From the documentation I can not see how to get seafile APIs to authenticate to shibboleth. We are thinking of going purely shibboleth, but need the ability to use the APIs as well. Have I missed something in the documentation or is this not supported? If not supported, will it be soon?
This is not supported. We don’t have a plan to support it yet.
A correction:
The API itself doesn’t have a relation with Shibboleth. As long as you have the api token, you can call the API.
Only during the phase of getting the token, Shibboleth is involved. In our code such as the Android client, we display a webkit window to show the Shibboleth authentication page. After login, the token is saved in the result page in cookie. The Android app then get the token and saved to local database.
If you developing a web application, you can open an iframe web UI, the iframe open the Seafile SSO page. If user already login before, a result page will be returned and the seahub_token will be set in the cookie. The main page can read the seahub_token via “post message” to a child iframe.
To make “post message” work, you need to add a customized html page to override the default one used after successful login via Shibboleth. More information is described here: https://github.com/haiwen/seahub/blob/5.1/seahub/templates/shibboleth/success.html.template