15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-26 02:32:50 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
seafile-admin-docs/deprecated/deploy/shibboleth_authentication/index.html
2024-10-23 15:20:00 +08:00

4073 lines
94 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="seafile">
<link rel="canonical" href="https://haiwen.github.io/seafile-admin-docs/deploy/shibboleth_authentication/">
<link rel="prev" href="../remote_user/">
<link rel="next" href="../auto_login_seadrive/">
<link rel="icon" href="../../media/favicon.ico">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.39">
<title>Shibboleth Authentication - Seafile Admin Manual</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.8c3ca2c6.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#shibboleth-authentication" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Seafile Admin Manual" class="md-header__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Seafile Admin Manual
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Seafile Admin Manual" class="md-nav__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
Seafile Admin Manual
</label>
<div class="md-nav__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1" id="__nav_1_label" tabindex="0">
<span class="md-ellipsis">
Overview
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Overview
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/components/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Components
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../overview/file_permission_management/" class="md-nav__link">
<span class="md-ellipsis">
File permission management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../roadmap/" class="md-nav__link">
<span class="md-ellipsis">
Roadmap
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contribution/" class="md-nav__link">
<span class="md-ellipsis">
Contribution
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/" class="md-nav__link">
<span class="md-ellipsis">
Changelog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Seafile Community Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Seafile Community Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Installation with MySQL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../https_with_nginx/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../https_with_apache/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Apache
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Seafile Professional Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Seafile Professional Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/download_and_setup_seafile_professional_server/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/migrate_from_seafile_community_server/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Storage Backends
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Storage Backends
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_amazon_s3/" class="md-nav__link">
<span class="md-ellipsis">
Amazon S3 Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_ceph/" class="md-nav__link">
<span class="md-ellipsis">
Ceph Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_swift/" class="md-nav__link">
<span class="md-ellipsis">
OpenStack Swift Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_oss/" class="md-nav__link">
<span class="md-ellipsis">
Alibaba OSS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/multiple_storage_backends/" class="md-nav__link">
<span class="md-ellipsis">
Multiple Storage Backends
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/migrate/" class="md-nav__link">
<span class="md-ellipsis">
Data migration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Cluster Deployment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Cluster Deployment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/deploy_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Deploy in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/enable_search_and_background_tasks_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Search and background tasks in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/memcached_mariadb_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Memcache and MariaDB Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_seafile_cluster_with_nfs/" class="md-nav__link">
<span class="md-ellipsis">
Setup Seafile cluster with NFS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/seafile_professional_sdition_software_license_agreement/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Seafile Setup with Docker
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Seafile Setup with Docker
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../docker/deploy_seafile_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/deploy_seafile_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/cluster/deploy_seafile_cluster_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker Cluster Deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_with_k8s/" class="md-nav__link">
<span class="md-ellipsis">
Setup with Kubernetes (K8s)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/migrate_ce_to_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/non_docker_to_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migrate from non-docker deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/seafile_docker_autostart/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker autostart
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Advanced Setup Options
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Advanced Setup Options
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
LDAP/AD Integration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
