Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-09-26 23:13:48 +02:00
parent 16bc7408e7
commit 10d76fa4f1
No known key found for this signature in database
6 changed files with 121 additions and 5 deletions

View file

@ -17,7 +17,7 @@
"kubernetes",
"sso",
"slo",
"scim"
"scim",
],
"python.linting.pylintEnabled": true,
"todo-tree.tree.showCountsInTree": true,

View file

@ -83,8 +83,8 @@ INSTALLED_APPS = [
"authentik.sources.plex",
"authentik.sources.saml",
"authentik.sources.scim",
"authentik.stages.authenticator_duo",
"authentik.stages.authenticator",
"authentik.stages.authenticator_duo",
"authentik.stages.authenticator_sms",
"authentik.stages.authenticator_static",
"authentik.stages.authenticator_totp",

View file

@ -6,7 +6,7 @@ from rest_framework.viewsets import ModelViewSet
from authentik.core.api.sources import SourceSerializer
from authentik.core.api.tokens import TokenSerializer
from authentik.core.api.used_by import UsedByMixin
from authentik.core.models import USER_ATTRIBUTE_SA, Token, TokenIntents, User
from authentik.core.models import Token, TokenIntents, User, UserTypes
from authentik.sources.scim.models import SCIMSource
@ -32,7 +32,7 @@ class SCIMSourceSerializer(SourceSerializer):
user = User.objects.create(
username=identifier,
name=f"SCIM Source {instance.name} Service-Account",
attributes={USER_ATTRIBUTE_SA: True},
type=UserTypes.SERVICE_ACCOUNT,
)
token = Token.objects.create(
user=user,

View file

@ -9,4 +9,3 @@ class AuthentikSourceSCIMConfig(AppConfig):
name = "authentik.sources.scim"
label = "authentik_sources_scim"
verbose_name = "authentik Sources.SCIM"
mountpoint = "source/scim/"

View file

@ -1521,6 +1521,43 @@
}
}
},
{
"type": "object",
"required": [
"model",
"identifiers"
],
"properties": {
"model": {
"const": "authentik_sources_scim.scimsource"
},
"id": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"absent",
"present",
"created",
"must_created"
],
"default": "present"
},
"conditions": {
"type": "array",
"items": {
"type": "boolean"
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_sources_scim.scimsource"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_sources_scim.scimsource"
}
}
},
{
"type": "object",
"required": [
@ -3452,6 +3489,7 @@
"authentik.sources.oauth",
"authentik.sources.plex",
"authentik.sources.saml",
"authentik.sources.scim",
"authentik.stages.authenticator",
"authentik.stages.authenticator_duo",
"authentik.stages.authenticator_sms",
@ -3527,6 +3565,7 @@
"authentik_sources_plex.plexsourceconnection",
"authentik_sources_saml.samlsource",
"authentik_sources_saml.usersamlsourceconnection",
"authentik_sources_scim.scimsource",
"authentik_stages_authenticator_duo.authenticatorduostage",
"authentik_stages_authenticator_duo.duodevice",
"authentik_stages_authenticator_sms.authenticatorsmsstage",
@ -5700,6 +5739,74 @@
},
"required": []
},
"model_authentik_sources_scim.scimsource": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"title": "Name",
"description": "Source's display Name."
},
"slug": {
"type": "string",
"maxLength": 50,
"minLength": 1,
"pattern": "^[-a-zA-Z0-9_]+$",
"title": "Slug",
"description": "Internal source name, used in URLs."
},
"enabled": {
"type": "boolean",
"title": "Enabled"
},
"authentication_flow": {
"type": "integer",
"title": "Authentication flow",
"description": "Flow to use when authenticating existing users."
},
"enrollment_flow": {
"type": "integer",
"title": "Enrollment flow",
"description": "Flow to use when enrolling new users."
},
"policy_engine_mode": {
"type": "string",
"enum": [
"all",
"any"
],
"title": "Policy engine mode"
},
"user_matching_mode": {
"type": "string",
"enum": [
"identifier",
"email_link",
"email_deny",
"username_link",
"username_deny"
],
"title": "User matching mode",
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
},
"user_path_template": {
"type": "string",
"minLength": 1,
"title": "User path template"
},
"icon": {
"type": "string",
"minLength": 1,
"title": "Icon"
},
"token": {
"type": "integer",
"title": "Token"
}
},
"required": []
},
"model_authentik_stages_authenticator_duo.authenticatorduostage": {
"type": "object",
"properties": {

View file

@ -27809,6 +27809,7 @@ components:
- authentik.sources.oauth
- authentik.sources.plex
- authentik.sources.saml
- authentik.sources.scim
- authentik.stages.authenticator
- authentik.stages.authenticator_duo
- authentik.stages.authenticator_sms
@ -27860,6 +27861,7 @@ components:
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.sources.scim` - authentik Sources.SCIM
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
@ -30611,6 +30613,7 @@ components:
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.sources.scim` - authentik Sources.SCIM
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
@ -30682,6 +30685,7 @@ components:
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_sources_scim.scimsource` - SCIM Source
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
@ -30807,6 +30811,7 @@ components:
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.sources.scim` - authentik Sources.SCIM
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
@ -30878,6 +30883,7 @@ components:
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_sources_scim.scimsource` - SCIM Source
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
@ -33181,6 +33187,7 @@ components:
- authentik_sources_plex.plexsourceconnection
- authentik_sources_saml.samlsource
- authentik_sources_saml.usersamlsourceconnection
- authentik_sources_scim.scimsource
- authentik_stages_authenticator_duo.authenticatorduostage
- authentik_stages_authenticator_duo.duodevice
- authentik_stages_authenticator_sms.authenticatorsmsstage
@ -33257,6 +33264,7 @@ components:
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_sources_scim.scimsource` - SCIM Source
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
@ -36253,6 +36261,7 @@ components:
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.sources.scim` - authentik Sources.SCIM
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
@ -36324,6 +36333,7 @@ components:
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_sources_scim.scimsource` - SCIM Source
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage