SecSign ID Plugin: NextCloud

2017-10-26 5 minutes to read
Tutorial Index

Protect your NextCloud Account with secure authentication

Use SecSign ID NextCloud two factor authentication for your NextCloud account to securely protect all your data in the cloud. Works for iOS or Android mobile devices as well as for desktop.

NextCloud offers convenient cloud storage for all kinds of data, both for small scale and big scale operations. With end-to-end encryption and customized choice of server it provides next-level protection for important data. By adding SecSign ID Two-Factor Authentication the login is protected from hacker attacks while offering a convenient login experience for the user.

Questions? Feel free to get in touch with us if you need help setting up your SecSign ID plugin or to request a plugin for a not yet supported environment.

Integration in your setup

Integration of the plugin into your setup

SecSign ID Integration

Please configure your desired integration of the SecSign ID Two Factor Authentication

Choose a system, where you want to add the secure login

Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you

The location to save the assigned SecSign IDs to a user account or the IDM alltogether

System to protect
The System you want to protect - Choose a system, where you want to add the secure login
SecSign ID Server location
Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you
User account location
The system to save the assigned SecSign IDs to a user account or the IDM alltogether
edit the settings to change the integration
2FA blind
2FA no AP
2SA no AP
2SA blind
Custom ID
IDP Custom Website
Enrollment initiated by SP
Enrollment with IDM
Show Network
Hide Network
Request Solution
The authentication was successful


To integrate the SecSign ID Two-Factor Authentication with NextCloud you first need to setup an account with NextCloud and decide, where you want the server to be based off. More information on server options are available on the NextCloud website.

You also need access to the SecSign ID administrative panel. If you need assistance managing your administrative account please contact us.

Edit NextCloud Settings

Edit NextCloud Settings

In the NextCloud admin web site open the Apps dialog and select “Authentication & Authorization” from the list. Enable “SSO & SAML authentication”.

In the NextCloud admin web site open the SSO & SAML authentication dialog.
Select “Use build-in SAML authentication”.

Adjust IdP settings

Adjust IdP settings

Enter “uid” (without the quotes) as attribute to map the UID to. Then enter the Identifier of the IdP entity. It consists of the URL of the SecSign ID admin web site plus “/SAML_Login”.
For Example:

Enter the same URL also as URL Target of the IdP where the SP will send the Authentication Request Message.
Then Select “Show optional Identity Provider settings …” Paste the PEM encoded certificate which you have configured to sign SAML responses in the SecSign ID Server as “Public X.509 certificate of the IdP”.
PEM encoding starts with “—–BEGIN CERTIFICATE—–“.
Click at “Download metadata XML”. Open the meta data XML file in a browser or a text editor.

Edit SecSign ID Settings

Edit SecSign ID Settings

Open the “SAML Service Provider” dialog in the SecSign admin web site and click at “Create new SAML response attribute”. Enter “uid” (without the quotes) as name in SAML response. Leave Format empty.
Select “SecSign ID Server” as Attribute Store and “SecSign ID” as Source attribute and save.

Select “New SAML service provider” and choose a name. For example: NextCloud. Select “SecSign ID Server” as NameID Attribute Store and select “SecSign ID” as NameID source attribute.
Leave NameID format empty.
Copy the URL from entityID from the metadata file to the “Service Provider Issuer” text field in the SecSign admin dialog.

Copy the URL from AssertionConsumerService in the metadata file to the “SAML response URL” text field in the SecSign admin dialog.

Leave RelayState, Audience Restriction and Auth Context empty.
Choose the user group to sign the SAML responses. For example: SAML response signers.
Select “Server selects” for Hash algorithm and “Server selects” for PSS padding. Select the SAML attribute “secsignid: from SecSign ID Server (uid)” and Save.

Test Login

Test Login

Keep the browser showing the NextCloud admin web site session open! Use another browser to test the NextCloud log-in. If it fails use the still open first browser to display the “Logging” dialog of NextCloud and see the error message.

We offer SAML solutions for any setup – tailored for your needs

Do you have a service that needs SAML two-factor authentication protection? You didn’t find any information about your setup? We offer custom solutions for almost any SAML setup. Message us for a fast and convenient solution for your service.

    Do you intend to operate the SecSign ID Two-Factor Authentication server On-Premise or in the cloud?

    Your own ID-Server

    On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.

    Learn More
    On Premise 2FA ID

    Latest Blog Posts, Updates & Features

    SecSign ID Server passed FIDO Certification

    We are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your exi ...

    Mehr Lesen

    Two-Factor Authentication with Fido2 / WebAuth

    The FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...

    Mehr Lesen

    Protecting the Home Office VPN with 2FA

    In the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...

    Mehr Lesen
    SecSign 2FA