sources: add Kerberos (#10815)
* sources: introduce new property mappings per-user and group Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * sources/ldap: migrate to new property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix and make gen Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * web changes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * remove flatten for generic implem Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * rework migration Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * re-add field migration to property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * more migrations fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * easy fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrate to propertymappingmanager Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * ruff and small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * move mapping things into a separate class Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use using(db_alias) Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use built-in variable Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add release notes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix login reverse Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * refactor source flow manager matching Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * kerberos sync with mode matching Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fixup Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * finish frontend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Optimised images with calibre/image-actions * make web Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add test for internal password update Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix filter Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * switch to blueprints property mappings, improvements to frontend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * some more small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix reverse Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * properly deal with password changes signals Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * actually deal with it properly Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * blueprints: realm as group: make it non default Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * small fixes and improvements Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix title Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add password backend to default flow Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add troubleshooting Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix default flow pass backend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix flaky spnego tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * properly convert gssapi name to python str Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix unpickable types Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * make sure the last server token is returned to the client Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/developer-docs/setup/full-dev-environment.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * more docs review Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix missing library Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix missing library again Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix web import Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync v2 Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync v3 Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Marc 'risson' Schmitt
committed by
GitHub
GitHub
parent
d3ebfcaf2f
commit
d817c646bd
@ -6,6 +6,7 @@ import "@goauthentik/admin/property-mappings/PropertyMappingProviderRadiusForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderSAMLForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderSCIMForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderScopeForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceKerberosForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceLDAPForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceOAuthForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourcePlexForm";
|
||||
|
||||
@ -0,0 +1,40 @@
|
||||
import { BasePropertyMappingForm } from "@goauthentik/admin/property-mappings/BasePropertyMappingForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/elements/CodeMirror";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
|
||||
import { customElement } from "lit/decorators.js";
|
||||
|
||||
import { KerberosSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-property-mapping-source-kerberos-form")
|
||||
export class PropertyMappingSourceKerberosForm extends BasePropertyMappingForm<KerberosSourcePropertyMapping> {
|
||||
docLink(): string {
|
||||
