Integrating Casdoor with Nextcloud: Bridging Authentication Realms

Zhekai Xu MVP

Background

In the ever-expanding world of cloud applications, making sure everything works seamlessly and securely is key. Recently, I successfully deployed Casdoor, integrated it with Alist, and installed Nextcloud on my server. This journey highlighted the need for a smoother, user-friendly authentication flow across all my services.

Introduction to Casdoor

Casdoor is an open-source authentication and authorization system. It simplifies user management and access control, offering a centralized identity solution. Perfect for those seeking a unified authentication experience.

Introduction to Nextcloud

Nextcloud , a self-hosted productivity platform, lets you store, share, and collaborate on files and documents. It’s a versatile solution for businesses and individuals, providing a secure and private cloud environment.

Why Integrate Casdoor with Nextcloud?

The integration of Casdoor with Nextcloud brings numerous benefits:

  • Single Sign-On (SSO): Users seamlessly navigate between Casdoor and Nextcloud without logging in multiple times, enhancing the user experience.

  • Centralized User Management: Casdoor acts as a centralized user management system, ensuring consistent user permissions and roles across all integrated applications, including Nextcloud.

  • Enhanced Security: Centralizing authentication improves security by eliminating the need for multiple sets of credentials, providing a unified authentication source.

Now, let’s dive into the step-by-step process of integrating Casdoor with Nextcloud.

Step 1: Install Casdoor and Prepare for Integration

  1. Start by installing Casdoor on your server. Follow the official Casdoor installation guide to set up the authentication system.

    docker-compose.yaml (for reference only)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    version: '3.3'
    services:
    alist:
    restart: always
    volumes:
    - ./conf:/conf/
    network_mode: host
    #ports:
    # - '8000:8000'
    container_name: casdoor
    image: 'casbin/casdoor:latest'
  2. Create a new organization and fill in the necessary information.

  3. (Optional) Create a new cert and assign it to the organization.

  4. Create a new application, leaving it empty for now. We will return to it after installing Nextcloud.

Step 2: Set Up Nextcloud Using Docker

If you haven’t already, install Nextcloud on your server using Docker. Follow the Nextcloud installation documentation .

docker-compose.yaml (for reference only)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
version: '2'

services:
db:
image: 'mariadb'
restart: unless-stopped
environment:
MARIADB_ROOT_PASSWORD: 'nextcloud'
MARIADB_DATABASE: 'nextcloud'
MARIADB_USER: 'nextcloud'
MARIADB_PASSWORD: 'nextcloud'
volumes:
- ./db:/var/lib/mysql
app:
image: nextcloud
ports:
- 8888:80 # map the 80 port of docker to 8888 on host, change it as you desired
links:
- db
environment:
MYSQL_DATABASE: 'nextcloud'
MYSQL_USER: 'nextcloud'
MYSQL_PASSWORD: 'nextcloud'
MYSQL_HOST: 'db'
volumes:
- ./config:/var/www/html/config
- ./data:/var/www/html/data
- /root/file:/hostdata # map to external storage, change it as you desired
- ./apps:/var/www/html/apps
restart: always

Step 3: Configure Casdoor

  1. Return to the application created earlier. Fill in ‘Redirect URLs’ and ‘SAML reply URL’:

    • Redirect URLs: https://<your domain>/apps/user_saml/saml/metadata
    • SAML reply URL: https://<your domain>/apps/user_saml/saml/acs
  2. Refer to the ‘SAML metadata’ section, noting the X509Certificate and SingleSignOnService’s Location.

  3. Save and exit.

Step 4: Integrate Casdoor with Nextcloud

  1. Download and enable the “SSO & SAML authentication“ plugin in Nextcloud.

  2. Refer to the General section:

    • Attribute to use as a user ID
    • IdP name
    Example

    image-20231115175703559

  3. Refer to Identity Provider Data, fill in:

    • Your Casdoor domain
    • SingleSignOnService’s Location
    • X509Certificate
    Example

    image-20231115175515111

  4. Refer to Attribute mapping, fill in as needed.

    Example

    image-20231115175703559

Step 5: Test the Integration

Open a private tab and enter your Nextcloud URL. You should be redirected to the Casdoor website automatically.

Alert

Use your admin account to grant admin privileges to the Casdoor-authenticated account. Otherwise, you’ll lose access to Nextcloud’s Administration Settings.

  • Title: Integrating Casdoor with Nextcloud: Bridging Authentication Realms
  • Author: Zhekai Xu
  • Created at : 2023-11-15 18:15:00
  • Updated at : 2024-02-06 22:49:56
  • Link: https://www.firmant.me/2023/11/15/Integrete-Casdoor-with-Nextcloud/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments