Oauth2 problems


#1

Hello, I cannot get oauth2 authentication to work properly. I think that something is causing an extra “u” to be brought back to seahub…

I am using KeyCloak for the oauth server.

My settings in seahub_settings.py are:

ENABLE_OAUTH = True

OAUTH_ENABLE_INSECURE_TRANSPORT = True

OAUTH_CLIENT_ID = “FileStore”
OAUTH_CLIENT_SECRET = “XXXXXXXXXXXXXXX”

OAUTH_REDIRECT_URL = ‘https://filestore.mydomain.com/oauth/callback/

OAUTH_PROVIDER_DOMAIN = ‘mydomain.com
OAUTH_AUTHORIZATION_URL = ‘https://loginserver.mydomain.com/auth/realms/Intranet/protocol/openid-connect/auth
OAUTH_TOKEN_URL = ‘https://loginserver.mydomain.com/auth/realms/Intranet/protocol/openid-connect/token
OAUTH_USER_INFO_URL = ‘https://loginserver.mydomain.com/auth/realms/Intranet/protocol/openid-connect/userinfo
OAUTH_SCOPE = ["",]
OAUTH_ATTRIBUTE_MAP = {
“email”: (True, “email”),
“name”: (False, “name”),
}

I am clicking Single Sign On link, then entering my credentials (unless already logged in from somewhere else), and it is taking me back to the Seafile page with the “Error, please contact administrator.” message.

This is what my logs are showing (I also tried only using email and got the same result):

2018-04-12 18:25:22,629 [ERROR] seahub.oauth.views:147 oauth_callback {‘name’: u’Bob Watkins’, ‘email’: u’bob@mydomain.com’}

I’m not sure where the “u” is coming from? I haven’t seen this in the few forum posts I’ve read concerning oauth2.

Note: This is not happening with the other servers that are using this KeyCloak server.

THANKS IN ADVANCE!!!


Unable to Login using OAuth
#2

Hey, I’m having the same problem. Have you found a fix for this problem yet?


#3

I think I used this: OAuth question - error with SSO


#4

Thanks, it worked.

For people who are still confused and have this problem:

I edited views.py in seafile-server-latest/seahub/seahub/oauth/views.py
I changed:

    ATTRIBUTE_MAP = {
        'id': (True, "email"),
   }
    ATTRIBUTE_MAP = getattr(settings, 'OAUTH_ATTRIBUTE_MAP', {})

to:

#    ATTRIBUTE_MAP = {
#        'id': (True, "email"),
#    }
    ATTRIBUTE_MAP = getattr(settings, 'OAUTH_ATTRIBUTE_MAP', {})
    ATTRIBUTE_MAP.update(getattr(settings, 'OAUTH_ATTRIBUTE_MAP', {}))

After that you need to enable user registration from the webui (admin settings)


#5

You can set this in the config without patching the code, see
/t/oauth-question-error-with-sso/5481/5?u=alexlake (I am not allowed to link)