{"id":3687,"date":"2018-04-05T09:06:13","date_gmt":"2018-04-05T07:06:13","guid":{"rendered":"https:\/\/rephlex.de\/blog\/?p=3687"},"modified":"2019-05-28T08:39:46","modified_gmt":"2019-05-28T06:39:46","slug":"how-to-connect-nextcloud-to-active-directory-using-ad-fs-without-losing-your-mind","status":"publish","type":"post","link":"https:\/\/rephlex.de\/blog\/2018\/04\/05\/how-to-connect-nextcloud-to-active-directory-using-ad-fs-without-losing-your-mind\/","title":{"rendered":"How to connect Nextcloud to Active Directory using AD FS (without losing your mind)"},"content":{"rendered":"<p><strong>Disclaimer:<\/strong><\/p>\n<ul>\n<li style=\"text-align: left;\">This article is LONG. What you&#8217;re about to do is complicated.<\/li>\n<li style=\"text-align: left;\">Read the stuff between the screenshots. It&#8217;s mostly commented screenshots, really.<\/li>\n<li style=\"text-align: left;\">Works for me &#8482;. If it does not work for you, drop me an email or add a comment down below. I&#8217;ll answer within minutes, usually.<\/li>\n<li style=\"text-align: left;\">I can&#8217;t be blamed.<\/li>\n<li style=\"text-align: left;\">I can&#8217;t be sued.<\/li>\n<li style=\"text-align: left;\">Use your brain. Try not to loose it, though.<\/li>\n<li style=\"text-align: left;\">I was lazy when i wrote this, so you have GERMAN screenshots and ENGLISH text. Come on, you can do it. Usually I do it the other way around all day trying to translate Microsoft-English to sane German. You can figure stuff out by looking at the screenshots i guess. Just think Wei\u00dfwurst and Sauerkraut.<\/li>\n<\/ul>\n<p>This walkthrough is provided as a complete lab, that means i&#8217;lll be installing Windows, Linux, Installing an AD, a webserver and all of that stuff. If you already have that infrastructure in place (or bits &amp; pieces of it), just skip the corresponding parts.<\/p>\n<p>Here&#8217;s the <strong>table of contents:<\/strong><\/p>\n<ul>\n<li style=\"text-align: left;\">1. Install Windows<\/li>\n<li style=\"text-align: left;\">2. Set up Active Directory<\/li>\n<li style=\"text-align: left;\">3. Install Linux<\/li>\n<li style=\"text-align: left;\">4. Install Apache + MariaDB<\/li>\n<li style=\"text-align: left;\">5. Install Nextcloud<\/li>\n<li style=\"text-align: left;\">6. Install the Nextcloud SAML \/ SSO Plugin<\/li>\n<li style=\"text-align: left;\">7. DoNutS &amp; SSaLt<\/li>\n<li style=\"text-align: left;\">8. Install Install AD FS<\/li>\n<li style=\"text-align: left;\">9. Configure AD FS<\/li>\n<li style=\"text-align: left;\">10. Configure Nextcloud for AD FS Authentication<\/li>\n<\/ul>\n<h1 style=\"text-align: left;\">Step 1: Install Windows<\/h1>\n<p>Duh. obviously. I use Windows Server 2016, you might use a different version on your own risk, or you already have it in place, whatever.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-04-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3689\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-04-12.png\" alt=\"\" width=\"1023\" height=\"766\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-04-12.png 1023w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-04-12-300x225.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-04-12-768x575.png 768w\" sizes=\"auto, (max-width: 1023px) 100vw, 1023px\" \/><\/a><\/p>\n<h1>Step 2: Set up Active Directory<\/h1>\n<p>So you need at least one domain contoller running, obviously. Just for this example lab, i&#8217;ll set one up named <strong>dc01.testdomain.local.<\/strong><\/p>\n<p>Head over to the Server Manager, add the &#8222;Active Directory Domain Services&#8220; Role, install it and configure your domain, then reboot. You should have a working Acrive Directory with one domain now. Just for reference i added some screenshots here, in case this REALLY is your first time setting up a domain. Good luck, in that case&#8230; \ud83d\ude42<!--more--><\/p>\n<p>Oh and by the way, you notice the screenshots are in German, because that&#8217;s my native language. Go learn it while Windows installs all the updates. It&#8217;s fun.<\/p>\n<p>If there&#8217;s a screenshot missing, I probably just clicked next without changing anything, and so should you.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-28-49.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3692\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-28-49.png\" alt=\"\" width=\"797\" height=\"561\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-28-49.png 797w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-28-49-300x211.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-28-49-768x541.png 768w\" sizes=\"auto, (max-width: 797px) 100vw, 797px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-29-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3693\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-29-10.png\" alt=\"\" width=\"820\" height=\"569\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-29-10.png 820w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-29-10-300x208.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-29-10-768x533.png 768w\" sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3694\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-10.png\" alt=\"\" width=\"802\" height=\"568\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-10.png 802w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-10-300x212.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-10-768x544.png 768w\" sizes=\"auto, (max-width: 802px) 100vw, 802px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-56.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3695\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-56.png\" alt=\"\" width=\"842\" height=\"576\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-56.png 842w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-56-300x205.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-30-56-768x525.png 768w\" sizes=\"auto, (max-width: 842px) 100vw, 842px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3696\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-12.png\" alt=\"\" width=\"943\" height=\"667\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-12.png 943w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-12-300x212.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-12-768x543.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-52.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3697\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-52.png\" alt=\"\" width=\"919\" height=\"654\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-52.png 919w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-52-300x213.