">SAML 2 Service -> Security Parameters -> Signature</pre>
<p>
and click “New keys”
<img src="nextcloud_certificate_keys.png" class="mediacenter" alt="" />
</p>
<p>
Take the private key in a private.key file, and run the following:
</p>
<pre class="code">openssl req -new -key private.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</pre>
<p>
Copy/Paste the content of your new cert.pem in the “Public X.509 certificate of the IdP” field of your NextCloud.
</p>
<p>
Your fields should look like this:
<img src="nextcloud_saml_configuration.png" class="mediacenter" alt="" />
</p>
<p>
You can now download your metadata xml file.
</p>
</div>
<!-- EDIT6 SECTION "NextCloud, SAML 2.0 configuration" [1169-2671] -->
<h2 class="sectionedit7" id="llng_saml_20_service_provider_configuration">LL:NG, SAML 2.0 Service Provider configuration</h2>
<div class="level2">
<p>
We now have to define a service provider (e.g our nextcloud) in LL:NG.
</p>
<p>
Go to “<abbr title="Security Assertion Markup Language">SAML</abbr> service providers”, click on “Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP” and name it as you want (example : 'NextCloud')
</p>
<p>
In the new subtree 'NextCloud', open 'Metadata' and paste the content of your previously downloaded file (or upload the file)
</p>
<p>
<img src="nextcloud_service_metadata.png" class="mediacenter" alt="" />
</p>
<p>
Now go in “Exported attributes” and add, at least, the 'uid'
</p>
<p>
<img src="nextcloud_service_exportedattributes.png" class="mediacenter" alt="" />
</p>
<p>
Don't forget to save your configuration.
</p>
<p>
You are now good to go, and you can add the application in <a href="../portalmenu.html" class="wikilink1" title="documentation:1.9:portalmenu">your menu</a> and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.9:configvhost">your virtual hosts</a>.
</p>
</div>
<!-- EDIT7 SECTION "LL:NG, SAML 2.0 Service Provider configuration" [2672-] --></div>
</body>
</html>
|
