15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-26 02:32:50 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

update: Keycloak SAML 2.0 in 12.0

This commit is contained in:
Jizhou Deng 2025-10-21 14:41:26 +08:00
parent 909267920f
commit 0702b0d68e
1 changed files with 17 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
manual/config/saml2_in_10.0.md
View File

@ -17,17 +17,26 @@ $ apt install dnsutils # For multi-tenancy feature
### Prepare SP(Seafile) certificate directory and SP certificates:
Create certs dir
Create certs dir
```
$ mkdir -p /opt/seafile/seahub-data/certs
```
=== "Docker Deployment"
The default deployment path for Seafile is **/opt/seafile**, and the corresponding default path for seafile-data is **/opt/seafile-data**. If you do not deploy Seafile to this directory, you can check the **SEAFILE_VOLUME** variable in the env to confirm the path of your seafile-data.
```sh
cd /opt/seafile-data/seafile/seahub-data
mkdir certs
```
=== "Binary Deployment"
If you deploy Seafile using the binary package, the default installation and data path is **/opt/seafile**. If you do not deploy Seafile to this directory, please check your actual deployment path.
```sh
mkdir -p /opt/seafile/seahub-data/certs
```
The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:
```
$ cd /opt/seafile/seahub-data/certs
$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
```sh
cd /opt/seafile/seahub-data/certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
!!! tip "The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly"
@ -196,30 +205,7 @@ SAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/fed
### Example 3: Keycloak SAML 2.0
In this part, we use Keycloak SAML single sign-on app to show how Seafile integrate SAML 2.0. And If you are deploying Seafile in a Docker environment, please refer to this part.
#### Preparations for SAML 2.0
prepare SP(Seafile) certificate directory and SP certificates:
Create certs dir:
The default deployment path for Seafile is **/opt/seafile**, and the corresponding default path for seafile-data is **/opt/seafile-data**. If you do not deploy Seafile to this directory, you can check the **SEAFILE_VOLUME** variable in the env to confirm the path of your seafile-data.
```sh
cd /opt/seafile-data/seafile/seahub-data
mkdir certs
```
The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:
```sh
cd certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly.
In this part, we use Keycloak SAML single sign-on app to show how Seafile integrate SAML 2.0.
#### Keycloak SAML single sign-on app