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-31-52-768x547.png 768w\" sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-32-23.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3698\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-32-23.png\" alt=\"\" width=\"909\" height=\"658\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-32-23.png 909w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-32-23-300x217.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-32-23-768x556.png 768w\" sizes=\"auto, (max-width: 909px) 100vw, 909px\" \/><\/a> <a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-33-41.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3699\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-33-41.png\" alt=\"\" width=\"914\" height=\"656\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-33-41.png 914w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-33-41-300x215.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-33-41-768x551.png 768w\" sizes=\"auto, (max-width: 914px) 100vw, 914px\" \/><\/a><\/p>\n<p>After the installation finishes, the server reboots automatically without prompting. Oh, well.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3701\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52.png\" alt=\"\" width=\"1062\" height=\"864\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52.png 1062w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52-300x244.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52-768x625.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-37-52-1024x833.png 1024w\" sizes=\"auto, (max-width: 1062px) 100vw, 1062px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-38-58.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3702\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-38-58.png\" alt=\"\" width=\"627\" height=\"153\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-38-58.png 627w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-38-58-300x73.png 300w\" sizes=\"auto, (max-width: 627px) 100vw, 627px\" \/><\/a><\/p>\n<h1>Step 3: Install Linux<\/h1>\n<p>Yay, fun, Linux! I use <strong>Ubuntu 18.04 &#8222;bionic&#8220; Server<\/strong> just to have all the hipster stuff in place. 18.04 is not even a stable release at the time i&#8217;m writing this.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-40-44.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3704\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-40-44.png\" alt=\"\" width=\"663\" height=\"578\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-40-44.png 663w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-40-44-300x262.png 300w\" sizes=\"auto, (max-width: 663px) 100vw, 663px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-53-18.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3705\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-53-18.png\" alt=\"\" width=\"666\" height=\"540\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-53-18.png 666w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-53-18-300x243.png 300w\" sizes=\"auto, (max-width: 666px) 100vw, 666px\" \/><\/a><\/p>\n<p>Look, finished already. Of course you want to do all the updates.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-57-16.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3707\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-57-16.png\" alt=\"\" width=\"1019\" height=\"701\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-57-16.png 1019w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-57-16-300x206.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-09-57-16-768x528.png 768w\" sizes=\"auto, (max-width: 1019px) 100vw, 1019px\" \/><\/a><\/p>\n<blockquote>\n<p>rephlex@nextcloud:~$ sudo apt update &amp;&amp; sudo apt -y dist-upgrade<\/p>\n<p>[&#8230;]<\/p>\n<p>done \ud83d\ude09<\/p>\n<\/blockquote>\n<h1>Step 4: Install Apache + MariaDB<\/h1>\n<p>First and foremost, we need a webserver.<\/p>\n<blockquote>\n<p>rephlex@nextcloud:~$ sudo apt -y install php-mbstring php php-zip php-xml php-common php-gd php-curl apache2<\/p>\n<\/blockquote>\n<p>Second, database server.<\/p>\n<blockquote>\n<p>rephlex@nextcloud:~$ sudo apt -y install mariadb-server<\/p>\n<\/blockquote>\n<p>We now configure our database server &#8230;<\/p>\n<blockquote>\n<p>rephlex@nextcloud:~$ sudo mysql_secure_installation<\/p>\n<p>[&#8230;]<\/p>\n<p>Enter current password for root (enter for none):<br \/>OK, successfully used password, moving on&#8230;<\/p>\n<p>Setting the root password ensures that nobody can log into the MariaDB<br \/>root user without the proper authorisation.<\/p>\n<p>Set root password? [Y\/n] Y<br \/>New password:<br \/>Re-enter new password:<br \/>Password updated successfully!<br \/>Reloading privilege tables..<br \/>&#8230; Success!<\/p>\n<p>[&#8230;]<\/p>\n<p>Remove anonymous users? [Y\/n] Y<br \/>&#8230; Success!<\/p>\n<p>Normally, root should only be allowed to connect from &#8218;localhost&#8216;. This<br \/>ensures that someone cannot guess at the root password from the network.<\/p>\n<p>Disallow root login remotely? [Y\/n] Y<br \/>&#8230; Success!<\/p>\n<p>By default, MariaDB comes with a database named &#8218;test&#8216; that anyone can<br \/>access. This is also intended only for testing, and should be removed<br \/>before moving into a production environment.<\/p>\n<p>Remove test database and access to it? [Y\/n] Y<br \/>&#8211; Dropping test database&#8230;<br \/>&#8230; Success!<br \/>&#8211; Removing privileges on test database&#8230;<br \/>&#8230; Success!<\/p>\n<p>Reloading the privilege tables will ensure that all changes made so far<br \/>will take effect immediately.<\/p>\n<p>Reload privilege tables now? [Y\/n] Y<br \/>&#8230; Success!<\/p>\n<p>Cleaning up&#8230;<\/p>\n<p>All done! If you&#8217;ve completed all of the above steps, your MariaDB<br \/>installation should now be secure.<\/p>\n<p>Thanks for using MariaDB!<br \/>rephlex@nextcloud:~$<\/p>\n<\/blockquote>\n<p>For demonstration purposes, we&#8217;ll use PHP as Apache Module (though fpm would be preferred, but that&#8217;s out of scope here).<\/p>\n<h1>Step 5: Install Nextcloud<\/h1>\n<p>We need to connect to our database server and create a new database schema and a user.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-10-22.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3709\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-10-22.png\" alt=\"\" width=\"761\" height=\"508\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-10-22.png 761w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-10-22-300x200.png 300w\" sizes=\"auto, (max-width: 761px) 100vw, 761px\" \/><\/a><\/p>\n<p>Next, head over to\u00a0<a href=\"https:\/\/nextcloud.com\/install\/#instructions-server\">https:\/\/nextcloud.com\/install\/#instructions-server<\/a>\u00a0and download the latest zip\/tgz archive to your webserver root, we&#8217;ll just use \/var\/www\/html.