diff --git a/dd-apps/docker/nextcloud/saml.sh b/dd-apps/docker/nextcloud/saml.sh
index 4dbd522..f4484ad 100755
--- a/dd-apps/docker/nextcloud/saml.sh
+++ b/dd-apps/docker/nextcloud/saml.sh
@@ -10,7 +10,8 @@ fi
 idp_entityid="https://sso.${DOMAIN}/auth/realms/master"
 idp_sso_url="${idp_entityid}/protocol/saml"
 ## This one has no PEM headers or newlines
-idp_x509cert="$(curl -s "${idp_entityid}" | sed -E 's!.*public_key":"([^"]+)".*!\1!')"
+idp_x509cert="$(curl -s "${idp_entityid}/protocol/openid-connect/certs" | sed -E 's!.*RS256[^}]*x5c":\["([^"]+)".*!\1!')"
+
 ## PEM format
 sp_x509cert="$(cat /saml/public.crt)"
 ## PEM format