## Remote User Authentication ENABLE_REMOTE_USER_AUTHENTICATION = False # Optional, HTTP header, which is configured in your web server conf file, # used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'. REMOTE_USER_HEADER = 'X-Seafile-User' # Optional, when the value of HTTP_REMOTE_USER is not a valid email address, # Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER' # and this domain, e.g. user1@example.com. REMOTE_USER_DOMAIN = 'veenboer.xyz' # Optional, whether to create new user in Seafile system, default value is True. # If this setting is disabled, users doesn't preexist in the Seafile DB cannot login. # The admin has to first import the users from external systems like LDAP. REMOTE_USER_CREATE_UNKNOWN_USER = True # Optional, whether to activate new user in Seafile system, default value is True. # If this setting is disabled, user will be unable to login by default. # the administrator needs to manually activate this user. REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True # Optional, map user attribute in HTTP header and Seafile's user attribute. REMOTE_USER_ATTRIBUTE_MAP = { 'X-Authentik-Username': 'name', 'X-Seafile-User': 'contact_email', # for user info # "HTTP_GIVENNAME": 'givenname', # "HTTP_SN": 'surname', # "HTTP_ORGANIZATION": 'institution', # for user role # 'HTTP_Shibboleth-affiliation': 'affiliation', } # Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP, # it is not restricted to Shibboleth SHIBBOLETH_AFFILIATION_ROLE_MAP = { # 'employee@uni-mainz.de': 'staff', # 'member@uni-mainz.de': 'staff', # 'student@uni-mainz.de': 'student', # 'employee@hu-berlin.de': 'guest', # 'patterns': ( # ('*@hu-berlin.de', 'guest1'), # ('*@*.de', 'guest2'), # ('*', 'guest'), # ), } ## OAuth Authentication ENABLE_OAUTH = True # If create new user when he/she logs in Seafile for the first time, defalut `True`. OAUTH_CREATE_UNKNOWN_USER = True # If active new user when he/she logs in Seafile for the first time, defalut `True`. OAUTH_ACTIVATE_USER_AFTER_CREATION = True # Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error. OAUTH_ENABLE_INSECURE_TRANSPORT = True # Client id/secret generated by authorization server when you register your client application. OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh" OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT" # Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value. OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/' OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz' OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/' OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/' OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/' OAUTH_SCOPE = ["user",] OAUTH_ATTRIBUTE_MAP = { # "id": (True, "email"), # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier. "name": (False, "name"), "email": (False, "contact_email"), "uid": (True, "uid"), # Seafile v11.0 + }