Example Setup Using Kopano Konnect
Kopano Konnect is an OpenID Connect provider (IdP) that directly integrates a Web login and consent form. It brings support for both OpenID Connect (OIDC) and Open Authentication (OAuth 2.0). In addition to the easier integration with third-party applications, Kopano Konnect will also provide the authentication part for the Kopano RestAPI and clients consuming it.
Setup and Configuration
The sections below will explain these areas and provide configuration examples using Kopano Konnect as the external identity provider.
For the configuration examples, let’s assume we have:
ownCloud Server available as
Kopano Konnect available as
Set Up and Configure Kopano
To get your identity provider running and ready to be used with ownCloud, you have to obtain Kopano Konnect and run it with a set of configuration values which can be provided as environment variables. See the Kopano Konnect documentation for details.
Specifically, you have to:
Provide basic configuration.
Set up a reverse proxy to expose the routes required to connect to Kopano Konnect. You’ll find instructions in the Kopano Konnect documentation.
Register the ownCloud clients.
Kopano Konnect can be set up via Docker. Images are available on Docker Hub (
Configure ownCloud Server
To set up ownCloud Server to work with OpenID Connect, you have to:
Install the OpenID Connect App
Set up service discovery
|It is recommended to first figure out all configurations on a test system and to bring it to the production system once it’s proven to work. Enabling the OpenID Connect app on the production system should be the last step in this process as it will then advertise OpenID Connect to all clients.|
List of OpenID Connect config.php Parameters
Follow this link to read more about the OIDC config.php parameters available to configure OpenID Connect on ownCloud Server.
An example snippet that can be added to
config.php is shown below.
'openid-connect' => [ 'provider-url' => 'https://idp.example.com', 'client-id' => '<owncloud-server-client-id>', 'client-secret' => '<owncloud-server-client-secret>', 'loginButtonName' => 'Kopano', 'autoRedirectOnLoginPage' => false, // change this to 'email' if necessary (see identity provider configuration) 'mode' => 'userid', // change this to suit your environment (see identity provider configuration) 'search-attribute' => 'preferred_username' ],
Register ownCloud Clients
To allow the ownCloud clients (Web/Desktop/Android/iOS) to interact with the identity provider, you have to register them as clients. In the case of Kopano Konnect, you can do this using Konnect’s
identifier-registration.yaml. The default values for the regular ownCloud clients are shown below. Other environments might require a different set of values.
Client IDs, Secrets and Redirect URIs
Use the data provided in the ownCloud Desktop and Mobile Clients section.