LDAP/AD Integration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../using_ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/using_ldap_pro/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_group_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_role_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Roles from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0 (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" checked>
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Single Sign On
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Single Sign On
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../single_sign_on/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../oauth/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../remote_user/" class="md-nav__link">
<span class="md-ellipsis">
Remote User Authentication
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#install-and-configure-shibboleth-service-provider" class="md-nav__link">
<span class="md-ellipsis">
Install and Configure Shibboleth Service Provider
</span>
</a>
<nav class="md-nav" aria-label="Install and Configure Shibboleth Service Provider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configure-apache" class="md-nav__link">
<span class="md-ellipsis">
Configure Apache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#install-and-configure-shibboleth" class="md-nav__link">
<span class="md-ellipsis">
Install and Configure Shibboleth
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-shibbolethsp" class="md-nav__link">
<span class="md-ellipsis">
Configure Shibboleth(SP)
</span>
</a>
<nav class="md-nav" aria-label="Configure Shibboleth(SP)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#shibboleth2xml" class="md-nav__link">
<span class="md-ellipsis">
shibboleth2.xml
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#attribute-mapxml" class="md-nav__link">
<span class="md-ellipsis">
attribute-map.xml
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#upload-shibbolethsps-metadata" class="md-nav__link">
<span class="md-ellipsis">
Upload Shibboleth(SP)'s metadata
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configure-seahub" class="md-nav__link">
<span class="md-ellipsis">
Configure Seahub
</span>
</a>
<nav class="md-nav" aria-label="Configure Seahub">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#affiliation-and-user-role" class="md-nav__link">
<span class="md-ellipsis">
Affiliation and user role
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#verify" class="md-nav__link">
<span class="md-ellipsis">
Verify
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#debug" class="md-nav__link">
<span class="md-ellipsis">
Debug
</span>
</a>
<nav class="md-nav" aria-label="Debug">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#add-this-setting-to-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Add this setting to seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#change-seafiles-code" class="md-nav__link">
<span class="md-ellipsis">
Change Seafile's code
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../auto_login_seadrive/" class="md-nav__link">
<span class="md-ellipsis">
Auto Login to SeaDrive on Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/saml2_in_10.0/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 in version 10.0+ (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/adfs/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 (old) (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/cas/" class="md-nav__link">
<span class="md-ellipsis">
CAS Authentication (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../auth_switch/" class="md-nav__link">
<span class="md-ellipsis">
Switch authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0">
<span class="md-ellipsis">
Online Office
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Online Office
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../libreoffice_online/" class="md-nav__link">
<span class="md-ellipsis">
LibreOffice Online Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../only_office/" class="md-nav__link">
<span class="md-ellipsis">
OnlyOffice Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/office_web_app/" class="md-nav__link">
<span class="md-ellipsis">
Office Online Server Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../extra_setup/setup_seadoc/" class="md-nav__link">
<span class="md-ellipsis">
SeaDoc Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../notification-server/" class="md-nav__link">
<span class="md-ellipsis">
Notification Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/webdav/" class="md-nav__link">
<span class="md-ellipsis">
WebDAV extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/fuse/" class="md-nav__link">
<span class="md-ellipsis">
FUSE extension
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_8" >
<label class="md-nav__link" for="__nav_5_8" id="__nav_5_8_label" tabindex="0">
<span class="md-ellipsis">
Virus Scan (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_8">
<span class="md-nav__icon md-icon"></span>
Virus Scan (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/virus_scan/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/deploy_clamav_with_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Deploy ClamAV with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/virus_scan_with_kav4fs/" class="md-nav__link">
<span class="md-ellipsis">
Virus Scan With Kav4fs
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_9" >
<label class="md-nav__link" for="__nav_5_9" id="__nav_5_9_label" tabindex="0">
<span class="md-ellipsis">
Advanced User Management (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_9">
<span class="md-nav__icon md-icon"></span>
