ADFS, SAML configuration

Dmitry · November 8, 2019, 1:50pm

Hi there!
Our company is considering buying Seafile software.
We already have 1month trial account for 100 users.
I installed Centos 7 and Seafile Pro 7.0.9 using script.
I successfull configured LDAP for users nad groups syncronization.
Now i am trying to integrate Seafile with our ADFS infrastructure, so im changing file seahub_settings.py

When im adding this part in conf file, error happens after restart seahub service

from os import path
import saml2
import saml2.saml
CERTS_DIR = ‘/opt/seafile/seahub-data/certs’
SP_SERVICE_URL = ‘LINK_TO_SERVICE_VIA_HTTPS’
XMLSEC_BINARY = ‘/usr/bin/xmlsec1’
ATTRIBUTE_MAP_DIR = ‘/opt/seafile/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps’
SAML_ATTRIBUTE_MAPPING = {
‘DisplayName’: (‘display_name’, ),
‘ContactEmail’: (‘contact_email’, ),
‘Department’: (‘department’, ),
‘Telephone’: (‘telephone’, ),
}
ENABLE_ADFS_LOGIN = True
EXTRA_AUTHENTICATION_BACKENDS = (
‘seahub_extra.adfs_auth.backends.Saml2Backend’,
)
SAML_USE_NAME_ID_AS_USERNAME = True
LOGIN_REDIRECT_URL = ‘/saml2/complete/’
SAML_CONFIG = {
‘xmlsec_binary’: XMLSEC_BINARY,
‘allow_unknown_attributes’: True,
‘entityid’: SP_SERVICE_URL + ‘/saml2/metadata/’,
‘attribute_map_dir’: ATTRIBUTE_MAP_DIR,
‘service’: {
‘sp’ : {
“allow_unsolicited”: True,
‘name’: ‘Federated Seafile Service’,
‘name_id_format’: saml2.saml.NAMEID_FORMAT_EMAILADDRESS,
‘endpoints’: {
‘assertion_consumer_service’: [
(SP_SERVICE_URL + ‘/saml2/acs/’,
saml2.BINDING_HTTP_POST),
],
‘single_logout_service’: [
(SP_SERVICE_URL + ‘/saml2/ls/’,
saml2.BINDING_HTTP_REDIRECT),
(SP_SERVICE_URL + ‘/saml2/ls/post’,
saml2.BINDING_HTTP_POST),
],
},
‘required_attributes’: [“uid”],
‘optional_attributes’: [‘eduPersonAffiliation’, ],
‘idp’: {
‘LINK_TO_XML’: {
‘single_sign_on_service’: {
saml2.BINDING_HTTP_REDIRECT: ‘LINK_TO_ASPX’,
},
‘single_logout_service’: {
saml2.BINDING_HTTP_REDIRECT: ‘LINK_TO_ADFS’,
},
},
},
},
},
#where the remote metadata is stored
‘metadata’: {
‘local’: [path.join(CERTS_DIR, ‘idp_federation_metadata.xml’)],
},
# set to 1 to output debugging information
‘debug’: 1,
# Signing
‘key_file’: ‘’,
‘cert_file’: path.join(CERTS_DIR, ‘idp.crt’), # from IdP
# Encryption
‘encryption_keypairs’: [{
‘key_file’: path.join(CERTS_DIR, ‘sp.key’), # private part
‘cert_file’: path.join(CERTS_DIR, ‘sp.crt’), # public part
}],
‘valid_for’: 24, # how long is our metadata valid
}

Web interface says

Page unavailable

Sorry, but the requested page is unavailable due to a server hiccup.
Our engineers have been notified, so check back later.

I’m configuring system with official guide.

Dmitry · November 8, 2019, 1:52pm

seafdav.log says

[2019-11-08 16:30:10,760]: Init seahub database…
[2019-11-08 16:30:10,761]: Failed to init seahub db: No module named saml2.

I don’t get where do i need to add module?

Dmitry · November 11, 2019, 10:09am

okey
after 3 days fighing with documentation and manuals SSO is working.
I removed nginx and changed it to apache and installed module pysaml2
But after i changed to apache files not uploading anymore, looks like some sort of proxy problem…

Jonathan · November 13, 2019, 6:41am

Hi @Dmitry

If you are still having issues please send an email to support@seafile.com. The configuration in the manual should work with Nginx. Perhaps it’s due to other issues.