Online Help

SafeNet Trusted Access for Nextcloud

Overview

Configuring SafeNet Trusted Access for Nextcloud is a three-step process:

1.Nextcloud setup

2.SafeNet Trusted Access setup

3.Verify authentication

Nextcloud Setup

As a prerequisite, download the Identity Provider certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps given below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Nextcloud:

1.Login to Nextcloud as an administrator using the URL, https://<Nextcloud Installation Directory>/index.php/login.

For example, https://saml-sp-02.gemalto.demolab.at/nextcloud/index.php/login

2.On the Nextcloud homepage, on the top right-hand side corner, click on the administrator icon (for example ), and click Apps.

3.In the left pane, click Integration.

4.In the right pane, scroll down to the SSO & SAML authentication tile and click Download and enable.

5.On the top right-hand side corner, click > Settings.

6.In the left pane, under Administration, click SSO & SAML authentication.

7.Under SSO & SAML authentication, perform the following steps:

a.Click Use built-in SAML authentication. You will be redirected to the built-in SAML form in Nextcloud.

b.Under Global settings, select the Allow the use of multiple user back-ends (e.g. LDAP) checkbox.

8.On the Provider 1 tab, perform the following step:

a.Under General, perform the following steps:

In the Attribute to map the UID to field, enter username. This is the mapping attribute between IdP and SP.

In the Optional display name of the identity provider (default: “SSO & SAML log in”) field, enter a label name (for example, SafeNet IDP) of your choice for the SAML login button.

b.Under Identity Provider Data, perform the following steps:

In the Identifier of the IdP entity (must be a URI) field, enter the Issuer/Entity ID URL provided on the SafeNet Trusted Access console. On the SafeNet Trusted Access console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the ISSUER/ENTITY ID field.

In the URL Target of the IdP where the SP will send the Authentication Request Message field, enter the SingleSignOnService URL provided on the SafeNet Trusted Access console. On the SafeNet Trusted Access console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

Click Hide optional Identity Provider settings…

In the URL Location of the IdP where the SP will send the SLO Request field, enter the SingleSignOnService URL provided on the SafeNet Trusted Access console. On the SafeNet Trusted Access console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

In Public X.509 certificate of the IdP field, enter the identity provider certificate that you downloaded earlier from the SafeNet Trusted Access console.

c.Click Download metadata XML. The Nextcloud metadata will be downloaded automatically. Save it as a .xml file on your local machine.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Nextcloud, the second step is to activate the Nextcloud application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Nextcloud application that you added previously is currently in inactive state by default. To configure and activate this application, click the application (for example, Nextcloud) and proceed to the next step.

2.Under STA Setup, click Upload Nextcloud Metadata.

3.On the Metadata upload window, click Browse to search and select the Nextcloud metadata that you obtained earlier in the step 8(c) of the Nextcloud Setup section.

Under Account Details, the service provider metadata information is displayed.

4.Under User Portal Settings, in the SERVICE LOGIN URL field, enter the Nextcloud installation directory URL (for example, https://saml-sp-02.gemalto.demolab.at/nextcloud)

5.Click Save Configuration to save the details and activate the Nextcloud application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Nextcloud login URL, https://<Nextcloud installation directory>/index.php/login. Click SafeNet IDP, you will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Nextcloud application after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Nextcloud application icon, you should be redirected to the Nextcloud application after authentication.

 

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.