Hi,
This is a attempt to obtain some help on a non trivial objective.
I’m trying to configure SSO LemonLdap::NG in front of Seafile.
One way is to use HTTP Handler : Manage virtual hosts — LemonLDAP::NG 2.0 documentation
The other way is to use SAML SP, as on Nextcloud : https://lemonldap-ng.org/documentation/2.0/applications/nextcloud
I tried to Use HTTP handler on /sso path (previously used by Shib but deactivated)
I’m interested by bypassing Shib SP whereas relying on the features of shib intergration (on the fly roles). I thought i could do that with HTTP vars.
Apache <Location /sso> is empty
/sso path is intercepted By LLNG proxy (Nginx)
LLNG passes HTTP variables to Apache on /sso (i can see them)
But HTTP variables are lost on / path, even if i convert HTTP vars to Env
Convert HTTP header into environment variable — LemonLDAP::NG 2.0 documentation
The user is not logged in and i stay on the login home page
I don’t know how to process to the correct seahub_auth
If anyone already did such thing with HTTP handler (Keycloack Sso or anything else), i’d be pleased to know how
Please note that there is an HTTP handler fo Django, but i don’t know how to use it with seafile auth
Other mechanisms are described here : Index of /documentation/2.0/applications
BTW, i can try to implement SP forwarding https://wiki.shibboleth.net/confluence/display/SHIB/SPForwardProxy, but i’m not sure that the Shibboleth implementation on seafile will work on a pure SAML 2 SP as LLNG
[Edit]
Is this Django method AuthRemoteUser already implemented in seafile ?
https://docs.djangoproject.com/en/2.1/howto/auth-remote-user/
Regards,
Gautier