sources/saml: Basic support for EncryptedAssertion element. (#10099)

* source/saml: Updated backend for encrypted assertion support * source/saml: all lint-fix checks passed * source/saml: Used Optional type instead of union, on enc_key_descriptor type hint * source/saml: request_encrypted_assertion model field migration * source/saml: Added 'noqa' comment to type hint on encryption key descriptor * small fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool * sources/saml: Typo fix * re-create migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to release notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add improve error handling, add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated fix to radius path Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unrelated fix...sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-migrate Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2024-08-07 19:58:28 +02:00
parent 134caa9a47
commit 19c3f7dd80
17 changed files with 310 additions and 11 deletions
--- a/web/src/admin/common/ak-crypto-certificate-search.ts
+++ b/web/src/admin/common/ak-crypto-certificate-search.ts
@ -41,9 +41,8 @@ export class AkCryptoCertificateSearch extends CustomListenerElement(AKElement)
    name: string | null | undefined;

    /**
-     * Set to `true` if you want to find pairs that don't have a valid key. Of our 14 searches, 11
-     * require the key, 3 do not (as of 2023-08-01).
-     *
+     * Set to `true` to allow certificates without private key to show up. When set to `false`,
+     * a private key is not required to be set.
     * @attr
     */
    @property({ type: Boolean, attribute: "nokey" })