docs/content/integration/openid-connect/clients/seafile/index.md
{{% oidc-common %}}
This example makes the following assumptions:
https://seafile.{{< sitevar name="domain" nojs="example.com" >}}/https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/seafileinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
requests_oauthlib to be manually installed. See the Seafile
documentation in the see also section for more information.The following YAML configuration is an example Authelia client configuration for use with Seafile which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'seafile'
client_name: 'Seafile'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://seafile.{{< sitevar name="domain" nojs="example.com" >}}/oauth/callback/'
scopes:
- 'openid'
- 'profile'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
To configure Seafile there is one method, using the Configuration File.
{{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}} The Seafile's WebDAV extension does not support OAuth Bearer at the time of this writing. {{< /callout >}}
{{< callout context="tip" title="Did you know?" icon="outline/rocket" >}}
Generally the configuration file is named seahub_settings.py.
{{< /callout >}}
To configure Seafile to utilize Authelia as an OpenID Connect 1.0 Provider, use the following configuration:
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "seafile"
OAUTH_CLIENT_SECRET = "insecure_secret"
OAUTH_REDIRECT_URL = 'https://seafile.{{< sitevar name="domain" nojs="example.com" >}}/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = '{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
OAUTH_AUTHORIZATION_URL = 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorization'
OAUTH_TOKEN_URL = 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/token'
OAUTH_USER_INFO_URL = 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo'
OAUTH_SCOPE = [
"openid",
"profile",
"email",
]
OAUTH_ATTRIBUTE_MAP = {
"sub": (True, "uid"),
"email": (False, "email"),
"name": (False, "name"),
}
# Optional
#ENABLE_WEBDAV_SECRET = True
When using Seafile with external authentication you may have to perform manual steps to achieve this.
The See Also has a link to the Seafile migrating from local user database to external authentication guide which has been verified to work.
Optionally enable webdav secrets so that clients that do not support OAuth 2.0 (e.g., davfs2) can login via basic auth.