sources/saml: add Metadata API
This commit is contained in:
Jens Langhammer
parent
0478ae3da8
commit
d6fd2b0afa
|
|
@ -57,10 +57,10 @@ class SAMLProviderViewSet(ModelViewSet):
|
|||
|
||||
@swagger_auto_schema(responses={200: SAMLMetadataSerializer(many=False)})
|
||||
@action(methods=["GET"], detail=True)
|
||||
# pylint: disable=invalid-name
|
||||
# pylint: disable=invalid-name, unused-argument
|
||||
def metadata(self, request: Request, pk: int) -> Response:
|
||||
"""Return metadata as XML string"""
|
||||
provider = get_object_or_404(SAMLProvider, pk=pk)
|
||||
provider = self.get_object()
|
||||
try:
|
||||
metadata = DescriptorDownloadView.get_metadata(request, provider)
|
||||
return Response({"metadata": metadata})
|
||||
|
|
|
|||
|
|
@ -1,8 +1,14 @@
|
|||
"""SAMLSource API Views"""
|
||||
from drf_yasg2.utils import swagger_auto_schema
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
|
||||
from authentik.core.api.sources import SourceSerializer
|
||||
from authentik.providers.saml.api import SAMLMetadataSerializer
|
||||
from authentik.sources.saml.models import SAMLSource
|
||||
from authentik.sources.saml.processors.metadata import MetadataProcessor
|
||||
|
||||
|
||||
class SAMLSourceSerializer(SourceSerializer):
|
||||
|
|
@ -31,3 +37,12 @@ class SAMLSourceViewSet(ModelViewSet):
|
|||
queryset = SAMLSource.objects.all()
|
||||
serializer_class = SAMLSourceSerializer
|
||||
lookup_field = "slug"
|
||||
|
||||
@swagger_auto_schema(responses={200: SAMLMetadataSerializer(many=False)})
|
||||
@action(methods=["GET"], detail=True)
|
||||
# pylint: disable=unused-argument
|
||||
def metadata(self, request: Request, slug: str) -> Response:
|
||||
"""Return metadata as XML string"""
|
||||
source = self.get_object()
|
||||
metadata = MetadataProcessor(source, request).build_entity_descriptor()
|
||||
return Response({"metadata": metadata})
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
"""authentik SAML SP Forms"""
|
||||
|
||||
from django import forms
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from authentik.crypto.models import CertificateKeyPair
|
||||
from authentik.flows.models import Flow, FlowDesignation
|
||||
|
|
@ -51,3 +52,7 @@ class SAMLSourceForm(forms.ModelForm):
|
|||
"slo_url": forms.TextInput(),
|
||||
"temporary_user_delete_after": forms.TextInput(),
|
||||
}
|
||||
labels = {
|
||||
"name_id_policy": _("Name ID Policy"),
|
||||
"allow_idp_initiated": _("Allow IDP-initiated logins"),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,40 @@
|
|||
# Generated by Django 3.1.7 on 2021-03-01 09:49
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_sources_saml", "0008_auto_20201112_2016"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="samlsource",
|
||||
name="name_id_policy",
|
||||
field=models.TextField(
|
||||
choices=[
|
||||
("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "Email"),
|
||||
(
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
||||
"Persistent",
|
||||
),
|
||||
(
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName",
|
||||
"X509",
|
||||
),
|
||||
(
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName",
|
||||
"Windows",
|
||||
),
|
||||
(
|
||||
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
|
||||
"Transient",
|
||||
),
|
||||
],
|
||||
default="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
||||
help_text="NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.",
|
||||
),
|
||||
),
|
||||
]
|
||||
|
|
@ -79,7 +79,7 @@ class SAMLSource(Source):
|
|||
)
|
||||
name_id_policy = models.TextField(
|
||||
choices=SAMLNameIDPolicy.choices,
|
||||
default=SAMLNameIDPolicy.TRANSIENT,
|
||||
default=SAMLNameIDPolicy.PERSISTENT,
|
||||
help_text=_(
|
||||
"NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent."
|
||||
),
|
||||
|
|
|
|||
|
|
@ -90,4 +90,4 @@ class MetadataProcessor:
|
|||
self.http_request
|
||||
)
|
||||
|
||||
return tostring(entity_descriptor).decode()
|
||||
return tostring(entity_descriptor, pretty_print=True).decode()
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
# Generated by Django 3.1.7 on 2021-03-01 09:49
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
(
|
||||
"authentik_stages_authenticator_validate",
|
||||
"0003_authenticatorvalidatestage_device_classes",
|
||||
),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="authenticatorvalidatestage",
|
||||
name="not_configured_action",
|
||||
field=models.TextField(
|
||||
choices=[("skip", "Skip"), ("deny", "Deny")], default="skip"
|
||||
),
|
||||
),
|
||||
]
|
||||
20
swagger.yaml
20
swagger.yaml
|
|
@ -5571,6 +5571,26 @@ paths:
|
|||
type: string
|
||||
format: slug
|
||||
pattern: ^[-a-zA-Z0-9_]+$
|
||||
/sources/saml/{slug}/metadata/:
|
||||
get:
|
||||
operationId: sources_saml_metadata
|
||||
description: Return metadata as XML string
|
||||
parameters: []
|
||||
responses:
|
||||
'200':
|
||||
description: SAML Provider Metadata serializer
|
||||
schema:
|
||||
$ref: '#/definitions/SAMLMetadata'
|
||||
tags:
|
||||
- sources
|
||||
parameters:
|
||||
- name: slug
|
||||
in: path
|
||||
description: Internal source name, used in URLs.
|
||||
required: true
|
||||
type: string
|
||||
format: slug
|
||||
pattern: ^[-a-zA-Z0-9_]+$
|
||||
/stages/all/:
|
||||
get:
|
||||
operationId: stages_all_list
|
||||
|
|
|
|||
Reference in New Issue