I already used Seafile with oidc (keycloak) and had no problems with it. I wanted to switch to authentik for some reasons and cant get it working. I have found three topics in the forums none of them working.
Hey,
So I used this post to help me figure it out:
But here are my settings. Hope it helps you. (If you do not want Authentik to override seafile user’s Profile Name, then # the line in “OAUTH_ATTRIBUTE_MAP” that says "name": (False, "name"),)
Here is my settings that I added to “seahub_settings.py”
It’s alos possbile to use the normal mode. You can basically use the configuration from the Authelia documentation:
ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set >
OAUTH_ENABLE_INSECURE_TRANSPORT = True
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "client_id"
OAUTH_CLIENT_SECRET = "client_secret"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'https://seafile_drive.tld/oauth/callback/'
# The following should NOT be changed if you are using Github as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'authentik.tld'
OAUTH_AUTHORIZATION_URL = 'https://authentik.tld/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://authentik.tld/application/o/token/'
OAUTH_USER_INFO_URL = 'https://authentik.tld/application/o/userinfo/'
OAUTH_SCOPE = [ "openid", "profile", "email",]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "email"), # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.
"name": (False, "name"),
#"email": (False, "contact_email"),
"id": (False, "not used"), # Since 11.0 version, Seafile use 'uid' as the external unique identifier of the user.
# Different OAuth systems have different attributes, which may be: 'uid' or 'username', etc.
# If there is no 'uid' attribute, do not configure this option and keep the 'email' option unchanged,
# to be compatible with the login of users of version 11.0 and earlier.
}