Advanced User Management (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/multi_institutions/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Institutions Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/admin_roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Administrator Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/multi_tenancy/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Tenancy Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/details_about_file_search/" class="md-nav__link">
<span class="md-ellipsis">
Advanced File Search configuration (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate_from_sqlite_to_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Migrate From SQLite to MySQL
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_12" >
<label class="md-nav__link" for="__nav_5_12" id="__nav_5_12_label" tabindex="0">
<span class="md-ellipsis">
Others Deployment Notes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_12">
<span class="md-nav__icon md-icon"></span>
Others Deployment Notes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../start_seafile_at_system_bootup/" class="md-nav__link">
<span class="md-ellipsis">
Start Seafile at System Bootup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_logrotate/" class="md-nav__link">
<span class="md-ellipsis">
Logrotate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ocm/" class="md-nav__link">
<span class="md-ellipsis">
Open Cloud Mesh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_seafile_behind_nat/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seafile behind NAT
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_seahub_at_non-root_domain/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seahub at Non-root domain or on custom port
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Config fail2ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/real_time_backup/" class="md-nav__link">
<span class="md-ellipsis">
Real-time Backup Server
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Configuration and Customization
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Configuration and Customization
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ccnet-conf/" class="md-nav__link">
<span class="md-ellipsis">
ccnet.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafile-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafile.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_settings_py/" class="md-nav__link">
<span class="md-ellipsis">
seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafevents-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafevents.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_customization/" class="md-nav__link">
<span class="md-ellipsis">
Seahub customization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/sending_email/" class="md-nav__link">
<span class="md-ellipsis">
Email Sending
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Administration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Administration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../maintain/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/account/" class="md-nav__link">
<span class="md-ellipsis">
Account management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/two_factor_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Two-factor Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/security_features/" class="md-nav__link">
<span class="md-ellipsis">
Security features
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/auditing/" class="md-nav__link">
<span class="md-ellipsis">
Access logs and auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/export_report/" class="md-nav__link">
<span class="md-ellipsis">
Export report
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/logs/" class="md-nav__link">
<span class="md-ellipsis">
Logs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/backup_recovery/" class="md-nav__link">
<span class="md-ellipsis">
Backup and Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_fsck/" class="md-nav__link">
<span class="md-ellipsis">
Seafile FSCK
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_gc/" class="md-nav__link">
<span class="md-ellipsis">
Seafile GC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/clean_database/" class="md-nav__link">
<span class="md-ellipsis">
Clean database
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/seaf_import/" class="md-nav__link">
<span class="md-ellipsis">
Import Directory To Seafile (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Upgrade Seafile Server
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Upgrade Seafile Server
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../upgrade/upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster (Docker)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.1.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.1.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_8.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 8.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_9.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 9.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_10.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 10.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_11.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 11.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_12.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 12.0.x (In progress)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
Developing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Developing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9_2" >
<label class="md-nav__link" for="__nav_9_2" id="__nav_9_2_label" tabindex="0">
<span class="md-ellipsis">
How to Build Seafile
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_9_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9_2">
<span class="md-nav__icon md-icon"></span>
How to Build Seafile
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/linux/" class="md-nav__link">
<span class="md-ellipsis">
Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/osx/" class="md-nav__link">
<span class="md-ellipsis">
macOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/windows/" class="md-nav__link">
<span class="md-ellipsis">
Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/server/" class="md-nav__link">
<span class="md-ellipsis">
Server development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/rpi/" class="md-nav__link">
<span class="md-ellipsis">
Server binary package
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../develop/translation/" class="md-nav__link">
<span class="md-ellipsis">
Translation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/web_api_v2.1/" class="md-nav__link">
<span class="md-ellipsis">
Web API V2.1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/rene-s/Seafile-PHP-SDK" class="md-nav__link">
<span class="md-ellipsis">
PHP API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/data_model/" class="md-nav__link">
<span class="md-ellipsis">
Data Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
ChangeLog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
ChangeLog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/server-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/changelog-for-seafile-professional-server/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Client
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/drive-client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Drive Client
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#install-and-configure-shibboleth-service-provider" class="md-nav__link">
<span class="md-ellipsis">
Install and Configure Shibboleth Service Provider
</span>
</a>
<nav class="md-nav" aria-label="Install and Configure Shibboleth Service Provider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configure-apache" class="md-nav__link">
<span class="md-ellipsis">
Configure Apache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#install-and-configure-shibboleth" class="md-nav__link">
<span class="md-ellipsis">
Install and Configure Shibboleth
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-shibbolethsp" class="md-nav__link">
<span class="md-ellipsis">
Configure Shibboleth(SP)
</span>
</a>
<nav class="md-nav" aria-label="Configure Shibboleth(SP)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#shibboleth2xml" class="md-nav__link">
<span class="md-ellipsis">
shibboleth2.xml
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#attribute-mapxml" class="md-nav__link">
<span class="md-ellipsis">
attribute-map.xml
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#upload-shibbolethsps-metadata" class="md-nav__link">
<span class="md-ellipsis">
Upload Shibboleth(SP)'s metadata
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configure-seahub" class="md-nav__link">
<span class="md-ellipsis">
Configure Seahub
</span>
</a>
<nav class="md-nav" aria-label="Configure Seahub">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#affiliation-and-user-role" class="md-nav__link">
<span class="md-ellipsis">
Affiliation and user role
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#verify" class="md-nav__link">
<span class="md-ellipsis">
Verify
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#debug" class="md-nav__link">
<span class="md-ellipsis">
Debug
</span>
</a>
<nav class="md-nav" aria-label="Debug">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#add-this-setting-to-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Add this setting to seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#change-seafiles-code" class="md-nav__link">
<span class="md-ellipsis">
Change Seafile's code
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="shibboleth-authentication">Shibboleth Authentication<a class="headerlink" href="#shibboleth-authentication" title="Permanent link">&para;</a></h1>
<p><a href="https://shibboleth.net/">Shibboleth</a> is a widely used single sign on (SSO) protocol. Seafile supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider.</p>
<p>In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to <a href="https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview">https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview</a> .</p>
<p>Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from <a href="https://shibboleth.net/">https://shibboleth.net/</a> is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from HTTP request. The username then can be used as login name for the user.</p>
<p>Seahub provides a special URL to handle Shibboleth login. The URL is <code>https://your-seafile-domain/sso</code>. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows:</p>
<ol>
<li>In the Seafile login page, there is a separate "Single Sign-On" login button. When the user clicks the button, she/he will be redirected to <code>https://your-seafile-domain/sso</code>.</li>
<li>Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to <code>https://your-seafile-domain/sso</code>.</li>
<li>This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request(<code>HTTP_REMOTE_USER</code> header) and brings the user to her/his home page.</li>
<li>All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.</li>
</ol>
<p>Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL <code>https://your-seafile-domain/sso</code> needs to be directed to Apache.</p>
<p>The configuration includes 3 steps:</p>
<ol>
<li>Install and configure Shibboleth Service Provider;</li>
<li>Configure Apache;</li>
<li>Configure Seahub.</li>
</ol>
<h2 id="install-and-configure-shibboleth-service-provider">Install and Configure Shibboleth Service Provider<a class="headerlink" href="#install-and-configure-shibboleth-service-provider" title="Permanent link">&para;</a></h2>
<p>We use CentOS 7 as example.</p>
<h3 id="configure-apache">Configure Apache<a class="headerlink" href="#configure-apache" title="Permanent link">&para;</a></h3>
