From 3b421a9deda5b7d08fdb89a0581897ca53a972fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Bores?= <bores@bjalbor.com>
Date: Sat, 8 Feb 2025 17:35:43 +0100
Subject: [PATCH 1/2] fix: changed fqdn

---
 docker/configs/keycloak/Example-realm.json | 22 +++++++++++-----------
 docs/services/sso.md                       |  4 ++--
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/docker/configs/keycloak/Example-realm.json b/docker/configs/keycloak/Example-realm.json
index cb2cb2ea..18a0bc4a 100755
--- a/docker/configs/keycloak/Example-realm.json
+++ b/docker/configs/keycloak/Example-realm.json
@@ -511,7 +511,7 @@
         "containerId" : "6b350bb7-8ea6-438b-be38-fb58f6523f45",
         "attributes" : { }
       } ],
-      "http://nextcloud.dev.local/index.php/apps/user_saml/saml/metadata" : [ ]
+      "http://nextcloud.local/index.php/apps/user_saml/saml/metadata" : [ ]
     }
   },
   "groups" : [ ],
@@ -689,15 +689,15 @@
     "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
   }, {
     "id" : "555c2809-b153-4cf4-8bb1-a6306e5179c7",
-    "clientId" : "http://nextcloud.dev.local/index.php/apps/user_saml/saml/metadata",
-    "adminUrl" : "http://keycloak.dev.local/auth/realms/Example",
+    "clientId" : "http://nextcloud.local/index.php/apps/user_saml/saml/metadata",
+    "adminUrl" : "http://keycloak.local/auth/realms/Example",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
     "secret" : "FipRMpAHMklMkZtbQfAKkUhxe7gkRZzR",
-    "redirectUris" : [ "http://nextcloud.dev.local/index.php/apps/user_saml/saml/acs" ],
-    "webOrigins" : [ "http://nextcloud.dev.local" ],
+    "redirectUris" : [ "http://nextcloud.local/index.php/apps/user_saml/saml/acs" ],
+    "webOrigins" : [ "http://nextcloud.local" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,
@@ -713,12 +713,12 @@
       "client.secret.creation.time" : "1670752721",
       "saml.force.post.binding" : "true",
       "post.logout.redirect.uris" : "+",
-      "saml_assertion_consumer_url_post" : "http://nextcloud.dev.local/index.php/apps/user_saml/saml/acs",
+      "saml_assertion_consumer_url_post" : "http://nextcloud.local/index.php/apps/user_saml/saml/acs",
       "saml.server.signature" : "true",
       "saml.server.signature.keyinfo.ext" : "false",
       "saml.signing.certificate" : "MIICvjCCAaYCCQDS+w+GXVpJsDANBgkqhkiG9w0BAQsFADAhMQswCQYDVQQGEwJERTESMBAGA1UECgwJZGV2LmxvY2FsMB4XDTIyMTIxMDA1MjgxMloXDTIzMDEwOTA1MjgxMlowITELMAkGA1UEBhMCREUxEjAQBgNVBAoMCWRldi5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOXPQ1YfI0aNUJEVdqFprGGtVMCZ5WIQsk7elS2KqljCHFX6eqpFR8FrQoZgcDVsi4zjX85bAdCPAW2ikfk5hNOypeJx1WSr7mtg/60p0m/T5Lim4QBCyItSARYulV9KYEijIYadTiFQJRE0PJKijlyOZ69FRt3lG+3vqE5xgQc+ZA59Pex7fB/R9jWwORxRMrzZQDP7cvKkvOlq13mR5WbCQkLXG0n6Fd2/Av27TNEP8gkITUlkrv7DkKoHcBRpUGLBuod+C/GM9aZYXxtlIStyIkz27ulsU7+VdNympFkEL+vzRrptW/S0C0RT4xKBbFeA+pCwgoIMeJsnBaAP2OkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAOJ3+a1d06LN83gh3iNEvwWNudKVPi7MvyltW2WVBzQBoN2wCYC0crl7PRxXqACvpw2nE2qZaJ0KrrbVWUVMf2lAwRKk4g2F3WcwBjqakWwWEgIDuocLt1WX5nHbI6hb9E2jAwa8wpYbAiRQF5HnZGxI+1ZXKROZvhOPIiAVTv4jTPGr5lgxJ1lKqnVRfKIHZlPWPFGTmuwSkuq+9lwqp/HdCOIiV54c5yi0XBMvEjLhqoE5cxSVNswLF7thD7B2E1NTpyH83Z7rHtK/HDHinUVfOTKhnt15JAf2I2zwh9HErW/Bz4zQlmmBL0uMpgOjTix9h55p2JMuM7/Bd7ng2Dg==",
       "saml.artifact.binding.identifier" : "0TDhGxUTNYmRM8Yd/PcR55vLtAs=",
-      "saml_single_logout_service_url_redirect" : "http://nextcloud.dev.local/index.php/apps/user_saml/saml/sls",
+      "saml_single_logout_service_url_redirect" : "http://nextcloud.local/index.php/apps/user_saml/saml/sls",
       "saml.signature.algorithm" : "RSA_SHA256",
       "saml_force_name_id_format" : "false",
       "saml.client.signature" : "true",
@@ -775,15 +775,15 @@
   }, {
     "id" : "a7bab497-e991-491b-aae2-785f049cf361",
     "clientId" : "nextcloud",
-    "rootUrl" : "https://nextcloud.dev.local",
-    "adminUrl" : "https://nextcloud.dev.local",
+    "rootUrl" : "http://nextcloud.local",
+    "adminUrl" : "http://nextcloud.local",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
     "secret" : "09e3c268-d8bc-42f1-b7c6-74d307ef5fde",
-    "redirectUris" : [ "https://nextcloud.dev.local/*" ],
-    "webOrigins" : [ "https://nextcloud.dev.local" ],
+    "redirectUris" : [ "https://nextcloud.local/*", "http://nextcloud.local/*" ],
+    "webOrigins" : [ "https://nextcloud.local", "http://nextcloud.local" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,
diff --git a/docs/services/sso.md b/docs/services/sso.md
index 23285be7..e06a0b46 100644
--- a/docs/services/sso.md
+++ b/docs/services/sso.md
@@ -4,8 +4,8 @@
 ## [Keycloak](https://www.keycloak.org/)
 
