habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/integrations-all: convert authentik configuration to wizard (#13144)

Browse Source 
* init

* 6 more

* tana...

* quick reformat

* welp only time for one change

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Revert "wip"

This reverts commit e71f0d22e3f093350e8d12eaad5e5c0f9d38253c.

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* a
This commit is contained in:
Dominic R
2025-03-26 17:38:57 -04:00
committed by GitHub
parent 27aed4b315
commit 13fc216c68
93 changed files with 2248 additions and 2070 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
website/integrations/services/truecommand/index.md
View File

@ -25,86 +25,59 @@ The following placeholders are used in this guide:
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
:::
Create an application in authentik and use the slug for later as `truenas-truecommand`.
## authentik configuration
Create a SAML provider with the following parameters:
To support the integration of TrueCommand with authentik, you need to create an application/provider pair in authentik.
- ACS URL: `https://truecommand.company/saml/acs`
- Issuer: `truecommand-saml`
- Binding: `Post`
### Create property mappings
Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.
Under _Advanced protocol settings_, set NameID Property to _authentik default SAML Mapping: Email_.
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create create three or five **SAML Provider Property Mapping**s, depending on your setup, with the following settings:
- **Username Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: <kbd>unique_name</kbd>
- **Friendly Name**: Leave blank
- **Expression**: <kbd>return request.user.username</kbd>
- **Email Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: <kbd>email</kbd>
- **Friendly Name**: Leave blank
- **Expression**: <kbd>return request.user.email</kbd>
- **Name Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: <kbd>given_name</kbd> or <em>display_name</em>
- **Friendly Name**: Leave blank
- **Expression**: <kbd>return request.user.name</kbd>
- **Title Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: <kbd>title</kbd>
- **Friendly Name**: Leave blank
- **Expression**: <kbd>return [custom_attribute]</kbd>
- **Telephone Number Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: <kbd>telephone_number</kbd>
- **Friendly Name**: Leave blank
- **Expression**: <kbd>return [custom_attribute]</kbd>
## SAML Property Mappings
### Create an application and provider in authentik
The following custom property mappings are required.
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.)
Under _Customization_, select _Property Mappings_, then _Create_. Select _SAML Property Mapping_.
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later.
- **Choose a Provider type**: select **SAML Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the **ACS URL** to <kbd>https://<em>truecommand.company</em>/saml/acs</kbd>.
- Set the **Issuer** to <kbd>truecommand-saml</kbd>.
- Set the **Service Provider Binding** to `Post`.
- Under **Advanced protocol settings**, add the three or five **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to be based on the user's email. Finally, select an available signing certificate.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
### Username
3. Click **Submit** to save the new application and provider.
- Name: `Truecommand - Username`
- SAML Attribute Name: `unique_name`
- Expression
4. Navigate to **Applications** > **Providers** > **_Provider_**, then click **Copy download URL** to save the **metadata URL** to your clipboard.
```python
return request.user.username
```
### Email
- Name: `Truecommand - Email`
- SAML Attribute Name: `email`
- Expression
```python
return request.user.email
```
### Fullname
- Name: `Truecommand - Fullname`
- SAML Attribute Name: `given_name` OR `display_name`
- Expression
```python
return request.user.name
```
### Other Attributes
If you have custom attributes, or attributes imported from Active Directory, TrueCommand supports the following additional mappings:
#### Role
- Name: `Truecommand - Role`
- SAML Attribute Name: `title`
- Expression
```python
return [custom_attribute]
```
#### Phone Number
- Name: `Truecommand - Phone Number`
- SAML Attribute Name: `telephone_number`
- Expression
```python
return [custom_attribute]
```
Return to _Providers_ under _Applications_, and edit the Provider created above.
Under _Advanced protocol settings_, select the additional property mappings created above.
### SAML Metadata
Click the _Copy download URL_ to save the Metadata URL into your clipboard.
## TrueCommand Config
## TrueCommand configuration
- Click on the gear icon in the upper right corner.
- Select Administration