This documents how I configured Nextcloud to use Single Sign-on leveraging Keycloak as the identity provider. There is official documentation for a Nextcloud-Keycloak integration, but it is behind Nextcloud's paywall.... I found several other guides, some directly conflicting with each other, but piecing them together has produced a working solution.
On to getting things working:
First, ensure that you do not lock yourself out of your Nextcloud instance while configuring SSO! Set the "Global Settings" to allow multiple back-ends.
Service Provider Data
Provide a certificate for request signing. This is not publicly seen; it is only …more ...