return "/docs/sources/property-mappings/expressions?utm_source=authentik";
|
||||
}
|
||||
|
||||
loadInstance(pk: string): Promise<KerberosSourcePropertyMapping> {
|
||||
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceKerberosRetrieve({
|
||||
pmUuid: pk,
|
||||
});
|
||||
}
|
||||
|
||||
async send(data: KerberosSourcePropertyMapping): Promise<KerberosSourcePropertyMapping> {
|
||||
if (this.instance) {
|
||||
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceKerberosUpdate({
|
||||
pmUuid: this.instance.pk,
|
||||
kerberosSourcePropertyMappingRequest: data,
|
||||
});
|
||||
} else {
|
||||
return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceKerberosCreate({
|
||||
kerberosSourcePropertyMappingRequest: data,
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
declare global {
|
||||
interface HTMLElementTagNameMap {
|
||||
"ak-property-mapping-source-kerberos-form": PropertyMappingSourceKerberosForm;
|
||||
}
|
||||
}
|
||||
@ -6,6 +6,7 @@ import "@goauthentik/admin/property-mappings/PropertyMappingProviderRadiusForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderSAMLForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderSCIMForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingProviderScopeForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceKerberosForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceLDAPForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourceOAuthForm";
|
||||
import "@goauthentik/admin/property-mappings/PropertyMappingSourcePlexForm";
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
import "@goauthentik/admin/sources/SourceWizard";
|
||||
import "@goauthentik/admin/sources/kerberos/KerberosSourceForm";
|
||||
import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
|
||||
import "@goauthentik/admin/sources/plex/PlexSourceForm";
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import "@goauthentik/admin/sources/kerberos/KerberosSourceViewPage";
|
||||
import "@goauthentik/admin/sources/ldap/LDAPSourceViewPage";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceViewPage";
|
||||
import "@goauthentik/admin/sources/plex/PlexSourceViewPage";
|
||||
@ -36,6 +37,10 @@ export class SourceViewPage extends AKElement {
|
||||
return html`<ak-empty-state ?loading=${true} ?fullHeight=${true}></ak-empty-state>`;
|
||||
}
|
||||
switch (this.source?.component) {
|
||||
case "ak-source-kerberos-form":
|
||||
return html`<ak-source-kerberos-view
|
||||
sourceSlug=${this.source.slug}
|
||||
></ak-source-kerberos-view>`;
|
||||
case "ak-source-ldap-form":
|
||||
return html`<ak-source-ldap-view
|
||||
sourceSlug=${this.source.slug}
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import "@goauthentik/admin/sources/kerberos/KerberosSourceForm";
|
||||
import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
|
||||
import "@goauthentik/admin/sources/plex/PlexSourceForm";
|
||||
|
||||
39
web/src/admin/sources/kerberos/KerberosSourceConnectivity.ts
Normal file
39
web/src/admin/sources/kerberos/KerberosSourceConnectivity.ts
Normal file
@ -0,0 +1,39 @@
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFList from "@patternfly/patternfly/components/List/list.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
@customElement("ak-source-kerberos-connectivity")
|
||||
export class KerberosSourceConnectivity extends AKElement {
|
||||
@property()
|
||||
connectivity?: {
|
||||
[key: string]: {
|
||||
[key: string]: string;
|
||||
};
|
||||
};
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFList];
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
if (!this.connectivity) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ul class="pf-c-list">
|
||||
${Object.keys(this.connectivity).map((serverKey) => {
|
||||
return html`<li>${serverKey}: ${this.connectivity![serverKey]}</li>`;
|
||||
})}
|
||||
</ul>`;
|
||||
}
|
||||
}
|
||||
|
||||
declare global {
|
||||
interface HTMLElementTagNameMap {
|
||||
"ak-source-kerberos-connectivity": KerberosSourceConnectivity;
|
||||
}
|
||||
}
|
||||
456
web/src/admin/sources/kerberos/KerberosSourceForm.ts
Normal file
456
web/src/admin/sources/kerberos/KerberosSourceForm.ts
Normal file
@ -0,0 +1,456 @@
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-source-flow-search";
|
||||
import { iconHelperText, placeholderHelperText } from "@goauthentik/admin/helperText";
|
||||
import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm";
|
||||
import {
|
||||
GroupMatchingModeToLabel,
|
||||
UserMatchingModeToLabel,
|
||||
} from "@goauthentik/admin/sources/oauth/utils";
|
||||
import { DEFAULT_CONFIG, config } from "@goauthentik/common/api/config";
|
||||
import { first } from "@goauthentik/common/utils";
|
||||
import "@goauthentik/components/ak-switch-input";
|
||||
import "@goauthentik/components/ak-text-input";
|
||||
import "@goauthentik/components/ak-textarea-input";
|
||||
import {
|
||||
CapabilitiesEnum,
