hello there,
I’m new to seafile and i’m trying to setup a server with SSO for my homelab.
i have follow this tutorial (i can’t put link here so next you will find ascii to hex of the link):
68 74 74 70 73 3A 2F 2F 64 65 2E 73 65 61 66 69 6C 65 2E 63 6F 6D 2F 73 73 6F 2D 73 65 61 66 69 6C 65 2D 6B 65 79 63 6C 6F 61 6B 2F
@christophdb i hope to see you here ^^
Seafile is install with docker and working with local users.
When i try SSO i’m well redirect to keycloak login interface.
The error occur on the callback.
Keyclaok give no log of what happen but seafile (seahub.log) say:
[ERROR] seahub.oauth.views:154 oauth_callback (missing_token) Missing access token parameter.
[INFO] xmlschema:1266 include_schema Resource ‘XMLSchema.xsd’ is already loaded
here is my seahub_settings.py:
# -*- coding: utf-8 -*-
SECRET_KEY = "b'x=XXXXXXXXXXXXXXXXXXXXXXxwe'"
SERVICE_URL = "https://seafile.mydomain.com"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub_db',
'USER': 'seafile',
'PASSWORD': '9fXXXXXXXXXXXXXXXX39767',
'HOST': 'db',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': 'memcached:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
TIME_ZONE = 'Etc/UTC'
FILE_SERVER_ROOT = "https://seafile.mydomain.com/seafhttp"
CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = ['https://seafile.mydomain.com','https://127.0.0.1']
ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = True
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "seafile-auth"
OAUTH_CLIENT_SECRET = "AUQXXXXXXXXXXXXXXiao"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'https://seafile.mydomain.com/oauth/callback/'
# The following should NOT be changed if you are using Github as OAuth provider.
#OAUTH_PROVIDER_DOMAIN = 'keyclaok.mydomain.com/realms/myrealm' #deprecated
OAUTH_PROVIDER = 'keycloak..mydomain.com/realms/myrealm'
OAUTH_AUTHORIZATION_URL = 'https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/auth'
OAUTH_TOKEN_URL = 'https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/token'
OAUTH_USER_INFO_URL = 'https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo'
OAUTH_SCOPE = ["openid", "profile", "email"] #"user"
OAUTH_ATTRIBUTE_MAP = {
#"id": (False, "not used"),
"email": (True, "email"),
"uid / id / username / email": (True, "uid"),
"email": (False, "name"),
"email": (False, "contact_email"),
}
ACTIVATE_AFTER_REGISTRATION = True
ENABLE_SIGNUP = True
`
I think the error is somewhere in “OAUTH_SCOPE” or “OAUTH_ATTRIBUTE_MAP” but i can’t find where.
All that i have understand i that seafile need at least uid attribute to work.
if you need any other information, let me know.
Thank you in advance for you help
zonko