Nextcloud SAML Single Sign-On (SSO) Integration with Drupal as IdP

Drupal can be set as a centralized identity provider or an authentication source for the users across other applications via Single Sign-On (SSO). This document will walk you through the steps of integrating Drupal as SAML 2.0 IDP and Nextcloud as a Service Provider (SP) using the miniOrange SAML IDP module. This will allow you to manage users and their permissions in a place and at the same time the users can access multiple applications with single credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Note: You will require a Premium version of the module to configure the Nextcloud as SP and Drupal as IDP.

Obtain SAML IDP Metadata from Drupal:

• After the successful module installation, navigate to the Configuration → People → Drupal SAML IDP Configuration.

• From the IDP Metadata tab, copy the IDP-Entity ID/Issuer and SAML Login URL. Optionally, download the Certificate (open in Notepad and copy). Keep these for configuring Nextcloud as a SAML SP.

Configure Nextcloud as a Service Provider:

• Login to your Nextcloud Web interface as admin.
• Navigate to the Profile Icon from the top right side and click on Apps.

• Under the search field, search for SSO & SAML authentication and click on the Download and Enable button.

• Again, navigate to the Profile icon and click on Administration settings.

• From the left panel, scroll down, and click SSO & SAML authentication, then select Use built-in SAML authentication.

• Under Global settings, enable the checkbox Allow the use of multiple user back-ends. (e.g. LDAP)

• In General, enter the following information in the corresponding text fields.

Attribute to map the UID to	Email
Optional display name of the identity provider (default “SSO & SAML log in”)	Enter the Application name as Drupal

• Provide the appropriate information in the Configure your IdP settings section of the Nextcloud Application from the IDP Metadata tab of the module.

Nextcloud Field	Identity Provider Information (Drupal)
Identifier of the IdP entity	IDP-Entity ID / Issuer
URL Target of the IdP where the SP will send the Authentication Request Messag	SAML Login URL


• Click Show optional Identity Provider settings, then paste the copied Certificate (from the Drupal site) into the Public X.509 certificate of the IdP textfield.

• Click on the Download Metadata XML button to download the Nextcloud metadata.

Configuring Drupal as SAML Identity Provider (IdP):

• Head towards the Drupal site and navigate to the Service Provider Setup tab of the miniOrange SAML IDP module ( /admin/config/people/miniorange_saml_idp/sp_setup). (/admin/config/people/miniorange_saml_idp/sp_setup)
• Click on the Upload SP Metadata.

• Upload the metadata file downloaded from the Nextcloud.

• Click on the Test button to test the SSO.

• If the Test is successful, a new window will appear in which you will be logged in to the Nextcloud dashboard.

You have successfully configured the SAML SSO between Nextcloud as SAML SP and Drupal as SAML IDP.