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-16-02.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3710\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-16-02.png\" alt=\"\" width=\"1007\" height=\"925\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-16-02.png 1007w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-16-02-300x276.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-16-02-768x705.png 768w\" sizes=\"auto, (max-width: 1007px) 100vw, 1007px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3711\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10.png\" alt=\"\" width=\"1058\" height=\"424\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10.png 1058w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10-300x120.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10-768x308.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-17-10-1024x410.png 1024w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><\/a><\/p>\n<p>Alright. Now head over to your web browser, and browse dat b*tch using the IP address: http:\/\/1.2.3.4\/nextcloud\/ in this case. Nextcloud will tell you to go away.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-21-13.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3713\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-21-13.png\" alt=\"\" width=\"804\" height=\"512\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-21-13.png 804w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-21-13-300x191.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-21-13-768x489.png 768w\" sizes=\"auto, (max-width: 804px) 100vw, 804px\" \/><\/a><\/p>\n<p>Try giving all your owncloud files to the webserver. As a present for the webserver gods, you know!?<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-22-20.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3714\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-22-20.png\" alt=\"\" width=\"693\" height=\"363\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-22-20.png 693w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-22-20-300x157.png 300w\" sizes=\"auto, (max-width: 693px) 100vw, 693px\" \/><\/a><\/p>\n<p>Refresh your web browser. Looks better.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-23-06.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3715\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-23-06.png\" alt=\"\" width=\"393\" height=\"453\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-23-06.png 393w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-23-06-260x300.png 260w\" sizes=\"auto, (max-width: 393px) 100vw, 393px\" \/><\/a><\/p>\n<p>We can fix that by installing php-mysql and php-gd. Note, we have to restart apache afterwards. If you&#8217;re running FPM, you have to restart FPM, but you&#8217;re experienced enough so I don&#8217;t have to tell you.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-25-07.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3717\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-25-07.png\" alt=\"\" width=\"702\" height=\"580\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-25-07.png 702w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-25-07-300x248.png 300w\" sizes=\"auto, (max-width: 702px) 100vw, 702px\" \/><\/a><\/p>\n<p>Now refresh again and finish the configuration.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-26-58.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3719\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-26-58.png\" alt=\"\" width=\"349\" height=\"909\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-26-58.png 349w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-26-58-115x300.png 115w\" sizes=\"auto, (max-width: 349px) 100vw, 349px\" \/><\/a><\/p>\n<p>Yay, nextcloud!<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3721\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12.png\" alt=\"\" width=\"1247\" height=\"686\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12.png 1247w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12-300x165.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12-768x422.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-28-12-1024x563.png 1024w\" sizes=\"auto, (max-width: 1247px) 100vw, 1247px\" \/><\/a><\/p>\n<h1>Step 6: Install the Nextcloud SAML \/ SSO Plugin<\/h1>\n<p>Go to &#8222;apps&#8220;, &#8222;Security&#8220; and install the &#8222;SSO &amp; SAML authentication&#8220; official app. Refer to the screenshot below:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3723\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39.png\" alt=\"\" width=\"1230\" height=\"693\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39.png 1230w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39-300x169.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39-768x433.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-32-39-1024x577.png 1024w\" sizes=\"auto, (max-width: 1230px) 100vw, 1230px\" \/><\/a><\/p>\n<p>Oh, wait&#8230;.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-34-20.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3725\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-34-20.png\" alt=\"\" width=\"260\" height=\"294\" \/><\/a><\/p>\n<p>Meh.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-35-53.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3726\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-35-53.png\" alt=\"\" width=\"723\" height=\"436\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-35-53.png 723w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-35-53-300x181.png 300w\" sizes=\"auto, (max-width: 723px) 100vw, 723px\" \/><\/a><\/p>\n<p><strong>MEH! WHAT THE&#8230;!<\/strong><\/p>\n<p>Turns out, php 7.2 has no mcrypt built in anymore because f*ck you. Oh well.<\/p>\n<blockquote>\n<p><strong># AS ROOT USER, run:<\/strong><\/p>\n<p>apt-get -y install gcc make autoconf libc-dev pkg-config libmcrypt-dev php-pear php-dev<\/p>\n<p>pecl install &#8211;nodeps mcrypt-snapshot<\/p>\n<\/blockquote>\n<p>When asked<\/p>\n<blockquote>\n<p>libmcrypt prefix? [autodetect] :<\/p>\n<\/blockquote>\n<p>just press return. When pecl is finished, it&#8217;ll tell you to add &#8222;extension=mcrypt.so&#8220; to php ini. In Ubuntu 18.04, We run:<\/p>\n<blockquote>\n<p>echo &#8222;extension=mcrypt.so&#8220; &gt; \/etc\/php\/7.2\/mods-available\/mcrypt.ini<\/p>\n<p>ln -s \/etc\/php\/7.2\/mods-available\/mcrypt.ini \/etc\/php\/7.2\/apache2\/conf.d\/20-mcrypt.ini<\/p>\n<p>ln -s \/etc\/php\/7.2\/mods-available\/mcrypt.ini \/etc\/php\/7.2\/cli\/conf.d\/20-mcrypt.ini<\/p>\n<p>service apache2 restart<\/p>\n<\/blockquote>\n<p>Again, if you&#8217;re running FPM you know how to put the module in place and have to do something different.