Skip to content

Latest commit

 

History

History
115 lines (93 loc) · 3.7 KB

index.md

File metadata and controls

115 lines (93 loc) · 3.7 KB
Raw
title description summary date draft images weight toc community seo
Seafile
Integrating Seafile with the Authelia OpenID Connect 1.0 Provider.
2022-06-15 17:51:47 +1000
false
620
true
true
title description canonical noindex
false

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://seafile.example.com/
  • Authelia Root URL: https://auth.example.com/
  • Client ID: seafile
  • Client Secret: insecure_secret

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with Seafile which will operate with the application example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'seafile'
        client_name: 'Seafile'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        redirect_uris:
          - 'https://seafile.example.com/oauth/callback/'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'

Application

Important Note: The Seafile's WebDAV extension does not support OAuth bearer at the time of this writing.

Configure Seafile to use Authelia as an OpenID Connect 1.0 Provider.

  1. Seafile may require some dependencies such as requests_oauthlib to be manually installed. See the Seafile documentation in the see also section for more information.

  2. Edit your Seafile seahub_settings.py configuration file and add the following:

ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "seafile"
OAUTH_CLIENT_SECRET = "insecure_secret"
OAUTH_REDIRECT_URL = 'https://seafile.example.com/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'auth.example.com'
OAUTH_AUTHORIZATION_URL = 'https://auth.example.com/api/oidc/authorization'
OAUTH_TOKEN_URL = 'https://auth.example.com/api/oidc/token'
OAUTH_USER_INFO_URL = 'https://auth.example.com/api/oidc/userinfo'
OAUTH_SCOPE = [
    "openid",
    "profile",
    "email",
]
OAUTH_ATTRIBUTE_MAP = {
    "email": (True, "email"),
    "name": (False, "name"),
    "id": (False, "not used"),
}

# Optional
#ENABLE_WEBDAV_SECRET = True

Optionally, enable webdav secrets so that clients that do not support OAuth 2.0 (e.g., davfs2) can login via basic auth.

See Also