Hey,
I wanted to know if someone can help me switch from Oauth (Authentik) to SAML via Microsoft?
I tried adding the settings and disabling the Oauth settings in the seahub_settings.py but then Seafile just wouldn’t start.
Is they anything else I have to do to get it to switch over?
I have the Pro Version: Server Version: 11.0.6
So here are the configs I did:
I put # in front of all the OAuth settings, then added the following:
#SAML Settings
ENABLE_ADFS_LOGIN = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_ATTRIBUTE_MAPPING = {
'name': ('display_name', ),
'mail': ('contact_email', ),
}
SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/XXXXXXXXXX/federationmetadata/2007-06/federationmetadata.xml?appid=XXXXXXXXXX' # copy from SAML app
#DISABLE_ADFS_USER_PWD_LOGIN = True
Seahub now starts but I get the following error when I clock Single Sign-On button on the home page:
Login failed: ADFS/SAML service error. Please report to your organization (company) administrator.
If anyone can please help me, I’m not sure what I’m doing wrong.
Thanks!
Hi, aware that this is 2 years old but I just hit the same issue using SAML via Authentik. The reason was a 302-redirect on the metadata URL (in Authentik’s case https://authentik.tld/application/saml/{authentik_saml_provider_name}/metadata/) and pysaml2 doesn’t seem to follow it. In Authentik, using the direct API link works (e.g. https://authentik.tld/api/v3/providers/saml/{provider_id}/metadata/?download) but you could probably load this as local file from seafile in seahub_settings.py as well, knowing that upstream changes would need settings update as well.
Another reason you might hit this could be DNS or network resolution to the ADFS provider.
Maybe it helps someone in the future.