wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

WIP: feat(authentik-application): add saml support - WIP #5

Draft
wrenix wants to merge 1 commit from authentik-application/feat/saml into main
pull from: authentik-application/feat/saml
merge into: wrenix:main
Conversation 0 Commits 1 Files changed 4 +53 -3
4 changed files with 53 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authentik-application/Chart.yaml
View file

@ -2,5 +2,5 @@ apiVersion: v2
name: authentik-application
type: application
version: 0.3.5
version: 0.4.0
description: "A Chart to deploy a secret for the authentik blueprint-sidecar."

9
authentik-application/README.md
View file

@ -1,6 +1,6 @@
# authentik-application
![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
A Chart to deploy a secret for the authentik blueprint-sidecar.
@ -121,7 +121,12 @@ helm uninstall authentik-application-release
| blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) |
| blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) |
| blueprint.provider.proxy.skipPathRegex | string | `""` | |
| blueprint.provider.saml | string | `nil` | |
| blueprint.provider.saml.acsURL | string | `nil` | on nextcloud "/apps/user_saml/saml/acs"" |
| blueprint.provider.saml.audience | string | `nil` | on nextcloud "/apps/user_saml/saml/metadata" |
| blueprint.provider.saml.issuer | string | `nil` | default `blueprint.authentik.domain` with / at end |
| blueprint.provider.saml.propertyMappings | list | `[]` | |
| blueprint.provider.saml.serviceProviderBinding | string | `"redirect"` | or "post" (on nextcloud "post") |
| blueprint.provider.saml.singingCertificate | string | `nil` | |
| blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy |
| secret.labels | object | `{}` | label of secret to store generated secret |
| secret.name | string | `""` | name of secret to store generated secret (like clientI) |

34
authentik-application/files/provider/saml.yaml.gotmpl Normal file
View file

@ -0,0 +1,34 @@
{{/*
https://github.com/goauthentik/authentik/blob/main/authentik/providers/saml/models.py
*/}}
{{- with get . "root" }}
{{- $ := . }}
- model: .SAMLPropertyMapping
attrs:
saml_name:
friendly_name:
# ---
pm_uuid:
name:
expression:
- model: authentik_providers_saml.SAMLProvider
id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
identifiers:
name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
state: present
attrs:
{{- with .Values.blueprint.provider.saml }}
acs_url: {{ .acsURL | quote }}
issuer: {{ .issuer | default (printf "%s/" $.Values.blueprint.authentik.domain) | quote }}
sp_binding: {{ .serviceProviderBinding | quote }}
{{- with .audience }}
audience: {{ . | quote }}
{{- end }}
# signing_kp:
{{- end }}{{/* end with-saml */}}
{{- end }}{{/* end with of get-root */}}

11
authentik-application/values.yaml
View file

@ -30,6 +30,17 @@ blueprint:
# -- Scope
scopes:
saml:
# -- on nextcloud "/apps/user_saml/saml/acs""
acsURL:
# -- default `blueprint.authentik.domain` with / at end
issuer:
# -- or "post" (on nextcloud "post")
serviceProviderBinding: "redirect"
# -- on nextcloud "/apps/user_saml/saml/metadata"
audience:
singingCertificate:
propertyMappings: []
proxy:
externalHost:
skipPathRegex: ""