<p>You should create a new virtual host configuration for Shibboleth. And then restart Apache.</p>
<div class="codehilite"><pre><span></span><code><span class="nt">&lt;IfModule</span> <span class="err">mod_ssl.c</span><span class="nt">&gt;</span>
<span class="w"> </span><span class="nt">&lt;VirtualHost</span> <span class="err">_default_:443</span><span class="nt">&gt;</span>
<span class="w"> </span>ServerName<span class="w"> </span>your-seafile-domain
<span class="w"> </span>DocumentRoot<span class="w"> </span>/var/www
<span class="w"> </span>Alias<span class="w"> </span>/media<span class="w"> </span>/opt/seafile/seafile-server-latest/seahub/media
<span class="w"> </span>ErrorLog<span class="w"> </span><span class="cp">${</span><span class="n">APACHE_LOG_DIR</span><span class="cp">}</span>/seahub.error.log
<span class="w"> </span>CustomLog<span class="w"> </span><span class="cp">${</span><span class="n">APACHE_LOG_DIR</span><span class="cp">}</span>/seahub.access.log<span class="w"> </span>combined
<span class="w"> </span>SSLEngine<span class="w"> </span>on
<span class="w"> </span>SSLCertificateFile<span class="w"> </span>/path/to/ssl-cert.pem
<span class="w"> </span>SSLCertificateKeyFile<span class="w"> </span>/path/to/ssl-key.pem
<span class="w"> </span><span class="nt">&lt;Location</span> <span class="err">/Shibboleth.sso</span><span class="nt">&gt;</span>
<span class="w"> </span>SetHandler<span class="w"> </span>shib
<span class="w"> </span>AuthType<span class="w"> </span>shibboleth
<span class="w"> </span>ShibRequestSetting<span class="w"> </span>requireSession<span class="w"> </span>1
<span class="w"> </span>Require<span class="w"> </span>valid-user
<span class="w"> </span><span class="nt">&lt;/Location&gt;</span>
<span class="w"> </span><span class="nt">&lt;Location</span> <span class="err">/sso</span><span class="nt">&gt;</span>
<span class="w"> </span>SetHandler<span class="w"> </span>shib
<span class="w"> </span>AuthType<span class="w"> </span>shibboleth
<span class="w"> </span>ShibUseHeaders<span class="w"> </span>On
<span class="w"> </span>ShibRequestSetting<span class="w"> </span>requireSession<span class="w"> </span>1
<span class="w"> </span>Require<span class="w"> </span>valid-user
<span class="w"> </span><span class="nt">&lt;/Location&gt;</span>
<span class="w"> </span>RewriteEngine<span class="w"> </span>On
<span class="w"> </span><span class="nt">&lt;Location</span> <span class="err">/media</span><span class="nt">&gt;</span>
<span class="w"> </span>Require<span class="w"> </span>all<span class="w"> </span>granted
<span class="w"> </span><span class="nt">&lt;/Location&gt;</span>
<span class="w"> </span>#<span class="w"> </span>seafile<span class="w"> </span>fileserver
<span class="w"> </span>ProxyPass<span class="w"> </span>/seafhttp<span class="w"> </span>http://127.0.0.1:8082
<span class="w"> </span>ProxyPassReverse<span class="w"> </span>/seafhttp<span class="w"> </span>http://127.0.0.1:8082
<span class="w"> </span>RewriteRule<span class="w"> </span>^/seafhttp<span class="w"> </span>-<span class="w"> </span>[QSA,L]
<span class="w"> </span>#<span class="w"> </span>seahub
<span class="w"> </span>SetEnvIf<span class="w"> </span>Authorization<span class="w"> </span>&quot;(.*)&quot;<span class="w"> </span>HTTP_AUTHORIZATION=$1
<span class="w"> </span>ProxyPass<span class="w"> </span>/<span class="w"> </span>http://127.0.0.1:8000/
<span class="w"> </span>ProxyPassReverse<span class="w"> </span>/<span class="w"> </span>http://127.0.0.1:8000/
<span class="w"> </span>#<span class="w"> </span>for<span class="w"> </span>http
<span class="w"> </span>#<span class="w"> </span>RequestHeader<span class="w"> </span>set<span class="w"> </span>REMOTE_USER<span class="w"> </span>%{REMOTE_USER}e
<span class="w"> </span>#<span class="w"> </span>for<span class="w"> </span>https
<span class="w"> </span>RequestHeader<span class="w"> </span>set<span class="w"> </span>REMOTE_USER<span class="w"> </span>%{REMOTE_USER}s
<span class="w"> </span><span class="nt">&lt;/VirtualHost&gt;</span>
<span class="nt">&lt;/IfModule&gt;</span>
</code></pre></div>
<h3 id="install-and-configure-shibboleth">Install and Configure Shibboleth<a class="headerlink" href="#install-and-configure-shibboleth" title="Permanent link">&para;</a></h3>
<p>Installation and configuration of Shibboleth is out of the scope of this documentation. You can refer to the official Shibboleth document.</p>
<h3 id="configure-shibbolethsp">Configure Shibboleth(SP)<a class="headerlink" href="#configure-shibbolethsp" title="Permanent link">&para;</a></h3>
<h4 id="shibboleth2xml">shibboleth2.xml<a class="headerlink" href="#shibboleth2xml" title="Permanent link">&para;</a></h4>
<p>Open <code>/etc/shibboleth/shibboleth2.xml</code> and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)</p>
<h5 id="applicationdefaults-element"><code>ApplicationDefaults</code> element<a class="headerlink" href="#applicationdefaults-element" title="Permanent link">&para;</a></h5>
<p>Change <code>entityID</code> and <a href="https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2063695997/ApplicationDefaults"><code>REMOTE_USER</code></a> property:</p>
<div class="codehilite"><pre><span></span><code><span class="o">&lt;!--</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">ApplicationDefaults</span><span class="w"> </span><span class="n">element</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">where</span><span class="w"> </span><span class="n">most</span><span class="w"> </span><span class="kr">of</span><span class="w"> </span><span class="n">Shibboleth</span><span class="s">&#39;s SAML bits are defined. --&gt;</span>
<span class="s">&lt;ApplicationDefaults entityID=&quot;</span><span class="n">https</span><span class="o">://</span><span class="n">your</span><span class="o">-</span><span class="n">seafile</span><span class="o">-</span><span class="n">domain</span><span class="o">/</span><span class="n">sso</span><span class="s">&quot;</span>
