diff --git a/authentik-application/Chart.yaml b/authentik-application/Chart.yaml index c90e1c7..0314fb2 100644 --- a/authentik-application/Chart.yaml +++ b/authentik-application/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: authentik-application type: application -version: 0.3.5 +version: 0.4.0 description: "A Chart to deploy a secret for the authentik blueprint-sidecar." diff --git a/authentik-application/README.md b/authentik-application/README.md index 8157f8b..4b8deff 100644 --- a/authentik-application/README.md +++ b/authentik-application/README.md @@ -1,6 +1,6 @@ # authentik-application -![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A Chart to deploy a secret for the authentik blueprint-sidecar. @@ -121,7 +121,12 @@ helm uninstall authentik-application-release | blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) | | blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) | | blueprint.provider.proxy.skipPathRegex | string | `""` | | -| blueprint.provider.saml | string | `nil` | | +| blueprint.provider.saml.acsURL | string | `nil` | on nextcloud "/apps/user_saml/saml/acs"" | +| blueprint.provider.saml.audience | string | `nil` | on nextcloud "/apps/user_saml/saml/metadata" | +| blueprint.provider.saml.issuer | string | `nil` | default `blueprint.authentik.domain` with / at end | +| blueprint.provider.saml.propertyMappings | list | `[]` | | +| blueprint.provider.saml.serviceProviderBinding | string | `"redirect"` | or "post" (on nextcloud "post") | +| blueprint.provider.saml.singingCertificate | string | `nil` | | | blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy | | secret.labels | object | `{}` | label of secret to store generated secret | | secret.name | string | `""` | name of secret to store generated secret (like clientI) | diff --git a/authentik-application/files/provider/saml.yaml.gotmpl b/authentik-application/files/provider/saml.yaml.gotmpl new file mode 100644 index 0000000..a66b81a --- /dev/null +++ b/authentik-application/files/provider/saml.yaml.gotmpl @@ -0,0 +1,34 @@ +{{/* + https://github.com/goauthentik/authentik/blob/main/authentik/providers/saml/models.py +*/}} +{{- with get . "root" }} +{{- $ := . }} + +- model: .SAMLPropertyMapping + attrs: + saml_name: + friendly_name: + # --- + pm_uuid: + name: + expression: + +- model: authentik_providers_saml.SAMLProvider + id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }} + identifiers: + name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }} + state: present + attrs: + {{- with .Values.blueprint.provider.saml }} + acs_url: {{ .acsURL | quote }} + issuer: {{ .issuer | default (printf "%s/" $.Values.blueprint.authentik.domain) | quote }} + sp_binding: {{ .serviceProviderBinding | quote }} + + {{- with .audience }} + audience: {{ . | quote }} + {{- end }} + + # signing_kp: + + {{- end }}{{/* end with-saml */}} +{{- end }}{{/* end with of get-root */}} diff --git a/authentik-application/values.yaml b/authentik-application/values.yaml index b632d61..8e86ae9 100644 --- a/authentik-application/values.yaml +++ b/authentik-application/values.yaml @@ -30,6 +30,17 @@ blueprint: # -- Scope scopes: saml: + # -- on nextcloud "/apps/user_saml/saml/acs"" + acsURL: + # -- default `blueprint.authentik.domain` with / at end + issuer: + # -- or "post" (on nextcloud "post") + serviceProviderBinding: "redirect" + # -- on nextcloud "/apps/user_saml/saml/metadata" + audience: + singingCertificate: + propertyMappings: [] + proxy: externalHost: skipPathRegex: ""