Merge pull request #273 from haiwen/add-adfs-disable-pwd-notes

Update seahub_settings_py.md

manual/config/seahub_settings_py.md

@@ -299,6 +299,11 @@ ENABLE_GLOBAL_ADDRESSBOOK = False
 # Since 6.0.9
 ENABLE_ADFS_LOGIN = True
 
+# Force user login through ADFS instead of email and password
+# Default is False
+# Since 11.0.7
+DISABLE_ADFS_USER_PWD_LOGIN = True
+
 # Enable authentication wit Kerberos
 # Default is False
 ENABLE_KRB5_LOGIN = True

manual/upgrade/upgrade_notes_for_11.0.x.md

@@ -33,7 +33,8 @@ The upgrade script will merge ccnet_db.LDAPImported table to ccnet_db.EmailUsers
 
 If you use OAuth authentication, the configuration need to be changed a bit.
 
-If you use SAML, you don't need to change configuration files. For SAML2, in version 10, the name_id field is returned from SAML server, and is used as the username (the email field in ccnet_dbEmailUser). In version 11, for old users, Seafile will find the old user and create a name_id to name_id mapping in social_auth_usersocialauth. For new users, Seafile will create a new user with random ID and add a name_id to the random ID mapping in social_auth_usersocialauth.
+If you use SAML, you don't need to change configuration files. For SAML2, in version 10, the name_id field is returned from SAML server, and is used as the username (the email field in ccnet_dbEmailUser). In version 11, for old users, Seafile will find the old user and create a name_id to name_id mapping in social_auth_usersocialauth. For new users, Seafile will create a new user with random ID and add a name_id to the random ID mapping in social_auth_usersocialauth. In addition, we have added a feature where you can configure to disable login with a username and password for saml users by using the config of `DISABLE_ADFS_USER_PWD_LOGIN = True` in seahub_settings.py.
+
 
 
 ### Dropped SQLite Database Support