improve keycloak integration #62
Open
opened 2026-03-06 23:03:56 +00:00 by oxaliq
·
5 comments
No Branch/Tag Specified
main
renovate/docker.elastic.co-elasticsearch-elasticsearch-8.x
renovate/nextcloud-34.x
renovate/nextcloud-32.x
renovate/docker.elastic.co-elasticsearch-elasticsearch-9.x
renovate/nginx-1.x
renovate/pgautoupgrade-pgautoupgrade-18.x
upload-limit
renovate/mariadb-12.x
feature/imaginary
renovate/mariadb-11.x
kc_stable
nextcloud-v28
add-theming-v28.0.5
add-theming
update-nginx-conf
split-bbb-onlyoffice-compos
split-onlyoffice-bbb-config
authentik_sso
healthchecks
occ_cmds
auto_app_install
embed_nextcloud_in_iframe
auto_configure_sso
add-postgres-db
13.1.0+32.0.11-fpm
13.0.1+32.0.3-fpm
13.0.0+32.0.3-fpm
12.1.0+31.0.6-fpm
12.0.1+31.0.6-fpm
12.0.0+31.0.6-fpm
11.4.0+30.0.6-fpm
11.4.0+30.0.10-fpm
11.3.0+30.0.6-fpm
11.2.0+30.0.6-fpm
11.1.0+30.0.6-fpm
11.0.1+30.0.4-fpm
11.0.0+30.0.4-fpm
10.0.0+30.0.4-fpm
9.2.0+29.0.8-fpm
6.0.11+28.0.10-fpm
6.0.10+28.0.10-fpm
6.0.9+28.0.10-fpm
9.1.2+29.0.5-fpm
6.0.8+28.0.5-fpm
6.0.7+28.0.5-fpm
9.1.0+29.0.5-fpm
9.0.0+29.0.5-fpm
6.0.6+28.0.5-fpm
8.0.1+29.0.3-fpm
8.0.0+29.0.1-fpm
7.0.3+29.0.1-fpm
6.0.5+28.0.5-fpm
7.0.2+29.0.1-fpm
7.0.1+29.0.1-fpm
7.0.0+29.0.0-fpm
6.0.4+28.0.5-fpm
6.0.3+28.0.5-fpm
6.0.2+28.0.5-fpm
5.0.3+27.0.1-fpm
6.0.1+28.0.2-fpm
6.0.0+28.0.1-fpm
5.2.0+27.1.5-fpm
5.1.1+27.1.5-fpm
5.1.0+27.1.3-fpm
5.0.2+27.0.1-fpm
5.0.1+27.0.1-fpm
5.0.0+27.0.0-fpm
4.0.7+26.0.2-fpm
4.0.6+26.0.2-fpm
4.0.5+26.0.2-fpm
4.0.4+26.0.2-fpm
4.0.3+26.0.2-fpm
4.0.2+26.0.2-fpm
4.0.1+26.0.1-fpm
4.0.0+26.0.1-fpm
3.3.2+25.0.6-fpm
3.3.1+25.0.5-fpm
3.3.0+25.0.5-fpm
3.2.0+25.0.4-fpm
3.1.2+25.0.4-fpm
3.1.1+25.0.1-fpm
3.1.0+25.0.1-fpm
3.0.1+25.0.1-fpm
3.0.0+25.0.1-fpm
2.1.4+24.0.6-fpm
2.1.3+24.0.5-fpm
2.1.2+24.0.3-fpm
2.1.1+24.0.2-fpm
2.1.0+24.0.0-fpm
2.0.0+23.0.4-fpm
1.0.0+23.0.1-fpm
No Label
Milestone
No items
No Milestone
Assignees
3wordchant
aadil (Aadil Ayub)
abra-bot (Abra Bot)
ammaratef45
amras (Sarma)
Apfelwurm
appletalk
arjan
basebuilder
BornDeleuze
Brooke
carla
cas (Cassowary)
codegod100
coopcloud
cyrnel
decentral1se (decentral1se)
dede
devydave
fauno (fauno)
flancian
Frando
iexos
jade (Jade Ambrose)
javielico (Javielico)
jjsfunhouse
jmakdah2
joe-irving (Joe Irving)
kawaiipunk (KawaiiPunk)
knoflook
kolaente
lambdabundesverband
linnealovespie
marlon (marlon)
mayel
mirsal
moosemower
moritz
nicksellen
notplants
oxaliq (sorrel)
p4u1
pau
pharaohgraphy (Andrew 🐦🔥❤️🔥✴️)
PhiNatalie
renovate-bot (Comrade Renovate Bot)
ripclap
rix
rscmbbng
sef (sef)
simon
sixsmith (Sixsmith)
stevensting
tobias
trav
val (val (he/him))
vaznasty
virtualboys
wolcen (Chris Thompson)
wykwit
xynosis
yksflip
Clear assignees
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/nextcloud#62
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
i'd like to make keycloak integration more idiomatic (akin to integrating authentik as the OIDC provider.)
nextcloud maintains user_oidc app and recommends it as the default OIDC integration.
documentation for coop cloud's nextcloud recipe recommends oidc_login and configuration of nextcloud's
config.phpfile. This is high touch, requiring changes made to the running container or maintaining the file in a local fork of the recipe and mounting the file as an EXTRA_VOLUME.as a more idiomatic approach, a
compose.keycloak.ymlconfiguration could be used, in conjunction with changes to the keycloak recipe, to configure the integration viaabra app config $DOMAINandabra app secret generate ...i'd love to take on this task based on what our coop has learned from deploying AIO nextcloud with ansible, but am proposing here first.
Hell yeh @oxaliq, would love to see the PR!
@oxaliq Great! I also wanted to build this, but haven't had time yet. I was thinking, it should be possible to make this independent of Keycloak, right? Create a compose.user_oidc.yml to configure any OIDC provider? So this can also be used with e.g. Rauthy, not just Keycloak.
hey! i have a PR i'd like to open (incorporating @dannygroenewegen 's suggestion to focus on the Nextcloud app rather than the OIDC provider.)
I don't seem to have permissions to push to a new branch in this repo, though.
@oxaliq You can create a fork of the nextcloud repo, push the branch there, and use that for a PR.
I see that the PR has been merged, but nextcloud hasn't have a new release - is that planned? Also, I think there are some updates for nextcloud.