Seafile

Seafile

This integration guide is community supported. It's not guaranteed to be complete, accurate, or up-to-date. It's likely that if this integration guide does not work for you that changes occurred with a third-party application.

Important Note: This documentation is version specific. Make sure you check the section outlining the tested versions.

Important Note: We always recommend users read the third-party documentation as part of the integration process to ensure configuration elements matches their needs. As such the See Also section is likely to have important links.

Important Note: If you find an error in this documentation please make a Pull Request, start a Discussion, or contact us on a Chat Room.

Introduction

This is a guide on integration of Authelia and Seafile via the trusted header SSO authentication.

As with all guides in this section it’s important you read the introduction first.

Tested Versions

  • Authelia:
    • v4.35.5
  • Seafile Server:
    • 9.0.4

Before You Begin

This example makes the following assumptions:

  • Application Root URL: https://seafile.example.com/
  • Authelia Root URL: https://auth.example.com/
  • User Email Domain: @example.com

Some of the values presented in this guide can automatically be replaced with documentation variables.

Configuration

To configure Seafile to trust the Remote-User and Remote-Email header do the following:

  1. Configure seahub_settings.py and adjust the following settings:
ENABLE_REMOTE_USER_AUTHENTICATION = True

# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'

# Optional, when the value of HTTP_REMOTE_USER is not a valid email address,
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = 'example.com'

# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True

# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True

# Optional, map user attribute in HTTP header and Seafile's user attribute.
REMOTE_USER_ATTRIBUTE_MAP = {
    'HTTP_REMOTE_NAME': 'name',
    'HTTP_REMOTE_EMAIL': 'contact_email',
}

See Also