authelia/docs/content/en/integration/trusted-header-sso/seafile/index.md

76 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
title: "Seafile"
description: "Trusted Header SSO Integration for Seafile"
lead: ""
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
menu:
integration:
parent: "trusted-header-sso"
weight: 420
toc: true
community: true
---
## Introduction
This is a guide on integration of __Authelia__ and [Seafile] via the trusted header SSO authentication.
As with all guides in this section it's important you read the [introduction](../introduction.md) first.
## Tested Versions
* Authelia:
* v4.35.5
* [Seafile] Server:
* 9.0.4
## Before You Begin
This example makes the following assumptions:
* __Application Root URL:__ `https://seafile.example.com`
* __Authelia Root URL:__ `https://auth.example.com`
* __User Email Domain:__ `@example.com`
## Configuration
To configure [Seafile] to trust the `Remote-User` and `Remote-Email` header do the following:
1. Configure `seahub_settings.py` and adjust the following settings:
```python
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = 'example.com'
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
# Optional, map user attribute in HTTP header and Seafile's user attribute.
REMOTE_USER_ATTRIBUTE_MAP = {
'HTTP_REMOTE_NAME': 'name',
'HTTP_REMOTE_EMAIL': 'contact_email',
}
```
## See Also
* [Seafile Remote User Docs](https://manual.seafile.com/deploy/remote_user/)
[Seafile]: https://www.seafile.com/