Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bccfcaf6e20091c01fe2d7ff0dc8c9fd99979798
homelab-optimized/docs/services/individual/seafile-oauth.md
Gitea Mirror Bot bccfcaf6e2
Some checks failed
Documentation / Build Docusaurus (push) Failing after 5m0s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-03-20 08:50:12 UTC
2026-03-20 08:50:12 +00:00

2.8 KiB
Raw Blame History

Seafile OAuth2 with Authentik

Host: Calypso (Synology NAS)
Domain: sf.vish.gg
Port: 8611
Compose File: hosts/synology/calypso/seafile-server.yaml
Status: Working

Overview

Seafile uses OAuth2 to integrate with Authentik for SSO. Local login remains fully functional.

Authentication Methods

  1. Local Login - Email/password on the login page
  2. OAuth2 SSO - "Single Sign-On" button

Authentik Configuration

Provider Created

  • Name: Seafile OAuth2
  • Type: OAuth2/OpenID Provider
  • Client ID: oVa51E8UC9PNmgFSIlivYgcGwdBvnc83YW2WkuDS
  • Redirect URI: https://sf.vish.gg/oauth/callback/
  • Scopes: openid, email, profile

Application Created

Seafile Configuration

Seafile requires adding OAuth settings to seahub_settings.py. The config file is at: /volume1/docker/seafile/data/seafile/conf/seahub_settings.py

Configuration to Add

Append the contents of hosts/synology/calypso/seafile-oauth-config.py to seahub_settings.py:

ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "REDACTED_CLIENT_ID"
OAUTH_CLIENT_SECRET = "REDACTED_CLIENT_SECRET"
OAUTH_REDIRECT_URL = "https://sf.vish.gg/oauth/callback/"
OAUTH_PROVIDER_DOMAIN = "sso.vish.gg"
OAUTH_AUTHORIZATION_URL = "https://sso.vish.gg/application/o/authorize/"
OAUTH_TOKEN_URL = "https://sso.vish.gg/application/o/token/"
OAUTH_USER_INFO_URL = "https://sso.vish.gg/application/o/userinfo/"
OAUTH_SCOPE = ["openid", "profile", "email"]
OAUTH_ATTRIBUTE_MAP = {
    "email": (True, "email"),
    "name": (False, "name"),
}

Activation Steps

  1. SSH to Calypso or use Synology DSM
  2. Edit the seahub_settings.py file: 
    nano /volume1/docker/seafile/data/seafile/conf/seahub_settings.py
  3. Append the OAuth configuration (see above or copy from seafile-oauth-config.py)
  4. Restart Seafile: 
    docker restart Seafile
  5. Test by visiting https://sf.vish.gg and clicking "Single Sign-On"

Troubleshooting

SSO button not appearing

  • Verify ENABLE_OAUTH = True is in seahub_settings.py
  • Check Seafile logs: docker logs Seafile

"Invalid redirect URI" error

  • Ensure redirect URI in Authentik matches exactly: https://sf.vish.gg/oauth/callback/
  • Note the trailing slash is important!

User created but can't access files

  • OAuth users are created automatically on first login
  • Admin needs to grant them access to libraries

Related Documentation

Change Log

  • 2026-01-31: Created OAuth2 provider and application in Authentik, created config file
Reference in New Issue View Git Blame Copy Permalink