Differences

This shows you the differences between two versions of the page.

--- linux:nextcloud [2025/03/18 09:30] – [NextCloud] jansen
+++ linux:nextcloud [2025/08/27 12:53] (current) – [App passwords] jansen
@@ Line 6: / Line 6: @@
 The **Online Accounts** is supported for some major desktops, such as Gnome, Cinnamon and KDE Plasma.
-===== Enable NextCloud in a file manager =====
+====== Nextcloud two-factor authentication ======
+We are moving towards adding two-factor authentication to our nextcloud server
+Users will now see a button below the login form, labeled "STRW Identity provider".
+If you are a **new user**, without an existing nextcloud account on our server, click there, and you will be directed to the ''keycloak'' login window, and once authenticated, an account in nextcloud is made, connected to the strw account. Or, if you were already logged in (eg for webmail or intraneet), you will only see you are immediately logged in to your new nextcloud account.
+__However__, for **existing users** who already have an account in nextcloud, this is not the right way, since the procedure outlined above creates a new user account. So, if an account already exists with your e-mail address, an error message will be shown, and the system will prevent you from accidentally creating a new account, overwriting your old one (and loosing any files).
+{{ :linux:nextcloud-sociallogin-usersettings.png?400|}}
+So, the correct way for existing users, is to login as usual without 2FA, and then go to your own profile menu, and open the settings page. In the "Social login" entry, the user can see the "STRW Identity provider" under "Available providers". Clicking that button will bring them to the keycloak login page, and once authenticated there, the existing account in nextcloud is connected to the strw account in keycloak. When the user already happens to be logged in through keycloak, they will immediately see the identity provider button here.
+From then on, the user can use the "STRW Identity provider" button on the nextcloud login page to log in through keycloak (or be logged in immediately if already logged in to another keycloak-enabled site)
+We will give users sufficient time to do these setup steps before we disable the simple login without two-factor code. But the plan is, to allow only two-factor logins on the website some time next year (2026, to be announced).
+===== App passwords =====
+Since not all apps and file managers have a way to ask for the 2nd authentication factor, and since it is rather inconvenient to generate a 6-digit code every time you connect the app, Nextcloud supports "app passwords", which take the place of your actual password, but they only work for an app or program, and not for full access to the site.
+{{:linux:nextcloud-app-passwords-1.png?400 |}}
+To  generate an app password, log in on the nextcloud site, click on your profile name or picture (top right corner, it will show your initials or a chosen picture). From the menu, select "personal settings" and then "security".
+There might be a short or long list of previous sessions; below that at the bottom of the page, is a field "App name" with a button "Create new app password" next to it. Simply type a name in the "App name" field and click the button.
+Now a window will pop up showing the generated password. Either type this into the password field of the app you are configuring (eg the Linux desktop "Online Accounts" preferences dialog), or press the button to display a QR code, which can be scanned into mobile apps, such as the Nextcloud app on Android or iOS.
+By the way, the "personal settings" menu also has an entry called "Mobile & desktop" which has the links to these mobile apps
+===== Enable NextCloud in a file manager =====
 ==== Create Online Account ====
@@ Line 16: / Line 39: @@
 {{ :linux:nextcloud-account-1.png?nolink&400 |}}
+Alternatively, and probably better now that we are moving towards two-factor authentication for nextcloud, one can generate an "app password" from the web interface of nextcloud, and use that password here in stead of your actual password.
@@ Line 23: / Line 48: @@
 After succefully creating an Online Account for NextCloud, you must be able to use your file manager to access your files. It will be shown on the left pane of the file manager window.
-===== Enable OwnCloud in a file manager =====
-For OwnCloud you can repeat the steps for NextCloud except that it does not require to bypass the 2FA, so you can skip that step and use your Sterrewacht credentials when creating an Online Account. You will need to use the NextCloud button in the **Online Accounts** and https://owncloud.strw.leidenuniv.nl/ as a server.
@@ Line 33: / Line 54: @@
 In case you get a window with a request to enter your keyring password and you can't skip it, provide the password. If you don't know the password you will need to disable it for this session. For this open **Passwords and Keys** application and delete the record with name **Login** (right click). It will be recreated during your next login.
+====== Nextcloud desktop app ======
+Our Linux workstations also have a Nextcloud desktop app installed; this is a different method to work with nextcloud, so you can use this in stead of the Online Accounts method.
+This app can be found in the desktop menu. Open it, and it will add an icon to the panel or notification area of your desktop. The first time you run the app, it will pop up a configuration screen (which can be accessed later with a right-click on the icon and selecting "settings").
-===== Optional: Bypass 2FA =====
+This app is different than the online accounts method: it synchronizes your nextcloud account with a local directory. As with many Linux apps, the default location will be in your home directory, and of course, there will not be sufficient space for that. Luckily, you can select the location where you want the synchronization to take place once you have completed the setup. Alternatively, you can move the folder to a data disk and make a symbolic link to this location:
+  mv $HOME/Nextcloud /net/computername/data2/yourname/Nextcloud
-NextCloud provides a way to bypass two-factor authentication. Open NextCloud in your browser by clicking https://nextcloud.strw.leidenuniv.nl/ , login and in the top right corner click on the menu button with your initials.
+  ln -s /net/computername/data2/yourname/Nextcloud $HOME/Nextcloud
+This should be done when the app is not running, and of course, fill in the computername and username in stead of literally copying this example.
-{{ :linux:nextcloud-web-menu.png?nolink&400 |}}
-Click on the **Settings** and on the new page click on **Security** tab. You should see a page like the following:
-{{ :linux:nextcloud-security-settings.png?nolink&600 |}}
-On this page click on the **Add WebAuthn Device**. You may be asked for a password and the device name. Then it will display a window with your user name and a pass phrase. You may want to store those somewhere, although they are not used anywhere explicitly. If you use a password manager in your browser, it may ask you to generate a Passkey.
-Now you must be ready for the next step.

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools