Shared Links via Shibboleth


#1

Hi,

I’m on pro 6.18.

I noticed that a shared link (to a library or a file) is not persistent while connecting via shibboleth, whereas ity is persistent while connecting while a local account.

If you connect from a shared link, you are send to the home page of seahub.

Cold you check this on your side (it is quite unconvenient) ?

Regards,

Gautier


Shibboleth single logout
#2

Do you mean that you get redirected to the homepage after having logged in?
I see a similar behaviour when I want to access the “System Administration” menu and have to log in again (“sudo”). The workaround there is to just access the menu again after that and then it works.


#3

Yes, we get a similar behaviour, but with a shared link redorected to the home page, you can’t access to the file in one click, you have to browse groups, librarires and so on.

That’s a pity.

Regards,
Gautier


#4

If you open the link again, after logging in, it doesn’t work then?


#5

Yes it does, but it’s a lack of efficiency.
I 'd like the link to be persistent on the fly accross shibboleth login/

Regards,

Gautier


#6

Yes, yes, of course that should work!
I just wanted to verify that the workaround works, too. :wink:


#7

@daniel.pan Then i suppose it can be declared as a bug.
Regards, Gautier


#8

I will look into the problem.


#9

Thank you @daniel.pan

It can be tricky with shibboleth. I can help you with my logs. Juste tell me.

Regards


#10

@gauburtin could u please send me full steps to reproduce your problem ?


#11

Hi,

Share a Folder to a user (or send a internal link like this one)

The user receives a mail with a shared link

He clicks on the links and goes to the login interface

  • If he logs with a local account, he is send to the shared folder (the link is preserved)
  • If he logs with a shibboleth accoutns, he is send to the home page / (the link is broken by the shibboleth url rewrite process)

Can you reproduce ?

Anyway, with 6.2 Pro version, the Shibboleth authentification is no longer possible. Could you please look a the post here and reproduce the problem ?

Is is very important for us.

regards,

Gautier


#12

Hi @gauburtin, as i replied in 6.2 Pro beta : Shibboleth Login fails (apache config), try restore to fastcgi mode, test shibboleth and redirection.


#13

Hi @gauburtin, URL hash fragment is lost during Shibboleth login redirection somehow.
So we have to use javascript to manually add it back.

Try apply this patch https://github.com/haiwen/seahub/commit/bdde049a4e0e97bbbb94b833902a14dc331c02f1

Should fix your problem.


#14

Hi @xiez,

Unfortunately, it did not fix the problem. I can do more tests if you need.
I removed seahub cache and restarted apache and seahub without fastcgi.
I’m not sure that Javascript is a good solution while working with shibboleth onto Proxy.
regards,
Gautier


#15

Please paste your modification in login.html. No restart is required since it’s a html file.

Try open a private window (firefox) or Incognito window (chrome), and test the whole steps again.


#16

Hi,

I pasted it in /seahub-data/custom/templates/registration/, and the modification is shown in the source of the login page.
I restarted apache to apply the config update (wsgi).

I does not work at all.

To let you know, there is also a shib login in the admin Web UI while the session of the admin has ended. Do i have to update another file ?
regards

regards,
Gautier


#17

Please fall back to fastcgi mode. This patch only fix the redirection problem during login.

It would be helpful if you can send me your seafile service link and shibboleth test account through private message.


#18

This problem is specific to wsgi mode.
Check here : 6.2 Pro beta : Shibboleth Login fails (apache config)

I sent you the link at your support adress

Regards,
Gautier


#19

Hi,
I switched to fastcgi mode. If you want to test wsgi mode, just tell me.
Regards
Gautier


Seafile server 6.2.3 is ready! OAuth support and other improvements
Seafile pro edition 6.2.1 is ready for testing!
#20

Right, the patch fixes the problem !

There was a confusion with the linked post, sorry,
Regards
Gautier