Username mapped to unwilled Shibboleth attribute

Hi all,

I’m on seafile pro 6.29 but it’s not related to a bug

I encounter a big problem on user identifiers.

I use Shibboleth eppn as username (seahub_config)
But i noticed that my SP Config File (shibboleth2.xml) is not set exactly as it should

REMOTE_USER="mail eppn"

To expose eppn as the REMOTE_USER, it must be set in this order

REMOTE_USER="eppn mail" (eppn first)

All my identifiers are set on email, then whereas i thought they were set on email (we have the same value in our LDAP)

But for some external users, while they massively change the email value, then the users cannot log in anymore.

I know it is dirty, but i think the best to do is to change the username for these users. If i change the global Shib settings, all the other users will be lost…

How can i do that ?

  • In the database ? in which table(s) ?
  • In the WebUI ? Where ?

Here We have two fields

  • login ID
  • reference ID

Can we set the username with one of these ? It may work with REMOTE_USER = email

Regards,

Gautier

It looks like ‘reference ID’ field is the appropriate one.
It can be set in the Web GUI.
Can you confirm ?
Regards

Yes, it is the right way.

1 Like