add first solution for nextcloud sso with keycloak

docs/divers/devops/index.md

@@ -2,3 +2,4 @@
 
 - [Déployer un site web avec Hugo](hugo.md)
 - [Déployer une documentation avec Mkdocs](mkdocs.md)
+- [Keycloak as SSO for Nextcloud](keycloak-nextcloud.md)

docs/divers/devops/keycloak-nextcloud.md

@@ -0,0 +1,103 @@
+# Keycloak as SSO in Nextcloud
+
+In this guide we will cover two methods to have SSO in Nextcloud via Keycloak.
+The first one uses the plugin Social Login in Nextcloud.
+The second one uses the OpenidConnect plugin.
+
+## SSO with Social Login plugin
+
+### Keycloak configuration
+
+#### Create a client
+
+We need first to create a client in keycloak, to connect to Nextcloud.
+
+Name `Client id` as you wish.
+
+![create a client](img/keycloak-nextcloud/keycloak_create-client.png)
+
+Use the following settings:
+
+![settings for client](img/keycloak-nextcloud/keycloak_client-settings.png)
+
+#### Create a new role in client
+
+In **Roles** tab, we create a role admin that we will map to Nextcloud.
+
+![create role](img/keycloak-nextcloud/keycloak_client-newrole.png)
+
+#### Create a new protocol mapper
+
+In **Mappers** tab, we create a mapper for roles.
+
+![create mapper](img/keycloak-nextcloud/keycloak_client-newmapper.png)
+
+#### Map roles for user
+
+Go to an admin user you created (or create an user) and map admin role we created.
+
+Go to the **Role Mappings** tab, then select the client you created in the **Client Roles** 
+selection box, then click on **Add Selected** in the bottom-left to promote admin from available 
+to assigned roles.
+
+![map roles for user](img/keycloak-nextcloud/keycloak_user-rolemapping.png)
+
+
+#### Check if mapping has been catched by client
+
+Go back to client part and evaluate client scope for the admin user you just configured. 
+
+Go to your client, tab **Client Scopes**, select your user and clic on **Evaluate**.
+
+Check the **Generated Access Token** tab to see if the user get admin role.
+
+![evaluate client scope](img/keycloak-nextcloud/keycloak_client-evaluaterolemapping.png)
+
+#### Get Client Secret
+
+Go in **Client** -> **Credentials**, to get client secret that we will need to configure nextcloud plugin.
+
+![get client secret](img/keycloak-nextcloud/keycloak_client-getcredentials.png)
+
+#### See Endpoints
+
+You will also need endpoints urls to adapt Nextcloud Social Login plugin configuration.
+
+Go in **Realm Settings** -> **General**, clic on `OpenID EndpointConfiguration`.
+
+![Ask for conf page](img/keycloak-nextcloud/keycloak_realm-accessconf.png)
+
+You will be redirected to the API endpoint, showing you endpoits url and other infos:
+
+![json endpoint data](img/keycloak-nextcloud/keycloak_realm-json.png)
+
+
+### Use Social Login
+
+#### Install Social Login Plugin
+
+1. In Nextcloud, go to Applications and search for Social Login.
+
+2. Clic on Download and install.
+
+#### Configure Social Login
+
+1. Go to Administration Settings, where a new section has been created for Social Login.
+
+2. Use following configuration and Save:
+
+    ![Social Login Settings](img/keycloak-nextcloud/social_settings.png)
+
+3. Create a custom OpenId Connect
+
+    Use following configuration and adapt enpoints and secret. 
+
+    ![Custom Openid Connect](img/keycloak-nextcloud/social_customopenid.png)
+
+4. Reform Logout Url like this:
+  
+    ```
+    https://keycloak.domain.ext/auth/realms/your-realm/protocol/openid-connect/logout?redirect_uri=https://nextcloud.domain.ext
+    ```
+    
+5. Don't forget to save

mkdocs.yml

@@ -72,6 +72,7 @@ nav:
             - "Index": divers/devops/index.md
             - "Hugo": divers/devops/hugo.md
             - "MkDocs": divers/devops/mkdocs.md
+            - "Keycloak Nextcloud": divers/devops/keycloak-nextcloud.md
         - "Interne":
             - "Index": divers/internal/index.md
             - "Imprimantes": divers/internal/install-printers.md