homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

configure sso in seafile

Browse Source
This commit is contained in:
Rik Veenboer
2024-12-01 17:51:36 +01:00
parent 3dab583d01
commit b99c70072c
4 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
seafile/server/seafile/conf/seahub_settings.py
View File

@@ -1,7 +1,9 @@
SECRET_KEY = "e$3$hp7u@1ba25kxxa46a7q+bc*3dfulsxhyq+nmap1f@me78$"
SERVICE_URL = "https://seafile.rik.veenboer.xyz"
DOMAIN = "seafile.rik.veenboer.xyz"
SERVICE_URL = f"https://{DOMAIN}"
CSRF_TRUSTED_ORIGINS = [SERVICE_URL]
DEBUG = False
DEBUG = True
TIME_ZONE = 'Europe/Amsterdam'
DATABASES = {
'default': {
@@ -14,3 +16,35 @@ DATABASES = {
'OPTIONS': {'charset': 'utf8mb4'},
}
}
ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = False
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = f"{SERVICE_URL}/oauth/callback/"
# The following should NOT be changed if you are using Github as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz'
OAUTH_AUTHORIZATION_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/authorize/'
OAUTH_TOKEN_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/token/'
OAUTH_USER_INFO_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/userinfo/'
# OAUTH_SCOPE = ["openid", "profile", "email", "seafile"]
OAUTH_SCOPE = ["profile", "seafile"]
OAUTH_ATTRIBUTE_MAP = {
"seafile_id": (True, "email"),
"seafile_email": (False, "contact_email"),
"name": (False, "name"),
}