|
||||
WithCapabilitiesConfig,
|
||||
} from "@goauthentik/elements/Interface/capabilitiesProvider";
|
||||
import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js";
|
||||
import { DualSelectPair } from "@goauthentik/elements/ak-dual-select/types.js";
|
||||
import "@goauthentik/elements/forms/FormGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import {
|
||||
FlowsInstancesListDesignationEnum,
|
||||
GroupMatchingModeEnum,
|
||||
KerberosSource,
|
||||
KerberosSourcePropertyMapping,
|
||||
KerberosSourceRequest,
|
||||
PropertymappingsApi,
|
||||
SourcesApi,
|
||||
UserMatchingModeEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
async function propertyMappingsProvider(page = 1, search = "") {
|
||||
const propertyMappings = await new PropertymappingsApi(
|
||||
DEFAULT_CONFIG,
|
||||
).propertymappingsSourceKerberosList({
|
||||
ordering: "managed",
|
||||
pageSize: 20,
|
||||
search: search.trim(),
|
||||
page,
|
||||
});
|
||||
|
||||
return {
|
||||
pagination: propertyMappings.pagination,
|
||||
options: propertyMappings.results.map((m) => [m.pk, m.name, m.name, m]),
|
||||
};
|
||||
}
|
||||
|
||||
function makePropertyMappingsSelector(object: string, instanceMappings?: string[]) {
|
||||
const localMappings = instanceMappings ? new Set(instanceMappings) : undefined;
|
||||
return localMappings
|
||||
? ([pk, _]: DualSelectPair) => localMappings.has(pk)
|
||||
: ([_0, _1, _2, mapping]: DualSelectPair<KerberosSourcePropertyMapping>) =>
|
||||
object == "user" &&
|
||||
mapping?.managed?.startsWith("goauthentik.io/sources/kerberos/user/default/");
|
||||
}
|
||||
|
||||
@customElement("ak-source-kerberos-form")
|
||||
export class KerberosSourceForm extends WithCapabilitiesConfig(BaseSourceForm<KerberosSource>) {
|
||||
async loadInstance(pk: string): Promise<KerberosSource> {
|
||||
const source = await new SourcesApi(DEFAULT_CONFIG).sourcesKerberosRetrieve({
|
||||
slug: pk,
|
||||
});
|
||||
this.clearIcon = false;
|
||||
return source;
|
||||
}
|
||||
|
||||
@state()
|
||||
clearIcon = false;
|
||||
|
||||
async send(data: KerberosSource): Promise<KerberosSource> {
|
||||
let source: KerberosSource;
|
||||
if (this.instance) {
|
||||
source = await new SourcesApi(DEFAULT_CONFIG).sourcesKerberosPartialUpdate({
|
||||
slug: this.instance.slug,
|
||||
patchedKerberosSourceRequest: data,
|
||||
});
|
||||
} else {
|
||||
source = await new SourcesApi(DEFAULT_CONFIG).sourcesKerberosCreate({
|
||||
kerberosSourceRequest: data as unknown as KerberosSourceRequest,
|
||||
});
|
||||
}
|
||||
const c = await config();
|
||||
if (c.capabilities.includes(CapabilitiesEnum.CanSaveMedia)) {
|
||||
const icon = this.getFormFiles()["icon"];
|
||||
if (icon || this.clearIcon) {
|
||||
await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({
|
||||
slug: source.slug,
|
||||
file: icon,
|
||||
clear: this.clearIcon,
|
||||
});
|
||||
}
|
||||
} else {
|
||||
await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconUrlCreate({
|
||||
slug: source.slug,
|
||||
filePathRequest: {
|
||||
url: data.icon || "",
|
||||
},
|
||||
});
|
||||
}
|
||||
return source;
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html` <ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(this.instance?.name)}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="slug"
|
||||
label=${msg("Slug")}
|
||||
value=${ifDefined(this.instance?.slug)}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-switch-input
|
||||
name="enabled"
|
||||
?checked=${first(this.instance?.enabled, true)}
|
||||
label=${msg("Enabled")}
|
||||
></ak-switch-input>
|
||||
<ak-switch-input
|
||||
name="passwordLoginUpdateInternalPassword"
|
||||
?checked=${first(this.instance?.passwordLoginUpdateInternalPassword, false)}
|
||||
label=${msg("Update internal password on login")}
|
||||
help=${msg(
|
||||
"When the user logs in to authentik using this source password backend, update their credentials in authentik.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
<ak-switch-input
|
||||
name="syncUsers"
|
||||
?checked=${first(this.instance?.syncUsers, true)}
|
||||
label=${msg("Sync users")}
|
||||
></ak-switch-input>
|
||||
<ak-switch-input
|
||||
name="syncUsersPassword"
|
||||
?checked=${first(this.instance?.syncUsersPassword, true)}
|
||||
label=${msg("User password writeback")}
|
||||
help=${msg(
|
||||
"Enable this option to write password changes made in authentik back to Kerberos. Ignored if sync is disabled.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Realm settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="realm"
|
||||
label=${msg("Realm")}
|
||||
value=${ifDefined(this.instance?.realm)}
|
||||
placeholder="AUTHENTIK.COMPANY"
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-textarea-input
|
||||
name="krb5Conf"
|
||||
label=${msg("Kerberos 5 configuration")}
|
||||
value=${ifDefined(this.instance?.krb5Conf)}
|
||||
help=${msg(
|
||||
"Kerberos 5 configuration. See man krb5.conf(5) for configuration format. If left empty, a default krb5.conf will be used.",
|
||||
)}
|
||||
></ak-textarea-input>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("User matching mode")}
|
||||
?required=${true}
|
||||
name="userMatchingMode"
|
||||
>
|
||||
<select class="pf-c-form-control">
|
||||
<option
|
||||
value=${UserMatchingModeEnum.Identifier}
|
||||
?selected=${this.instance?.userMatchingMode ===
|
||||
UserMatchingModeEnum.Identifier}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.Identifier)}
|
||||
</option>
|
||||
<option
|
||||
value=${UserMatchingModeEnum.EmailLink}
|
||||
?selected=${this.instance?.userMatchingMode ===
|
||||
UserMatchingModeEnum.EmailLink}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.EmailLink)}
|
||||
</option>
|
||||
<option
|
||||
value=${UserMatchingModeEnum.EmailDeny}
|
||||
?selected=${this.instance?.userMatchingMode ===
|
||||
UserMatchingModeEnum.EmailDeny}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.EmailDeny)}
|
||||
</option>
|
||||
<option
|
||||
value=${UserMatchingModeEnum.UsernameLink}
|
||||
?selected=${this.instance?.userMatchingMode ===
|
||||
UserMatchingModeEnum.UsernameLink}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.UsernameLink)}
|
||||
</option>
|
||||
<option
|
||||
value=${UserMatchingModeEnum.UsernameDeny}
|
||||
?selected=${this.instance?.userMatchingMode ===
|
||||
UserMatchingModeEnum.UsernameDeny}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.UsernameDeny)}
|
||||
</option>
|
||||
</select>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Group matching mode")}
|
||||
?required=${true}
|
||||
name="groupMatchingMode"
|
||||
>
|
||||
<select class="pf-c-form-control">
|
||||
<option
|
||||
value=${GroupMatchingModeEnum.Identifier}
|
||||
?selected=${this.instance?.groupMatchingMode ===
|
||||
GroupMatchingModeEnum.Identifier}
|
||||
>
|
||||
${UserMatchingModeToLabel(UserMatchingModeEnum.Identifier)}
|
||||
</option>
|
||||
<option
|
||||
value=${GroupMatchingModeEnum.NameLink}
|
||||
?selected=${this.instance?.groupMatchingMode ===
|
||||
GroupMatchingModeEnum.NameLink}
|
||||
>
|
||||
${GroupMatchingModeToLabel(GroupMatchingModeEnum.NameLink)}
|
||||
</option>
|
||||
<option
|
||||
value=${GroupMatchingModeEnum.NameDeny}
|
||||
?selected=${this.instance?.groupMatchingMode ===
|
||||
GroupMatchingModeEnum.NameDeny}
|
||||
>
|
||||
${GroupMatchingModeToLabel(GroupMatchingModeEnum.NameDeny)}
|
||||
</option>
|
||||
</select>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group .expanded=${false}>
|
||||
<span slot="header"> ${msg("Sync connection settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="syncPrincipal"
|
||||
label=${msg("Sync principal")}
|
||||
value=${ifDefined(this.instance?.syncPrincipal)}
|
||||
help=${msg("Principal used to authenticate to the KDC for syncing.")}
|
||||
></ak-text-input>
|
||||
<ak-form-element-horizontal
|
||||
name="syncPassword"
|
||||
label=${msg("Sync password")}
|
||||
?writeOnly=${this.instance !== undefined}
|
||||
>
|
||||
<input type="text" value="" class="pf-c-form-control" />
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Password used to authenticate to the KDC for syncing. Optional if Sync keytab or Sync credentials cache is provided.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
name="syncKeytab"
|
||||
label=${msg("Sync keytab")}
|
||||
?writeOnly=${this.instance !== undefined}
|
||||
>
|
||||
<textarea class="pf-c-form-control"></textarea>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Keytab used to authenticate to the KDC for syncing. Optional if Sync password or Sync credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-text-input
|
||||
name="syncCcache"
|
||||
label=${msg("Sync credentials cache")}
|
||||
value=${ifDefined(this.instance?.syncCcache)}
|
||||
help=${msg(
|
||||
"Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.",
|
||||
)}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group .expanded=${false}>
|
||||
<span slot="header"> ${msg("SPNEGO settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="spnegoServerName"
|
||||
label=${msg("SPNEGO server name")}
|
||||
value=${ifDefined(this.instance?.spnegoServerName)}
|
||||
help=${msg(
|
||||
"Force the use of a specific server name for SPNEGO. Must be in the form HTTP@domain",
|
||||
)}
|
||||
></ak-text-input>
|
||||
<ak-form-element-horizontal
|
||||
name="spnegoKeytab"
|
||||
label=${msg("SPNEGO keytab")}
|
||||
?writeOnly=${this.instance !== undefined}
|
||||
>
|
||||
<textarea class="pf-c-form-control"></textarea>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Keytab used for SPNEGO. Optional if SPNEGO credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-text-input
|
||||
name="spnegoCcache"
|
||||
label=${msg("SPNEGO credentials cache")}