<\/p>\n<p>Now, try to install the nextcloud extension again. Seems to work:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-46-22.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3727\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-46-22.png\" alt=\"\" width=\"394\" height=\"427\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-46-22.png 394w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-46-22-277x300.png 277w\" sizes=\"auto, (max-width: 394px) 100vw, 394px\" \/><\/a><\/p>\n<p>Now, go to Nextcloud Settings -&gt; SSO &amp; SAML Authentication, and select the INTEGRATED SAML thingie.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3728\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05.png\" alt=\"\" width=\"1241\" height=\"840\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05.png 1241w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05-300x203.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05-768x520.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-47-05-1024x693.png 1024w\" sizes=\"auto, (max-width: 1241px) 100vw, 1241px\" \/><\/a><\/p>\n<p>Done!<\/p>\n<p>We&#8217;ll leave the next window empty for now, <strong>but we&#8217;ll have to return here later.<\/strong><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-48-51.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3729\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-48-51.png\" alt=\"\" width=\"953\" height=\"768\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-48-51.png 953w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-48-51-300x242.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-48-51-768x619.png 768w\" sizes=\"auto, (max-width: 953px) 100vw, 953px\" \/><\/a><\/p>\n<h1>Step 7: Give\u00a0your Nextcloud Server a name and add some SS(a)L(t)!<\/h1>\n<p>It is <strong>MANDAORY<\/strong> to have a qualified name for your nextcloud instance. Either you&#8217;re running a FQDN that is globally valid in the &#8222;true&#8220; DNS, or you&#8217;re adding a fake local DNS A-Record as shown here:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3733\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11.png\" alt=\"\" width=\"1075\" height=\"851\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11.png 1075w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11-300x237.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11-768x608.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-55-11-1024x811.png 1024w\" sizes=\"auto, (max-width: 1075px) 100vw, 1075px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-56-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3734\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-56-10.png\" alt=\"\" width=\"792\" height=\"214\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-56-10.png 792w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-56-10-300x81.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-56-10-768x208.png 768w\" sizes=\"auto, (max-width: 792px) 100vw, 792px\" \/><\/a>#<\/p>\n<p>Now, open the nextcloud landing page by *using* that name, you&#8217;ll see that it refuses.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-57-48.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3736\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-57-48.png\" alt=\"\" width=\"388\" height=\"499\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-57-48.png 388w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-57-48-233x300.png 233w\" sizes=\"auto, (max-width: 388px) 100vw, 388px\" \/><\/a><\/p>\n<p>click &#8222;add trusted domain&#8220; and choose yes.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-58-54.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3735\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-58-54.png\" alt=\"\" width=\"841\" height=\"434\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-58-54.png 841w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-58-54-300x155.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-10-58-54-768x396.png 768w\" sizes=\"auto, (max-width: 841px) 100vw, 841px\" \/><\/a><\/p>\n<p>Next, we need SSL. Configure that yourself, for demo i&#8217;ll just run<\/p>\n<blockquote>\n<p>a2enmod ssl ; a2ensite default-ssl ; service apache2 restart<\/p>\n<\/blockquote>\n<p>Because i&#8217;m lazy. Now we can &#8222;securely&#8220; access nextcloud at <strong>https:\/\/nextcloud.testdomain.local\/nextcloud<\/strong><\/p>\n<h1>Step 8: Install AD FS<\/h1>\n<p>Now here&#8217;s the fun part.<\/p>\n<p>Server Manager -&gt; Add Roles &amp; Features -&gt; Active Directory Federation Services (AD FS). Do it.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-11.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3740\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-11.png\" alt=\"\" width=\"669\" height=\"208\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-11.png 669w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-11-300x93.png 300w\" sizes=\"auto, (max-width: 669px) 100vw, 669px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-26.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3741\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-26.png\" alt=\"\" width=\"665\" height=\"482\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-26.png 665w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-13-26-300x217.png 300w\" sizes=\"auto, (max-width: 665px) 100vw, 665px\" \/><\/a><\/p>\n<p>When it&#8217;s done installing stuff, you can immediately start configuring the role.<\/p>\n<p>Start a new farm by installing the first server in a federation server farm. Farm farm farm.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-03.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3742\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-03.png\" alt=\"\" width=\"807\" height=\"587\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-03.png 807w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-03-300x218.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-03-768x559.png 768w\" sizes=\"auto, (max-width: 807px) 100vw, 807px\" \/><\/a><\/p>\n<p>Click next, leave Administrator in there.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-59.