 - Keycloak is using LDAP as a user backend (make sure the LDAP container is also running)
-- `occ user_oidc:provider Keycloak -c nextcloud -s 09e3c268-d8bc-42f1-b7c6-74d307ef5fde -d http://keycloak.dev.local/auth/realms/Example/.well-known/openid-configuration`
-- <http://keycloak.dev.local/auth/realms/Example/.well-known/openid-configuration>
+- `occ user_oidc:provider Keycloak -c nextcloud -s 09e3c268-d8bc-42f1-b7c6-74d307ef5fde -d http://keycloak.local/auth/realms/Example/.well-known/openid-configuration`
+- <http://keycloak.local/auth/realms/Example/.well-known/openid-configuration>
 - nextcloud
 - 09e3c268-d8bc-42f1-b7c6-74d307ef5fde
 

From de87633a33e5001e2d815bdb36c24ba0cd044334 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Bores?= <bores@bjalbor.com>
Date: Sat, 8 Feb 2025 17:35:43 +0100
Subject: [PATCH 2/2] fix: Correct discovery endpoint docs: Beautify section
 keycloak

closes #378
---
 docs/services/sso.md | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/docs/services/sso.md b/docs/services/sso.md
index e06a0b46..51ab0b46 100644
--- a/docs/services/sso.md
+++ b/docs/services/sso.md
@@ -3,11 +3,18 @@
 
 ## [Keycloak](https://www.keycloak.org/)
 
-- Keycloak is using LDAP as a user backend (make sure the LDAP container is also running)
-- `occ user_oidc:provider Keycloak -c nextcloud -s 09e3c268-d8bc-42f1-b7c6-74d307ef5fde -d http://keycloak.local/auth/realms/Example/.well-known/openid-configuration`
-- <http://keycloak.local/auth/realms/Example/.well-known/openid-configuration>
-- nextcloud
-- 09e3c268-d8bc-42f1-b7c6-74d307ef5fde
+```
+docker compose up -d keycloak ldap
+```
+
+Keycloak is using LDAP as a user backend (make sure the LDAP container is also running)
+- Discovery endpoint: <http://keycloak.local/realms/Example/.well-known/openid-configuration>
+- Client ID: nextcloud
+- Client Secret: 09e3c268-d8bc-42f1-b7c6-74d307ef5fde
+
+```
+docker compose exec nextcloud /bin/bash -c 'occ user_oidc:provider Keycloak -c nextcloud -s 09e3c268-d8bc-42f1-b7c6-74d307ef5fde -d http://keycloak.local/realms/Example/.well-known/openid-configuration'
+```
 
 ## SAML