<span class="s"> REMOTE_USER=&quot;</span><span class="n">mail</span><span class="s">&quot;</span>
<span class="s"> cipherSuites=&quot;</span><span class="n">DEFAULT</span><span class="o">:!</span><span class="nf">EXP</span><span class="o">:!</span><span class="n">LOW</span><span class="o">:!</span><span class="n">aNULL</span><span class="o">:!</span><span class="n">eNULL</span><span class="o">:!</span><span class="n">DES</span><span class="o">:!</span><span class="n">IDEA</span><span class="o">:!</span><span class="n">SEED</span><span class="o">:!</span><span class="n">RC4</span><span class="o">:!</span><span class="mi">3</span><span class="n">DES</span><span class="o">:!</span><span class="n">kRSA</span><span class="o">:!</span><span class="n">SSLv2</span><span class="o">:!</span><span class="n">SSLv3</span><span class="o">:!</span><span class="n">TLSv1</span><span class="o">:!</span><span class="n">TLSv1</span><span class="mf">.1</span><span class="s">&quot;&gt;</span>
</code></pre></div>
<p>Seahub extracts the username from the <code>REMOTE_USER</code> environment variable. So you should modify your SP's shibboleth2.xml config file, so that Shibboleth translates your desired attribute into <code>REMOTE_USER</code> environment variable.</p>
<p>In Seafile, only one of the following two attributes can be used for username: <code>eppn</code>, and <code>mail</code>. <code>eppn</code> stands for "Edu Person Principal Name". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. <code>mail</code> is the user's email address. You should set <code>REMOTE_USER</code> to either one of these attributes.</p>
<h5 id="sso-element"><code>SSO</code> element<a class="headerlink" href="#sso-element" title="Permanent link">&para;</a></h5>
<p>Change <code>entityID</code> property:</p>
<div class="codehilite"><pre><span></span><code><span class="cm">&lt;!--</span>
<span class="cm">Configures SSO for a default IdP. To properly allow for &gt;1 IdP, remove</span>
<span class="cm">entityID property and adjust discoveryURL to point to discovery service.</span>
<span class="cm">You can also override entityID on /Login query string, or in RequestMap/htaccess.</span>
<span class="cm">--&gt;</span>
<span class="nt">&lt;SSO</span><span class="w"> </span><span class="na">entityID=</span><span class="s">&quot;https://your-IdP-domain&quot;</span><span class="nt">&gt;</span>
<span class="w"> </span><span class="cm">&lt;!--discoveryProtocol=&quot;SAMLDS&quot; discoveryURL=&quot;https://wayf.ukfederation.org.uk/DS&quot;--&gt;</span>
<span class="w"> </span>SAML2
<span class="nt">&lt;/SSO&gt;</span>
</code></pre></div>
<h5 id="metadataprovider-element"><code>MetadataProvider</code> element<a class="headerlink" href="#metadataprovider-element" title="Permanent link">&para;</a></h5>
<p>Change <code>url</code> and <code>backingFilePath</code> property:</p>
<div class="codehilite"><pre><span></span><code><span class="p">&lt;!</span><span class="o">--</span><span class="w"> </span><span class="nx">Example</span><span class="w"> </span><span class="nx">of</span><span class="w"> </span><span class="nx">remotely</span><span class="w"> </span><span class="nx">supplied</span><span class="w"> </span><span class="nx">batch</span><span class="w"> </span><span class="nx">of</span><span class="w"> </span><span class="nx">signed</span><span class="w"> </span><span class="nx">metadata</span><span class="p">.</span><span class="w"> </span><span class="o">--</span><span class="p">&gt;</span>
<span class="p">&lt;</span><span class="nx">MetadataProvider</span><span class="w"> </span><span class="k">type</span><span class="p">=</span><span class="s">&quot;XML&quot;</span><span class="w"> </span><span class="nx">validate</span><span class="p">=</span><span class="s">&quot;true&quot;</span>
<span class="w"> </span><span class="nx">url</span><span class="p">=</span><span class="s">&quot;http://your-IdP-metadata-url&quot;</span>
<span class="w"> </span><span class="nx">backingFilePath</span><span class="p">=</span><span class="s">&quot;your-IdP-metadata.xml&quot;</span><span class="w"> </span><span class="nx">maxRefreshDelay</span><span class="p">=</span><span class="s">&quot;7200&quot;</span><span class="p">&gt;</span>
<span class="w"> </span><span class="p">&lt;</span><span class="nx">MetadataFilter</span><span class="w"> </span><span class="k">type</span><span class="p">=</span><span class="s">&quot;RequireValidUntil&quot;</span><span class="w"> </span><span class="nx">maxValidityInterval</span><span class="p">=</span><span class="s">&quot;2419200&quot;</span><span class="o">/</span><span class="p">&gt;</span>
<span class="w"> </span><span class="p">&lt;</span><span class="nx">MetadataFilter</span><span class="w"> </span><span class="k">type</span><span class="p">=</span><span class="s">&quot;Signature&quot;</span><span class="w"> </span><span class="nx">certificate</span><span class="p">=</span><span class="s">&quot;fedsigner.pem&quot;</span><span class="w"> </span><span class="nx">verifyBackup</span><span class="p">=</span><span class="s">&quot;false&quot;</span><span class="o">/</span><span class="p">&gt;</span>
</code></pre></div>
<h4 id="attribute-mapxml">attribute-map.xml<a class="headerlink" href="#attribute-mapxml" title="Permanent link">&para;</a></h4>
<p>Open <code>/etc/shibboleth/attribute-map.xml</code> and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)</p>
<h5 id="attribute-element"><code>Attribute</code> element<a class="headerlink" href="#attribute-element" title="Permanent link">&para;</a></h5>
<p>Uncomment attribute elements for getting more user info:</p>