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3743\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-59.png\" alt=\"\" width=\"745\" height=\"241\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-59.png 745w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-15-59-300x97.png 300w\" sizes=\"auto, (max-width: 745px) 100vw, 745px\" \/><\/a><\/p>\n<p>Now you need an ssl certificate for your AD FS machine (<strong>CN: dc01.testdomain.local<\/strong>). You CAN buy a comodo (or other) certificate IF your AD FS server has a PUBLICLY accessible name. You HAVE TO roll your own when you run a local domain, we do in this demo, and you probably also do, so we have two choices at this point.<\/p>\n<p>Choice A:<\/p>\n<ul>\n<li>Install Microsoft Certificate Service Role<\/li>\n<li>request a certificate from the IIS console (IIS is a prerequisite for the CA role anyways..)<\/li>\n<li>sign the request using your own CA<\/li>\n<li>complete signing request in IIS<\/li>\n<li>install the certificate<\/li>\n<\/ul>\n<p>Choice B:<\/p>\n<ul>\n<li>be cool<\/li>\n<li>Save time and money<\/li>\n<li>use linux<\/li>\n<\/ul>\n<p><strong>OBVIOUS.<\/strong><\/p>\n<p>Head over to your linux machine and create a cert and a key.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3745\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13.png\" alt=\"\" width=\"1081\" height=\"283\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13.png 1081w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13-300x79.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13-768x201.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-24-13-1024x268.png 1024w\" sizes=\"auto, (max-width: 1081px) 100vw, 1081px\" \/><\/a><\/p>\n<p>Now we need to merge the key and cert into a pfx that Windows can read.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-26-24.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3746\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-26-24.png\" alt=\"\" width=\"827\" height=\"112\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-26-24.png 827w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-26-24-300x41.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-26-24-768x104.png 768w\" sizes=\"auto, (max-width: 827px) 100vw, 827px\" \/><\/a><\/p>\n<p>Transfer the windoze.pfx over to your Windows box. I&#8217;ll just do it like so:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-28-07.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3747\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-28-07.png\" alt=\"\" width=\"606\" height=\"131\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-28-07.png 606w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-28-07-300x65.png 300w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-29-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3748\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-29-12.png\" alt=\"\" width=\"644\" height=\"143\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-29-12.png 644w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-29-12-300x67.png 300w\" sizes=\"auto, (max-width: 644px) 100vw, 644px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-34-53.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3749\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-34-53.png\" alt=\"\" width=\"613\" height=\"210\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-34-53.png 613w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-34-53-300x103.png 300w\" sizes=\"auto, (max-width: 613px) 100vw, 613px\" \/><\/a><\/p>\n<p>\u00a0<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-35-50.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3750\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-35-50.png\" alt=\"\" width=\"493\" height=\"230\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-35-50.png 493w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-35-50-300x140.png 300w\" sizes=\"auto, (max-width: 493px) 100vw, 493px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-24.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3751\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-24.png\" alt=\"\" width=\"640\" height=\"439\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-24.png 640w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-24-300x206.png 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-42.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3752\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-42.png\" alt=\"\" width=\"812\" height=\"672\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-42.png 812w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-42-300x248.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-36-42-768x636.png 768w\" sizes=\"auto, (max-width: 812px) 100vw, 812px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-37-55.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3753\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-37-55.png\" alt=\"\" width=\"566\" height=\"421\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-37-55.png 566w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-37-55-300x223.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/a><\/p>\n<p>Next we have to define a service account. I run as Administrator because I can.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-39-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3754\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-39-12.png\" alt=\"\" width=\"733\" height=\"519\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-39-12.png 733w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-39-12-300x212.png 300w\" sizes=\"auto, (max-width: 733px) 100vw, 733px\" \/><\/a><\/p>\n<p>Next step. Don&#8217;t panic! You don&#8217;t need to install MSSQL now. Use Internal Database, works just as good unless you have a freakin&#8216; lot of users.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-18.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3755\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-18.png\" alt=\"\" width=\"780\" height=\"584\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-18.png 780w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-18-300x225.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-18-768x575.png 768w\" sizes=\"auto, (max-width: 780px) 100vw, 780px\" \/><\/a><\/p>\n<p>Now be proud of yourself and finish the wizard by just clicking next a bunch of times.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-56.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3756\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-56.png\" alt=\"\" width=\"783\" height=\"598\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-56.png 783w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-56-300x229.