Changes

Roland Alton · 7356d5ea
--- a/Configuring-KeyCloak-and-Clients.md
+++ b/Configuring-KeyCloak-and-Clients.md
-## fairlogin
-
-Login with a user that has admin role at https://id.fairkom.net/auth/  and change to realm fairlogin.
-
-https://www.keycloak.org/documentation.html
-
-### SAML
-
-List SAML descriptor https://id.fairkom.net/auth/realms/fairlogin/protocol/saml/descriptor
-
-### OpenID
-
-Find all endpoints here https://id.fairkom.net/auth/realms/fairlogin/.well-known/openid-configuration
-
-```
-https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/token
-https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/userinfo
-https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/auth
-```
-
-How to [add rocket.chat as OIDC client](openid-connect-with-rocketchat)
-
-For **wordpress** use the plugins https://github.com/oidc-wp/openid-connect-generic with https://github.com/timnolte/oidc-keycloak-sso and as OpenID scope `email openid profile`.
-
-### Identity Provider
-
-Add an oAuth ISP (such as eID #117) and set in Keycloak the oAuth Identity Provider Client ID just to a simple name (not a URL) and use that when registering your Keycloak based service.
-
-### Federate Keycloaks
-
-Add a Keycloak identity provider in your Keycloak realm.
-
-Import the OpenID SSO profile from the other Keycloak IdP https://sso.fwf.ac.at/auth/realms/sso/.well-known/openid-configuration (import URL).
-
-Add OIDC client in the other Keycloak IdP, change to secret and copy id (federateX-fairlogin) and secret to fairlogin Keaycloak.
-
-Disable e-mail verification, if your federated Keycloak is trusted to already do so. 
-
+## fairlogin
+
+Login with a user that has admin role at https://id.fairkom.net/auth/  and change to realm fairlogin.
+
+https://www.keycloak.org/documentation.html
+
+### SAML
+
+List SAML descriptor https://id.fairkom.net/auth/realms/fairlogin/protocol/saml/descriptor
+
+### OpenID
+
+Find all endpoints here https://id.fairkom.net/auth/realms/fairlogin/.well-known/openid-configuration
+
+```
+https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/token
+https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/userinfo
+https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/auth
+```
+
+How to [add rocket.chat as OIDC client](openid-connect-with-rocketchat)
+
+#### wordpress
+
+plugins https://github.com/oidc-wp/openid-connect-generic with https://github.com/timnolte/oidc-keycloak-sso and as OpenID scope `email openid profile`
+
+#### nextcloud
+
+Install app OIDC Connect (user_oidc). Enter discover endpoint https://key.domain.net.net/auth/realms/sso/.well-known/openid-configuration
+
+To make logout work use the backchannel logout link shown on the OIDC nextcloud app and de-activate in the Keycloak client setting  `Backchannel logout session required` (see also https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/90)
+
+### Identity Provider
+
+Add an oAuth ISP (such as eID #117) and set in Keycloak the oAuth Identity Provider Client ID just to a simple name (not a URL) and use that when registering your Keycloak based service.
+
+### Federate Keycloaks
+
+Add a Keycloak identity provider in your Keycloak realm.
+
+Import the OpenID SSO profile from the other Keycloak IdP https://sso.fwf.ac.at/auth/realms/sso/.well-known/openid-configuration (import URL).
+
+Add OIDC client in the other Keycloak IdP, change to secret and copy id (federateX-fairlogin) and secret to fairlogin Keaycloak.
+
+Disable e-mail verification, if your federated Keycloak is trusted to already do so. 
+