Nextcloud

I have come to the realization that online documentation around configuring Nextcloud to use SAML is lacking. I am not an expert by ANY means but I know enough to get things working with some trial and error. The following post is more or less a TL;DR of what to set to enable SAML auth in Nextcloud via Keycloak.

If your Nextcloud instance is returning “invalid requester” after SAML has been working for some time there is a chance the certificate has expired. Many tutorials online for setting up Nextcloud with SAML+Keycloak have the user use the “Regenerate” button for creating the key/cert pair. This is perhaps more complicated and the renewal time is sub 3 months, so this process needs to be done fairly often. Below is a set of simple steps to update those certs and keys.