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-40-56-768x587.png 768w\" sizes=\"auto, (max-width: 783px) 100vw, 783px\" \/><\/a><\/p>\n<h1>Step 9: Configure AD FS<\/h1>\n<p>Now you should see the AD FS Configuration Console in your Start Menu. Go ahead and launch it.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-43-53-1.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3761\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-43-53-1.png\" alt=\"\" width=\"704\" height=\"877\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-43-53-1.png 704w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-43-53-1-241x300.png 241w\" sizes=\"auto, (max-width: 704px) 100vw, 704px\" \/><\/a><\/p>\n<p>First, head to Auth mechanisms and disable everything except for Forms Auth.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-52-44.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3764\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-52-44.png\" alt=\"\" width=\"838\" height=\"539\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-52-44.png 838w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-52-44-300x193.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-52-44-768x494.png 768w\" sizes=\"auto, (max-width: 838px) 100vw, 838px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-07.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3765\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-07.png\" alt=\"\" width=\"474\" height=\"632\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-07.png 474w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-07-225x300.png 225w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-21.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3766\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-21.png\" alt=\"\" width=\"552\" height=\"271\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-21.png 552w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-53-21-300x147.png 300w\" sizes=\"auto, (max-width: 552px) 100vw, 552px\" \/><\/a><\/p>\n<p>That looks better. Now, look at your endpoints and make sure you have the one in blue and it&#8217;s enabled:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-55-30.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3767\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-55-30.png\" alt=\"\" width=\"814\" height=\"263\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-55-30.png 814w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-55-30-300x97.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-11-55-30-768x248.png 768w\" sizes=\"auto, (max-width: 814px) 100vw, 814px\" \/><\/a><\/p>\n<p>Now, we add a Relying Party Trust using the powershell.<\/p>\n<blockquote>\n<p>Add-AdfsRelyingPartyTrust -Name nextcloud -Identifier nextcloud -ProtocolProfile SAML<\/p>\n<p>Set-AdfsRelyingPartyTrust -Targetname nextcloud -EncryptionCertificateRevocationCheck none -SigningCertificateRevocationCheck none<\/p>\n<\/blockquote>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-00-01.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3768\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-00-01.png\" alt=\"\" width=\"864\" height=\"59\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-00-01.png 864w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-00-01-300x20.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-00-01-768x52.png 768w\" sizes=\"auto, (max-width: 864px) 100vw, 864px\" \/><\/a><\/p>\n<p>The Relying Party Trust can now be seen in the graphical console. We need to edit it by double-clicking on it.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-02-05.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3769\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-02-05.png\" alt=\"\" width=\"870\" height=\"355\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-02-05.png 870w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-02-05-300x122.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-02-05-768x313.png 768w\" sizes=\"auto, (max-width: 870px) 100vw, 870px\" \/><\/a><\/p>\n<p>Important things to set are the ENDPOINT and the IDENTIFIER.<\/p>\n<p>First, we set the\u00a0 Identifier to<\/p>\n<blockquote>\n<p>https:\/\/nextcloud.testdomain.local\/nextcloud\/index.php\/apps\/user_saml\/saml\/metadata<\/p>\n<\/blockquote>\n<p>Have a look at my screenshots. &#8222;Bezeichner&#8220; is Identifier in German.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-12-17.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3772\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-12-17.png\" alt=\"\" width=\"423\" height=\"490\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-12-17.png 423w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-12-17-259x300.png 259w\" sizes=\"auto, (max-width: 423px) 100vw, 423px\" \/><\/a><\/p>\n<p>Next: Endpoints (&#8222;Endpunkte&#8220;). Add a SAML Endpoint like so.\u00a0The full string is<\/p>\n<blockquote>\n<p>https:\/\/nextcloud.testdomain.local\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs<\/p>\n<\/blockquote>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-11-47.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3773\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-11-47.png\" alt=\"\" width=\"444\" height=\"514\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-11-47.png 444w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-11-47-259x300.png 259w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><\/a><\/p>\n<p>Click OK. Next, right-click on your Relying Party Trust and configure even more stuff:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3774\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15.png\" alt=\"\" width=\"1128\" height=\"369\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15.png 1128w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15-300x98.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15-768x251.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-13-15-1024x335.png 1024w\" sizes=\"auto, (max-width: 1128px) 100vw, 1128px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-14-29.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3775\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-14-29.png\" alt=\"\" width=\"530\" height=\"566\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-14-29.png 530w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-14-29-281x300.png 281w\" sizes=\"auto, (max-width: 530px) 100vw, 530px\" \/><\/a><\/p>\n<p>\u00a0<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-15-40.