I’m currently integrating Keycloak with ownCloud using the OpenID
Connect Login app. The setup works for authentication, but I’m facing
an issue with group synchronization. Specifically, users are not being
automatically assigned to groups in ownCloud based on their group
membership in Keycloak.
Current Setup:
Keycloak Configuration:
Realm ID: owncloud-realm
Group Membership Mapper:
Token Claim Name: groups
Full Group Path: Disabled
Added to ID Token and Access Token: Yes
Users are correctly assigned to the Cyber Technology group in Keycloak.
ownCloud Configuration (config.php):
‘openid-connect’ => [
‘group-sync’ => [
‘enabled’ => true,
‘groups-claim’ => ‘groups’,
‘groups-realm’ => ‘owncloud-realm’, //
],
],
Expected Behavior:
When users log in via Keycloak, their group membership (e.g., Cyber
Technology) should sync with ownCloud, and they should be
auto-provisioned into the same group.
What Works:
Authentication via Keycloak works fine.
Users can log in to ownCloud without issues.
What Doesn’t Work:
Group synchronization does not happen.
Users are not being assigned to their respective groups in ownCloud.
Troubleshooting Steps Tried:
Verified the Keycloak Token:
The token includes the correct groups claim:
“groups”: [“Cyber Technology”]
Full group path is disabled.
Configured the groups-claim in ownCloud’s config.php file to match the
claim name in Keycloak.
Tested with and without groups-realm in config.php.
Checked ownCloud logs:
No errors related to group synchronization were found.
Logs do not indicate any attempt to auto-provision groups.
Confirmed that the Cyber Technology group exists in ownCloud.