Nextcloud SSO with Keycloak

This documents how I configured Nextcloud to use Single Sign-on leveraging Keycloak as the identity provider. There is official documentation for a Nextcloud-Keycloak integration, but it is behind Nextcloud's paywall.... I found several other guides, some directly conflicting with each other, but piecing them together has produced a working solution.

On to getting things working:

Nextcloud configuration

Global Settings

First, ensure that you do not lock yourself out of your Nextcloud instance while configuring SSO! Set the "Global Settings" to allow multiple back-ends.

Global

Service Provider Data

Provide a certificate for request signing. This is not publicly seen; it is only …

more ...