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3776\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-15-40.png\" alt=\"\" width=\"906\" height=\"708\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-15-40.png 906w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-15-40-300x234.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-15-40-768x600.png 768w\" sizes=\"auto, (max-width: 906px) 100vw, 906px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-16-42.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3777\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-16-42.png\" alt=\"\" width=\"861\" height=\"670\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-16-42.png 861w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-16-42-300x233.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-16-42-768x598.png 768w\" sizes=\"auto, (max-width: 861px) 100vw, 861px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-42.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3778\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-42.png\" alt=\"\" width=\"985\" height=\"668\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-42.png 985w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-42-300x203.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-42-768x521.png 768w\" sizes=\"auto, (max-width: 985px) 100vw, 985px\" \/><\/a><\/p>\n<p>Final result:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-51.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3779\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-51.png\" alt=\"\" width=\"534\" height=\"594\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-51.png 534w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-12-17-51-270x300.png 270w\" sizes=\"auto, (max-width: 534px) 100vw, 534px\" \/><\/a><\/p>\n<p>Click OK.<\/p>\n<p>Good News: You&#8217;re done on the Windows side.<\/p>\n<h1>Step 10: Configure Nextcloud for AD FS Authentication<\/h1>\n<p>Remember when we left all the fields in the Nextcloud SSO &amp; SAML configuration blank? This is where we configure stuff like so:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3782\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01.png\" alt=\"\" width=\"1143\" height=\"754\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01.png 1143w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01-300x198.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01-768x507.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-48-01-1024x675.png 1024w\" sizes=\"auto, (max-width: 1143px) 100vw, 1143px\" \/><\/a><\/p>\n<p>The most important setting is &#8222;Allow the use of multiple user backends&#8220;. If you don&#8217;t set this, you will ONLY be able to login in via SAML. That means, if anything doesn&#8217;t work (hint: it won&#8217;t, yet) &#8211; you&#8217;re screwed. Check that box NOW.<\/p>\n<p>Also note there is no save button. If your configurator menu says &#8222;Metadata invalid&#8220;, just ignore, navigate away (to your owncloud files for example) and go back to the SAML configurator. The warning should be gone now.<\/p>\n<p>The URLs you type in the boxes are more or less god-given and just tell the owncloud installation where to redirect your clients when they want to sign in via SAML, and whom to trust for auth stuff.<\/p>\n<p>Now.<\/p>\n<p>Whenever AD FS authenticates a user for you, it will carry over a public X.509 certificate. We have to figure that string out, so here&#8217;s what we&#8217;re gonna do.<\/p>\n<p>First, log out.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-55-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3783\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-55-10.png\" alt=\"\" width=\"198\" height=\"252\" \/><\/a><\/p>\n<p>Second, click the new login option:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-56-39.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3784\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-56-39.png\" alt=\"\" width=\"362\" height=\"375\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-56-39.png 362w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-56-39-290x300.png 290w\" sizes=\"auto, (max-width: 362px) 100vw, 362px\" \/><\/a><\/p>\n<p>Don&#8217;t be temped to click it yet. Press F12, and depending on your browser, click the network tab. We have to preserve the entries as the browser navigates away from pages, in Chrome you need to check the &#8222;Preserve log&#8220; checkbox, in IE it&#8217;s this button:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-16-10.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3791\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-16-10.png\" alt=\"\" width=\"248\" height=\"102\" \/><\/a><\/p>\n<p>Now click the SAML login button, Ignore the SSL certificate warning you might get.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-57-32-1.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3792\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-57-32-1.png\" alt=\"\" width=\"619\" height=\"366\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-57-32-1.png 619w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-13-57-32-1-300x177.png 300w\" sizes=\"auto, (max-width: 619px) 100vw, 619px\" \/><\/a><\/p>\n<p>Log in to your domain.<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-00-38.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3787\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-00-38.png\" alt=\"\" width=\"472\" height=\"289\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-00-38.png 472w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-05-14-00-38-300x184.png 300w\" sizes=\"auto, (max-width: 472px) 100vw, 472px\" \/><\/a><\/p>\n<p>You will be presented with an error saying &#8222;Account not provisioned&#8220;, but that&#8217;s perfectly OK.<\/p>\n<p>In your browsers network tab, locate the POST request against your nextcloud server vor resource &#8222;acs&#8220; as shown below:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3794\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12.png\" alt=\"\" width=\"1392\" height=\"918\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12.png 1392w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12-300x198.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12-768x506.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-12-1024x675.png 1024w\" sizes=\"auto, (max-width: 1392px) 100vw, 1392px\" \/><\/a><\/p>\n<p>Scroll down, copy the SAML Response Form data (it MUST end with == signs) and paste to a base64 decoder (you can find plenty of &#8218;em online).