|
||||
value=${ifDefined(this.instance?.spnegoCcache)}
|
||||
help=${msg(
|
||||
"Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.",
|
||||
)}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group ?expanded=${false}>
|
||||
<span slot="header"> ${msg("Kerberos Attribute mapping")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("User Property Mappings")}
|
||||
name="userPropertyMappings"
|
||||
>
|
||||
<ak-dual-select-dynamic-selected
|
||||
.provider=${propertyMappingsProvider}
|
||||
.selector=${makePropertyMappingsSelector(
|
||||
"user",
|
||||
this.instance?.userPropertyMappings,
|
||||
)}
|
||||
available-label="${msg("Available User Property Mappings")}"
|
||||
selected-label="${msg("Selected User Property Mappings")}"
|
||||
></ak-dual-select-dynamic-selected>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings for user creation.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Group Property Mappings")}
|
||||
name="groupPropertyMappings"
|
||||
>
|
||||
<ak-dual-select-dynamic-selected
|
||||
.provider=${propertyMappingsProvider}
|
||||
.selector=${makePropertyMappingsSelector(
|
||||
"group",
|
||||
this.instance?.groupPropertyMappings,
|
||||
)}
|
||||
available-label="${msg("Available Group Property Mappings")}"
|
||||
selected-label="${msg("Selected Group Property Mappings")}"
|
||||
></ak-dual-select-dynamic-selected>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings for group creation.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Flow settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
name="authenticationFlow"
|
||||
>
|
||||
<ak-source-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${this.instance?.authenticationFlow}
|
||||
.instanceId=${this.instance?.pk}
|
||||
fallback="default-source-authentication"
|
||||
></ak-source-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow to use when authenticating existing users.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Enrollment flow")}
|
||||
name="enrollmentFlow"
|
||||
>
|
||||
<ak-source-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Enrollment}
|
||||
.currentFlow=${this.instance?.enrollmentFlow}
|
||||
.instanceId=${this.instance?.pk}
|
||||
fallback="default-source-enrollment"
|
||||
></ak-source-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow to use when enrolling new users.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Additional settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="userPathTemplate"
|
||||
label=${msg("User path")}
|
||||
value=${first(
|
||||
this.instance?.userPathTemplate,
|
||||
"goauthentik.io/sources/%(slug)s",
|
||||
)}
|
||||
help=${placeholderHelperText}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
${this.can(CapabilitiesEnum.CanSaveMedia)
|
||||
? html`<ak-form-element-horizontal label=${msg("Icon")} name="icon">
|
||||
<input type="file" value="" class="pf-c-form-control" />
|
||||
${this.instance?.icon
|
||||
? html`
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Currently set to:")} ${this.instance?.icon}
|
||||
</p>
|
||||
`
|
||||
: html``}
|
||||
</ak-form-element-horizontal>
|
||||
${this.instance?.icon
|
||||
? html`
|
||||
<ak-form-element-horizontal>
|
||||
<label class="pf-c-switch">
|
||||
<input
|
||||
class="pf-c-switch__input"
|
||||
type="checkbox"
|
||||
@change=${(ev: Event) => {
|
||||
const target = ev.target as HTMLInputElement;
|
||||
this.clearIcon = target.checked;
|
||||
}}
|
||||
/>
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label">
|
||||
${msg("Clear icon")}
|
||||
</span>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Delete currently set icon.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
`
|
||||
: html``}`
|
||||
: html`<ak-form-element-horizontal label=${msg("Icon")} name="icon">
|
||||
<input
|
||||
type="text"
|
||||
value="${first(this.instance?.icon, "")}"
|
||||
class="pf-c-form-control"
|
||||
/>
|
||||
<p class="pf-c-form__helper-text">${iconHelperText}</p>
|
||||
</ak-form-element-horizontal>`}
|
||||
</ak-form-group>`;
|
||||
}
|
||||
}
|
||||
|
||||
declare global {
|
||||
interface HTMLElementTagNameMap {
|
||||
"ak-source-kerberos-form": KerberosSourceForm;
|
||||
}
|
||||
}
|
||||
213
web/src/admin/sources/kerberos/KerberosSourceViewPage.ts
Normal file
213
web/src/admin/sources/kerberos/KerberosSourceViewPage.ts
Normal file
@ -0,0 +1,213 @@
|
||||
import "@goauthentik/admin/rbac/ObjectPermissionsPage";
|
||||
import "@goauthentik/admin/sources/kerberos/KerberosSourceConnectivity";
|
||||
import "@goauthentik/admin/sources/kerberos/KerberosSourceForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
import MDSourceKerberosBrowser from "@goauthentik/docs/users-sources/sources/protocols/kerberos/browser.md";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import "@goauthentik/elements/CodeMirror";
|
||||
