Nextcloud



Login as an administrator to your Nexcloud instance at https://nextcloud.domain.com

Enable the "SSO & SAML authentication" app

Go to your SAML settings at https://nextcloud.domain.com/settings/admin/saml

Settings

Attribute to map the UID to:

email

Do not enable option "Only allow authentication if an account is existent on some other backend. (e.g. LDAP)"

Identity provider Data

Identifier of the IdP entity:

https://mydomain.trustelem.com/app/166XXX

URL Target of the IdP where the SP will send the Authentication Request Message

https://mydomain.trustelem.com/app/166XXX/sso

Optional identity provider settings

URL Location of the IdP where the SP will send the SLO Request

https://mydomain.trustelem.com/app/166XXX/slo

Certificate (available in the setup page of your Trustelem application)

Attribute mapping

Use: displayname and email

Security settings / Signatures and encryption required

Enable the following options:

"Indicates a requirement for the samlp:Response, samlp:LogoutRequest and samlp:LogoutResponse elements received by this SP to be signed"
"Indicates a requirement for the saml:Assertion elements received by this SP to be signed"