<div class="codehilite"><pre><span></span><code><span class="o">&lt;!--</span><span class="w"> </span><span class="n">Older</span><span class="w"> </span><span class="n">LDAP</span><span class="o">-</span><span class="n">defined</span><span class="w"> </span><span class="n">attributes</span><span class="w"> </span><span class="p">(</span><span class="n">SAML</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="n">names</span><span class="w"> </span><span class="n">followed</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="n">SAML</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">names</span><span class="p">)...</span><span class="w"> </span><span class="o">--&gt;</span>
<span class="o">&lt;</span><span class="n">Attribute</span><span class="w"> </span><span class="n">name</span><span class="o">=</span><span class="s">&quot;urn:oid:2.16.840.1.113730.3.1.241&quot;</span><span class="w"> </span><span class="n">id</span><span class="o">=</span><span class="s">&quot;displayName&quot;</span><span class="o">/&gt;</span>
<span class="o">&lt;</span><span class="n">Attribute</span><span class="w"> </span><span class="n">name</span><span class="o">=</span><span class="s">&quot;urn:oid:0.9.2342.19200300.100.1.3&quot;</span><span class="w"> </span><span class="n">id</span><span class="o">=</span><span class="s">&quot;mail&quot;</span><span class="o">/&gt;</span>
<span class="o">&lt;</span><span class="n">Attribute</span><span class="w"> </span><span class="n">name</span><span class="o">=</span><span class="s">&quot;urn:mace:dir:attribute-def:displayName&quot;</span><span class="w"> </span><span class="n">id</span><span class="o">=</span><span class="s">&quot;displayName&quot;</span><span class="o">/&gt;</span>
<span class="o">&lt;</span><span class="n">Attribute</span><span class="w"> </span><span class="n">name</span><span class="o">=</span><span class="s">&quot;urn:mace:dir:attribute-def:mail&quot;</span><span class="w"> </span><span class="n">id</span><span class="o">=</span><span class="s">&quot;mail&quot;</span><span class="o">/&gt;</span>
</code></pre></div>
<h4 id="upload-shibbolethsps-metadata">Upload Shibboleth(SP)'s metadata<a class="headerlink" href="#upload-shibbolethsps-metadata" title="Permanent link">&para;</a></h4>
<p>After restarting Apache, you should be able to get the Service Provider metadata by accessing <a href="https://your-seafile-domain/Shibboleth.sso/Metadata">https://your-seafile-domain/Shibboleth.sso/Metadata</a>. This metadata should be uploaded to the Identity Provider (IdP) server.</p>
<h2 id="configure-seahub">Configure Seahub<a class="headerlink" href="#configure-seahub" title="Permanent link">&para;</a></h2>
<p>Add the following configuration to seahub_settings.py.</p>
<div class="codehilite"><pre><span></span><code><span class="n">ENABLE_SHIB_LOGIN</span> <span class="o">=</span> <span class="n">True</span>
<span class="n">SHIBBOLETH_USER_HEADER</span> <span class="o">=</span> <span class="s">&#39;HTTP_REMOTE_USER&#39;</span>
<span class="o">#</span> <span class="n">basic</span> <span class="n">user</span> <span class="n">attributes</span>
<span class="n">SHIBBOLETH_ATTRIBUTE_MAP</span> <span class="o">=</span> <span class="p">{</span>
<span class="s">&quot;HTTP_DISPLAYNAME&quot;</span><span class="p">:</span> <span class="p">(</span><span class="n">False</span><span class="p">,</span> <span class="s">&quot;display_name&quot;</span><span class="p">),</span>
<span class="s">&quot;HTTP_MAIL&quot;</span><span class="p">:</span> <span class="p">(</span><span class="n">False</span><span class="p">,</span> <span class="s">&quot;contact_email&quot;</span><span class="p">),</span>
<span class="p">}</span>
<span class="n">EXTRA_MIDDLEWARE</span> <span class="o">=</span> <span class="p">(</span>
<span class="s">&#39;shibboleth.middleware.ShibbolethRemoteUserMiddleware&#39;</span><span class="p">,</span>
<span class="p">)</span>
<span class="n">EXTRA_AUTHENTICATION_BACKENDS</span> <span class="o">=</span> <span class="p">(</span>
<span class="s">&#39;shibboleth.backends.ShibbolethRemoteUserBackend&#39;</span><span class="p">,</span>
<span class="p">)</span>
</code></pre></div>
<p>Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are:</p>
<ul>
<li>givenname</li>
<li>surname</li>
<li>contact_email: used for sending notification email to user if username is not a valid email address (like eppn).</li>
<li>institution: used to identify user's institution</li>
</ul>
<p>You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py:</p>
<div class="codehilite"><pre><span></span><code>SHIBBOLETH_ATTRIBUTE_MAP = {
&quot;HTTP_GIVENNAME&quot;: (False, &quot;givenname&quot;),
&quot;HTTP_SN&quot;: (False, &quot;surname&quot;),
&quot;HTTP_MAIL&quot;: (False, &quot;contact_email&quot;),
&quot;HTTP_ORGANIZATION&quot;: (False, &quot;institution&quot;),
}
</code></pre></div>
<p>In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. <strong><em>Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP.</em></strong></p>
<p>We also added an option <code>SHIB_ACTIVATE_AFTER_CREATION</code> (defaults to <code>True</code>) which control the user status after shibboleth connection. If this option set to <code>False</code>, user will be inactive after connection, and system admins will be notified by email to activate that account.</p>
<h3 id="affiliation-and-user-role">Affiliation and user role<a class="headerlink" href="#affiliation-and-user-role" title="Permanent link">&para;</a></h3>
<p>Shibboleth has a field called affiliation. It is a list like: <code>employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.</code></p>
<p>We are able to set user role from Shibboleth. Details about user role, please refer to <a href="https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md">https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md</a></p>
<p>To enable this, modify <code>SHIBBOLETH_ATTRIBUTE_MAP</code> above and add <code>Shibboleth-affiliation</code> field, you may need to change <code>Shibboleth-affiliation</code> according to your Shibboleth SP attributes.</p>
