Introduction
Seafile is a cloud storage system with file encryption, group sharing, synchronization etc. available both in open source Community and paid Pro editions. The software has potential to enable research communities secure access to potentially unlimited commercial storage resources leveraging federated authentication and authorisation. It is possible mainly because of the following features:
- Seafile is integrated with Shibboleth SP, so authentication against remote IdP may be configured.
- Seafile Pro supports a number of storage backends including Amazon S3, Open Stack Swift and Ceph and these are storage interfaces used by many commercial cloud providers.
- Seafile supports user side data encryption, so data privacy may be preserved even if the data is stored at untrysty third parties.
Additionally, the software provides some features from the point of view of access to resources:
- Java client allows for non web access and local storage synchronisation.
- Collabora (LibreOffice) cloud suit integration supports collaborative work on documents online (Pro edition).
The missing element to enable federated access to a SeaFile service is discovery service as the software as such is designed to work with single IdP. This pilot aims in testing federated access to Seafile service using community WAYF service as a proxy to multiple SAML IdPs. The approach is to configure existing PIONIER.Id WAYF service (https://aai.pionier.net.pl/WAYF) as SAML IdP for Seafile Shibboleth authentication.
Workflow
1. | Access the service at https://box.pionier.net.pl/. Push Log In button in PIONIER ID table. | |
2. | The browser redirects to PIONIER.id WAYF service. Select your IdP. | |
3. | The browser redirects to home IdP Login using home IdP credentials. | |
4. | The browser redirects back to the required service. |
Status
The professional version of the Seafile software has been deployed and the federated login through the PIONIER.id federation is now supported by the service.
Service
The service is available at: https://box.pionier.net.pl/
Resources
Seafile manual on Shibboleth authentication: https://manual.seafile.com/deploy/shibboleth_config.html
Shibboleth SP documentation: https://shibboleth.net/products/service-provider.html
WAYF documentation: https://www.switch.ch/aai/support/tools/wayf/