mirror of https://github.com/authelia/authelia.git
2.8 KiB
2.8 KiB
| title | description | summary | date | draft | images | menu | integration | parent | weight | toc | support | seo | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Seafile | Trusted Header SSO Integration for Seafile | 2022-08-26T11:34:56+10:00 | false | trusted-header-sso | 420 | true |
|
|
Introduction
This is a guide on integration of Authelia and Seafile via the trusted header SSO authentication.
As with all guides in this section it's important you read the introduction first.
Tested Versions
- Authelia:
- v4.35.5
- Seafile Server:
- 9.0.4
Before You Begin
This example makes the following assumptions:
- Application Root URL:
https://seafile.{{< sitevar name="domain" nojs="example.com" >}}/ - Authelia Root URL:
https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/ - User Email Domain:
@{{< sitevar name="domain" nojs="example.com" >}}
Some of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
Configuration
To configure Seafile to trust the Remote-User and Remote-Email header do the following:
- Configure
seahub_settings.pyand adjust the following settings:
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address,
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@{{< sitevar name="domain" nojs="example.com" >}}.
REMOTE_USER_DOMAIN = '{{< sitevar name="domain" nojs="example.com" >}}'
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
# Optional, map user attribute in HTTP header and Seafile's user attribute.
REMOTE_USER_ATTRIBUTE_MAP = {
'HTTP_REMOTE_NAME': 'name',
'HTTP_REMOTE_EMAIL': 'contact_email',
}