import "@goauthentik/elements/Markdown";
|
||||
import "@goauthentik/elements/SyncStatusCard";
|
||||
import "@goauthentik/elements/Tabs";
|
||||
import "@goauthentik/elements/buttons/ActionButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFList from "@patternfly/patternfly/components/List/list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import {
|
||||
KerberosSource,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
SyncStatus,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-kerberos-view")
|
||||
export class KerberosSourceViewPage extends AKElement {
|
||||
@property({ type: String })
|
||||
set sourceSlug(slug: string) {
|
||||
new SourcesApi(DEFAULT_CONFIG)
|
||||
.sourcesKerberosRetrieve({
|
||||
slug: slug,
|
||||
})
|
||||
.then((source) => {
|
||||
this.source = source;
|
||||
});
|
||||
}
|
||||
|
||||
@property({ attribute: false })
|
||||
source!: KerberosSource;
|
||||
|
||||
@state()
|
||||
syncState?: SyncStatus;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFPage, PFButton, PFGrid, PFContent, PFCard, PFDescriptionList, PFList];
|
||||
}
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
this.addEventListener(EVENT_REFRESH, () => {
|
||||
if (!this.source?.slug) return;
|
||||
this.sourceSlug = this.source?.slug;
|
||||
});
|
||||
}
|
||||
|
||||
load(): void {
|
||||
new SourcesApi(DEFAULT_CONFIG)
|
||||
.sourcesKerberosSyncStatusRetrieve({
|
||||
slug: this.source.slug,
|
||||
})
|
||||
.then((state) => {
|
||||
this.syncState = state;
|
||||
});
|
||||
}
|
||||
|
||||
renderSyncCards(): TemplateResult {
|
||||
if (!this.source.syncUsers) {
|
||||
return html``;
|
||||
}
|
||||
return html`
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-2-col">
|
||||
<div class="pf-c-card__title">
|
||||
<p>${msg("Connectivity")}</p>
|
||||
</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-source-kerberos-connectivity
|
||||
.connectivity=${this.source.connectivity}
|
||||
></ak-source-kerberos-connectivity>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-l-grid__item pf-m-10-col">
|
||||
<ak-sync-status-card
|
||||
.fetch=${() => {
|
||||
return new SourcesApi(DEFAULT_CONFIG).sourcesKerberosSyncStatusRetrieve({
|
||||
slug: this.source?.slug,
|
||||
});
|
||||
}}
|
||||
.triggerSync=${() => {
|
||||
return new SourcesApi(DEFAULT_CONFIG).sourcesKerberosPartialUpdate({
|
||||
slug: this.source?.slug || "",
|
||||
patchedKerberosSourceRequest: {},
|
||||
});
|
||||
}}
|
||||
></ak-sync-status-card>
|
||||
</div>
|
||||
`;
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
if (!this.source) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ak-tabs>
|
||||
<section
|
||||
slot="page-overview"
|
||||
data-tab-title="${msg("Overview")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
@activate=${() => {
|
||||
this.load();
|
||||
}}
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list pf-m-2-col-on-lg">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Name")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
${this.source.name}
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Realm")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
${this.source.realm}
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="pf-c-card__footer">
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Kerberos Source")} </span>
|
||||
<ak-source-kerberos-form
|
||||
slot="form"
|
||||
.instancePk=${this.source.slug}
|
||||
>
|
||||
</ak-source-kerberos-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Edit")}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
</div>
|
||||
</div>
|
||||
${this.renderSyncCards()}
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-markdown
|
||||
.md=${MDSourceKerberosBrowser}
|
||||
meta="users-sources/protocols/kerberos/browser.md"
|
||||
;
|
||||
></ak-markdown>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<section
|
||||
slot="page-changelog"
|
||||
data-tab-title="${msg("Changelog")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-object-changelog
|
||||
targetModelPk=${this.source.pk || ""}
|
||||
targetModelApp="authentik_sources_kerberos"
|
||||
targetModelName="kerberossource"
|
||||
>
|
||||
</ak-object-changelog>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesKerberosKerberossource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
declare global {
|
||||
interface HTMLElementTagNameMap {
|
||||
"ak-source-kerberos-view": KerberosSourceViewPage;
|
||||
}
|
||||
}
|
||||
@ -66,6 +66,10 @@ export class PasswordStageForm extends BaseStageForm<PasswordStage> {
|
||||
name: BackendsEnum.SourcesLdapAuthLdapBackend,
|
||||
label: msg("User database + LDAP password"),
|
||||
},
|
||||
{
|
||||
name: BackendsEnum.SourcesKerberosAuthKerberosBackend,
|
||||
label: msg("User database + Kerberos password"),
|
||||
},
|
||||
];
|
||||
|
||||
return html` <span>
|
||||
|
||||
Reference in New Issue
Block a user