Introduction

Seafile is a cloud storage system with file encryption, group sharing, synchronization etc. available both in open source Community and paid Pro editions. The software has potential to enable research communities secure access to potentially unlimited commercial storage resources leveraging federated authentication and authorisation. It is possible mainly because of the following features:

Seafile is integrated with Shibboleth SP, so authentication against remote IdP may be configured.
Seafile Pro supports a number of storage backends including Amazon S3, Open Stack Swift and Ceph and these are storage interfaces used by many commercial cloud providers.
Seafile supports user side data encryption, so data privacy may be preserved even if the data is stored at untrysty third parties.

Additionally, the software provides some features from the point of view of access to resources:

Java client allows for non web access and local storage synchronisation.
Collabora (LibreOffice) cloud suit integration supports collaborative work on documents online (Pro edition).

The missing element to enable federated access to a SeaFile service is discovery service as the software as such is designed to work with single IdP. This pilot aims in testing federated access to Seafile service using community WAYF service as a proxy to multiple SAML IdPs. The approach is to configure existing PIONIER.Id WAYF service (https://aai.pionier.net.pl/WAYF) as SAML IdP for Seafile Shibboleth authentication.

Status

The Seafile service (community edition) is oficially available for PIONIER.id users. PSNC already purchased Pro licence and the Pro edition is planned to be deployed soon.

Service

The service is available at: https://box.pionier.net.pl/

Resources

Seafile manual on Shibboleth authentication: https://manual.seafile.com/deploy/shibboleth_config.html

Shibboleth SP documentation: https://shibboleth.net/products/service-provider.html

WAYF documentation: https://www.switch.ch/aai/support/tools/wayf/