nextcloud as an single-sign-on (SSO) Backend

Question

nextcloud as an single-sign-on (SSO) Backend

inos-github opened this issue 8 years ago · 9 comments

What I am looking for is a way to use nextcloud as a SSO-Backend (little bit like github SSO) to authenticate users for another web-app. There are a lot of installations on hosted servers without the opportunity to install ldap or a similar service for SSO - authentication.

First of all, I am NOT a programmer so I might be totally wrong with my thoughts...

there should be Settings for admins (optionally group-admins) containing:
- appURL (the URL to be called after authentication)
- appKey
- appSecret
- option for setting a cookie if user is logged in already
there should be a nextcloud URL to be called with the hashed appKey as parameter
- eg: https://my.cloud.com/auth?<hashed appKey salted with appSecret>
- then the app should verify the calling domain and the appKey against the settings
- a login screen should be provided
- after successful login, the app sends back all information available for the user, loging in:
  - eg: ID, DisplayName, all Groups user is member, Mail, Language, TimeZone, ...
  - the answer should be hashed again using appSecret as salt
optionally: if the user is logged-in to nextcloud already, a cookie should be set and all the information passed without another authentication.

If all this (or a similar solution) exists already and I did not found it, please give me some hints how I can proceed.

Thank you for your great work!
Martin

Answer 1 · 2017-05-14T14:01:23.000Z

For OpenID Connect this would be an identity provider, right? Having an app in Nextcloud for this would be great!

Answer 2 · 2017-07-29T14:05:02.000Z

A bit of a workaround, but this this you can use your Nextcloud db as a auth backend for SimpleSAMLphp (not really tested and experimental):
https://github.com/poVoq/simplesamlphp-module-sqlauthphppassword

Answer 3 · 2019-02-11T13:03:20.000Z

OpenID Connect (OIDC) is being worked on.

Answer 4 · 2019-02-11T15:13:22.000Z

OpenID Connect (OIDC) is being worked on.

sounds great - Thanks!

Answer 5 · 2020-05-10T20:22:21.000Z

OpenID Connect (OIDC) is being worked on.

Is it really? Am afraid not.

Answer 6 · 2020-07-01T02:39:09.000Z

keep alive

Answer 7 · 2020-07-01T04:39:43.000Z

Apparently it is being worked on indeed: https://apps.nextcloud.com/apps/user_oidc

Answer 8 · 2021-12-24T03:28:46.000Z

user_oidc is to use an OIDC server as user backend for nextcloud, not to use nextcloud as an OIDC backend.

However, as @Thesola10 mentioned in #8846 (comment),
https://apps.nextcloud.com/apps/solid looks like it could serve as an OIDC provider

Answer 9 · 2022-11-15T21:39:14.000Z

I think this is out-of-scope for the Nextcloud server core, but it's already available as third-party app (https://github.com/H2CK/oidc).