<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3795\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54.png\" alt=\"\" width=\"1903\" height=\"917\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54.png 1903w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54-300x145.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54-768x370.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-20-54-1024x493.png 1024w\" sizes=\"auto, (max-width: 1903px) 100vw, 1903px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-51.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3796\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-51.png\" alt=\"\" width=\"718\" height=\"700\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-51.png 718w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-21-51-300x292.png 300w\" sizes=\"auto, (max-width: 718px) 100vw, 718px\" \/><\/a><\/p>\n<p>Now, in your favourite text editor, dissect the oneliner and search for the content of the<\/p>\n<blockquote>\n<p>&lt;ds:X509Certificate&gt;<\/p>\n<p>&lt;\/ds:X509Certificate&gt;<\/p>\n<\/blockquote>\n<p>Block. It should (?) start with MII&#8230;<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3797\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05.png\" alt=\"\" width=\"1854\" height=\"968\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05.png 1854w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05-300x157.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05-768x401.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-56-05-1024x535.png 1024w\" sizes=\"auto, (max-width: 1854px) 100vw, 1854px\" \/><\/a><\/p>\n<p>Copy that over so you&#8217;re only left with that text.<\/p>\n<p>Now, back to the nextcloud SSO configuration (log in as LOCAL user with administrative privileges), enter the string into the corresponding field as shown below:<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3798\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16.png\" alt=\"\" width=\"829\" height=\"826\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16.png 829w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16-150x150.png 150w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16-300x300.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-08-59-16-768x765.png 768w\" sizes=\"auto, (max-width: 829px) 100vw, 829px\" \/><\/a><\/p>\n<p>Now log out from nextcloud. Try logging in again from &#8222;SSO &amp; SAML Login&#8220;. Cross your fingers, aaaand&#8230;..<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-01-57.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3799\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-01-57.png\" alt=\"\" width=\"487\" height=\"292\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-01-57.png 487w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-01-57-300x180.png 300w\" sizes=\"auto, (max-width: 487px) 100vw, 487px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-16-1.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3801\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-16-1.png\" alt=\"\" width=\"506\" height=\"423\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-16-1.png 506w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-16-1-300x251.png 300w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3802\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49.png\" alt=\"\" width=\"1220\" height=\"622\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49.png 1220w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49-300x153.png 300w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49-768x392.png 768w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/Bildschirmfoto-von-2018-04-06-09-02-49-1024x522.png 1024w\" sizes=\"auto, (max-width: 1220px) 100vw, 1220px\" \/><\/a><\/p>\n<h1>Some hints<\/h1>\n<ul>\n<li>AD Users are shown\/created over in nextcloud as soon as they Log In (!) for the first time.<\/li>\n<li>Leave regular login enabled and keep a local administrator, just in case you lose SAML connectivity for some reason.<\/li>\n<li>Secure your SAML Endpoint by a firewall! Do it NOW!<\/li>\n<li>UN WINDOWS UPDATES, all of them, on a regular basis!<\/li>\n<li><strong>\/var\/www\/html\/nextcloud\/data\/nextcloud.log<\/strong> is your friend. It logs all the SAML things.<\/li>\n<\/ul>\n<h1>Update #1<\/h1>\n<p>On 2019-05-21, Sebastian G. added that he was able to add the email addresses to the nextcloud trust. This screenshot shows how he achieved this. Thanks, Sebastian!<\/p>\n<p><a href=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/image001.png\" rel=\"lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4069\" src=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/image001.png\" alt=\"\" width=\"549\" height=\"590\" srcset=\"https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/image001.png 549w, https:\/\/rephlex.de\/blog\/wp-content\/uploads\/2018\/04\/image001-279x300.png 279w\" sizes=\"auto, (max-width: 549px) 100vw, 549px\" \/><\/a><\/p>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Disclaimer: This article is LONG. What you&#8217;re about to do is complicated. Read the stuff between the screenshots. It&#8217;s mostly commented screenshots, really. Works for me &#8482;. If it does not work for you, drop me an email or add a comment down below. I&#8217;ll answer within minutes, usually. I can&#8217;t be blamed. I can&#8217;t [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15,4],"tags":[486,487,482,477,489,488,490,491,162,40,479,492,435,474,475,476,43,480,484,478,483,471,47,485,481,67],"class_list":["post-3687","post","type-post","status-publish","format-standard","hentry","category-produktionen","category-techtalk","tag-ad-fs","tag-adfs","tag-apache","tag-auth","tag-dc","tag-domain","tag-domain-controller","tag-federation","tag-howto","tag-linux","tag-login","tag-losing-your-sanity","tag-mariadb","tag-nextcloud","tag-owncloud","tag-saml","tag-server","tag-single-sing-on","tag-ssl","tag-sso","tag-token","tag-tutorial","tag-ubuntu","tag-user_saml","tag-webserver","tag-windows"],"_links":{"self":[{"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/posts\/3687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/comments?post=3687"}],"version-history":[{"count":31,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/posts\/3687\/revisions"}],"predecessor-version":[{"id":4070,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/posts\/3687\/revisions\/4070"}],"wp:attachment":[{"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/media?parent=3687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/categories?post=3687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rephlex.de\/blog\/wp-json\/wp\/v2\/tags?post=3687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}