mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
enterprise/providers: WS-Federation (#19583)
* init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix metadata Signed-off-by: Jens Langhammer <jens@goauthentik.io> * aight Signed-off-by: Jens Langhammer <jens@goauthentik.io> * progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timedelta Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start testing metadata Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some more tests and schemas Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test signature Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to fix signed xml linebreak https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258 https://github.com/robrichards/xmlseclibs/issues/28 https://github.com/xmlsec/python-xmlsec/issues/196 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format + gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more validation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hmm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add e2e test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * qol fix in wait_for_url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * acs -> reply url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sign_out Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some XML typing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove verification_kp as its not used Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix reply url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ws-fed to tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add logout test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add SAMLSession Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated type fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add backchannel logout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * delete import_metadata in wsfed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include generated realm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Jens L. <jens@beryju.org> * include wtrealm in ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
This commit is contained in:
Jens L.
GitHub
@@ -976,6 +976,46 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "object",
|
||||
"required": [
|
||||
"model",
|
||||
"identifiers"
|
||||
],
|
||||
"properties": {
|
||||
"model": {
|
||||
"const": "authentik_providers_ws_federation.wsfederationprovider"
|
||||
},
|
||||
"id": {
|
||||
"type": "string"
|
||||
},
|
||||
"state": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"absent",
|
||||
"created",
|
||||
"must_created",
|
||||
"present"
|
||||
],
|
||||
"default": "present"
|
||||
},
|
||||
"conditions": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"permissions": {
|
||||
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider_permissions"
|
||||
},
|
||||
"attrs": {
|
||||
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider"
|
||||
},
|
||||
"identifiers": {
|
||||
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "object",
|
||||
"required": [
|
||||
@@ -5727,6 +5767,10 @@
|
||||
"authentik_providers_ssf.view_ssfprovider",
|
||||
"authentik_providers_ssf.view_stream",
|
||||
"authentik_providers_ssf.view_streamevent",
|
||||
"authentik_providers_ws_federation.add_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.change_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.delete_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.view_wsfederationprovider",
|
||||
"authentik_rbac.access_admin_interface",
|
||||
"authentik_rbac.add_initialpermissions",
|
||||
"authentik_rbac.add_role",
|
||||
@@ -7085,6 +7129,162 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"model_authentik_providers_ws_federation.wsfederationprovider": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"title": "Name"
|
||||
},
|
||||
"authentication_flow": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "Authentication flow",
|
||||
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
||||
},
|
||||
"authorization_flow": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "Authorization flow",
|
||||
"description": "Flow used when authorizing this provider."
|
||||
},
|
||||
"invalidation_flow": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "Invalidation flow",
|
||||
"description": "Flow used ending the session from a provider."
|
||||
},
|
||||
"property_mappings": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"format": "uuid"
|
||||
},
|
||||
"title": "Property mappings"
|
||||
},
|
||||
"reply_url": {
|
||||
"type": "string",
|
||||
"format": "uri",
|
||||
"minLength": 1,
|
||||
"title": "Reply url"
|
||||
},
|
||||
"assertion_valid_not_before": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"title": "Assertion valid not before",
|
||||
"description": "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
|
||||
},
|
||||
"assertion_valid_not_on_or_after": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"title": "Assertion valid not on or after",
|
||||
"description": "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
||||
},
|
||||
"session_valid_not_on_or_after": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"title": "Session valid not on or after",
|
||||
"description": "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
||||
},
|
||||
"name_id_mapping": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "NameID Property Mapping",
|
||||
"description": "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered"
|
||||
},
|
||||
"authn_context_class_ref_mapping": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "AuthnContextClassRef Property Mapping",
|
||||
"description": "Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate."
|
||||
},
|
||||
"digest_algorithm": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"http://www.w3.org/2000/09/xmldsig#sha1",
|
||||
"http://www.w3.org/2001/04/xmlenc#sha256",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#sha384",
|
||||
"http://www.w3.org/2001/04/xmlenc#sha512"
|
||||
],
|
||||
"title": "Digest algorithm"
|
||||
},
|
||||
"signature_algorithm": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
|
||||
"http://www.w3.org/2000/09/xmldsig#dsa-sha1"
|
||||
],
|
||||
"title": "Signature algorithm"
|
||||
},
|
||||
"signing_kp": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "Signing Keypair",
|
||||
"description": "Keypair used to sign outgoing Responses going to the Service Provider."
|
||||
},
|
||||
"encryption_kp": {
|
||||
"type": "string",
|
||||
"format": "uuid",
|
||||
"title": "Encryption Keypair",
|
||||
"description": "When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key."
|
||||
},
|
||||
"sign_assertion": {
|
||||
"type": "boolean",
|
||||
"title": "Sign assertion"
|
||||
},
|
||||
"sign_logout_request": {
|
||||
"type": "boolean",
|
||||
"title": "Sign logout request"
|
||||
},
|
||||
"default_name_id_policy": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
||||
"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName",
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName",
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
|
||||
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
],
|
||||
"title": "Default name id policy"
|
||||
}
|
||||
},
|
||||
"required": []
|
||||
},
|
||||
"model_authentik_providers_ws_federation.wsfederationprovider_permissions": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"permission"
|
||||
],
|
||||
"properties": {
|
||||
"permission": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"add_wsfederationprovider",
|
||||
"change_wsfederationprovider",
|
||||
"delete_wsfederationprovider",
|
||||
"view_wsfederationprovider"
|
||||
]
|
||||
},
|
||||
"user": {
|
||||
"type": "integer"
|
||||
},
|
||||
"role": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"model_authentik_reports.dataexport": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@@ -8289,6 +8489,7 @@
|
||||
"authentik.enterprise.providers.radius",
|
||||
"authentik.enterprise.providers.scim",
|
||||
"authentik.enterprise.providers.ssf",
|
||||
"authentik.enterprise.providers.ws_federation",
|
||||
"authentik.enterprise.reports",
|
||||
"authentik.enterprise.search",
|
||||
"authentik.enterprise.stages.authenticator_endpoint_gdtc",
|
||||
@@ -8417,6 +8618,7 @@
|
||||
"authentik_providers_microsoft_entra.microsoftentraprovider",
|
||||
"authentik_providers_microsoft_entra.microsoftentraprovidermapping",
|
||||
"authentik_providers_ssf.ssfprovider",
|
||||
"authentik_providers_ws_federation.wsfederationprovider",
|
||||
"authentik_reports.dataexport",
|
||||
"authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage",
|
||||
"authentik_stages_mtls.mutualtlsstage",
|
||||
@@ -10929,6 +11131,10 @@
|
||||
"authentik_providers_ssf.view_ssfprovider",
|
||||
"authentik_providers_ssf.view_stream",
|
||||
"authentik_providers_ssf.view_streamevent",
|
||||
"authentik_providers_ws_federation.add_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.change_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.delete_wsfederationprovider",
|
||||
"authentik_providers_ws_federation.view_wsfederationprovider",
|
||||
"authentik_rbac.access_admin_interface",
|
||||
"authentik_rbac.add_initialpermissions",
|
||||
"authentik_rbac.add_role",
|
||||
|
||||
Reference in New Issue
Block a user