28ddeb124f
* basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
59 lines
1.9 KiB
YAML
59 lines
1.9 KiB
YAML
version: 1
|
|
metadata:
|
|
labels:
|
|
blueprints.goauthentik.io/system: "true"
|
|
name: System - SCIM Provider - Mappings
|
|
entries:
|
|
- identifiers:
|
|
managed: goauthentik.io/providers/scim/user
|
|
model: authentik_providers_scim.scimmapping
|
|
attrs:
|
|
name: "authentik default SCIM Mapping: User"
|
|
expression: |
|
|
# Some implementations require givenName and familyName to be set
|
|
givenName, familyName = request.user.name, ""
|
|
# This default sets givenName to the name before the first space
|
|
# and the remainder as family name
|
|
# if the user's name has no space the givenName is the entire name
|
|
# (this might cause issues with some SCIM implementations)
|
|
if " " in request.user.name:
|
|
givenName, _, familyName = request.user.name.partition(" ")
|
|
|
|
# photos supports URLs to images, however authentik might return data URIs
|
|
avatar = request.user.avatar
|
|
photos = []
|
|
if "://" in avatar:
|
|
photos = [{"value": avatar, "type": "photo"}]
|
|
|
|
locale = request.user.locale()
|
|
if locale == "":
|
|
locale = None
|
|
|
|
emails = []
|
|
if request.user.email != "":
|
|
emails.append({
|
|
"value": request.user.email,
|
|
"type": "other",
|
|
"primary": True,
|
|
})
|
|
return {
|
|
"userName": request.user.username,
|
|
"name": {
|
|
"formatted": request.user.name,
|
|
"givenName": givenName,
|
|
"familyName": familyName,
|
|
},
|
|
"photos": photos,
|
|
"locale": locale,
|
|
"emails": emails,
|
|
}
|
|
- identifiers:
|
|
managed: goauthentik.io/providers/scim/group
|
|
model: authentik_providers_scim.scimmapping
|
|
attrs:
|
|
name: "authentik default SCIM Mapping: Group"
|
|
expression: |
|
|
return {
|
|
"displayName": group.name,
|
|
}
|