<div class="codehilite"><pre><span></span><code>SHIBBOLETH_ATTRIBUTE_MAP = {
&quot;HTTP_GIVENNAME&quot;: (False, &quot;givenname&quot;),
&quot;HTTP_SN&quot;: (False, &quot;surname&quot;),
&quot;HTTP_MAIL&quot;: (False, &quot;contact_email&quot;),
&quot;HTTP_ORGANIZATION&quot;: (False, &quot;institution&quot;),
&quot;HTTP_Shibboleth-affiliation&quot;: (False, &quot;affiliation&quot;),
}
</code></pre></div>
<p>Then add new config to define affiliation role map,</p>
<div class="codehilite"><pre><span></span><code><span class="n">SHIBBOLETH_AFFILIATION_ROLE_MAP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="s1">&#39;employee@uni-mainz.de&#39;</span><span class="err">:</span><span class="w"> </span><span class="s1">&#39;staff&#39;</span><span class="p">,</span>
<span class="w"> </span><span class="s1">&#39;member@uni-mainz.de&#39;</span><span class="err">:</span><span class="w"> </span><span class="s1">&#39;staff&#39;</span><span class="p">,</span>
<span class="w"> </span><span class="s1">&#39;student@uni-mainz.de&#39;</span><span class="err">:</span><span class="w"> </span><span class="s1">&#39;student&#39;</span><span class="p">,</span>
<span class="w"> </span><span class="s1">&#39;employee@hu-berlin.de&#39;</span><span class="err">:</span><span class="w"> </span><span class="s1">&#39;guest&#39;</span><span class="p">,</span>
<span class="w"> </span><span class="s1">&#39;patterns&#39;</span><span class="err">:</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="p">(</span><span class="s1">&#39;*@hu-berlin.de&#39;</span><span class="p">,</span><span class="w"> </span><span class="s1">&#39;guest1&#39;</span><span class="p">),</span>
<span class="w"> </span><span class="p">(</span><span class="s1">&#39;*@*.de&#39;</span><span class="p">,</span><span class="w"> </span><span class="s1">&#39;guest2&#39;</span><span class="p">),</span>
<span class="w"> </span><span class="p">(</span><span class="s1">&#39;*&#39;</span><span class="p">,</span><span class="w"> </span><span class="s1">&#39;guest&#39;</span><span class="p">),</span>
<span class="w"> </span><span class="p">),</span>
<span class="err">}</span>
</code></pre></div>
<p>After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP.</p>
<h2 id="verify">Verify<a class="headerlink" href="#verify" title="Permanent link">&para;</a></h2>
<p>After restarting Apache and Seahub service (<code>./seahub.sh restart</code>), you can then test the shibboleth login workflow.</p>
<h2 id="debug">Debug<a class="headerlink" href="#debug" title="Permanent link">&para;</a></h2>
<p>If you encountered problems when login, follow these steps to get debug info (for Seafile pro 6.3.13).</p>
<h3 id="add-this-setting-to-seahub_settingspy">Add this setting to <code>seahub_settings.py</code><a class="headerlink" href="#add-this-setting-to-seahub_settingspy" title="Permanent link">&para;</a></h3>
<div class="codehilite"><pre><span></span><code>DEBUG = True
</code></pre></div>
<h3 id="change-seafiles-code">Change Seafile's code<a class="headerlink" href="#change-seafiles-code" title="Permanent link">&para;</a></h3>
<p>Open <code>seafile-server-latest/seahub/thirdpart/shibboleth/middleware.py</code></p>
<p>Insert the following code in line 59</p>
<div class="codehilite"><pre><span></span><code> assert False
</code></pre></div>
<p>Insert the following code in line 65</p>
<div class="codehilite"><pre><span></span><code><span class="k">if</span><span class="w"> </span><span class="nv">not</span><span class="w"> </span><span class="nv">username</span>:
<span class="w"> </span><span class="nv">assert</span><span class="w"> </span><span class="nv">False</span>
</code></pre></div>
<p>The complete code after these changes is as follows:</p>
<div class="codehilite"><pre><span></span><code><span class="c1">#Locate the remote user header.</span>
<span class="c1"># import pprint; pprint.pprint(request.META)</span>
<span class="k">try</span><span class="p">:</span>
<span class="w"> </span><span class="n">username</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">request</span><span class="o">.</span><span class="n">META</span><span class="p">[</span><span class="n">SHIB_USER_HEADER</span><span class="p">]</span>
<span class="k">except</span><span class="w"> </span><span class="n">KeyError</span><span class="p">:</span>
<span class="w"> </span><span class="k">assert</span><span class="w"> </span><span class="kc">False</span>
<span class="w"> </span><span class="c1"># If specified header doesn&#39;t exist then return (leaving</span>
<span class="w"> </span><span class="c1"># request.user set to AnonymousUser by the</span>
<span class="w"> </span><span class="c1"># AuthenticationMiddleware).</span>
<span class="w"> </span><span class="k">return</span>
<span class="k">if</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">username</span><span class="p">:</span>
<span class="w"> </span><span class="k">assert</span><span class="w"> </span><span class="kc">False</span>
<span class="n">p_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ccnet_api</span><span class="o">.</span><span class="n">get_primary_id</span><span class="p">(</span><span class="n">username</span><span class="p">)</span>
<span class="k">if</span><span class="w"> </span><span class="n">p_id</span><span class="w"> </span><span class="ow">is</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="kc">None</span><span class="p">:</span>
<span class="w"> </span><span class="n">username</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">p_id</span>
</code></pre></div>
<p>Then restart Seafile and relogin, you will see debug info in web page.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Seafile Ltd.
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/haiwen/seafile-admin-docs/" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.525ec568.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink