import { UserMatchingModeToLabel } from "@goauthentik/admin/sources/oauth/utils"; import { DEFAULT_CONFIG, config } from "@goauthentik/common/api/config"; import { first } from "@goauthentik/common/utils"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; import "@goauthentik/elements/utils/TimeDeltaHelp"; import { t } from "@lingui/macro"; import { TemplateResult, html } from "lit"; import { customElement, state } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { until } from "lit/directives/until.js"; import { BindingTypeEnum, CapabilitiesEnum, CryptoApi, DigestAlgorithmEnum, FlowsApi, FlowsInstancesListDesignationEnum, NameIdPolicyEnum, SAMLSource, SignatureAlgorithmEnum, SourcesApi, UserMatchingModeEnum, } from "@goauthentik/api"; @customElement("ak-source-saml-form") export class SAMLSourceForm extends ModelForm { @state() clearIcon = false; loadInstance(pk: string): Promise { return new SourcesApi(DEFAULT_CONFIG).sourcesSamlRetrieve({ slug: pk, }); } getSuccessMessage(): string { if (this.instance) { return t`Successfully updated source.`; } else { return t`Successfully created source.`; } } send = async (data: SAMLSource): Promise => { let source: SAMLSource; if (this.instance) { source = await new SourcesApi(DEFAULT_CONFIG).sourcesSamlUpdate({ slug: this.instance.slug, sAMLSourceRequest: data, }); } else { source = await new SourcesApi(DEFAULT_CONFIG).sourcesSamlCreate({ sAMLSourceRequest: data, }); } const c = await config(); if (c.capabilities.includes(CapabilitiesEnum.SaveMedia)) { const icon = this.getFormFiles()["icon"]; if (icon || this.clearIcon) { await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({ slug: source.slug, file: icon, clear: this.clearIcon, }); } } else { await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconUrlCreate({ slug: source.slug, filePathRequest: { url: data.icon || "", }, }); } return source; }; renderForm(): TemplateResult { return html`
 ${until( config().then((c) => { if (c.capabilities.includes(CapabilitiesEnum.SaveMedia)) { return html` ${this.instance?.icon ? html`

${t`Currently set to:`} ${this.instance?.icon}

` : html``} ${this.instance?.icon ? html`
{ const target = ev.target as HTMLInputElement; this.clearIcon = target.checked; }} />

${t`Delete currently set icon.`}

` : html``}`; } return html`

${t`Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".`}

`; }), )} ${t`Protocol settings`}

${t`URL that the initial Login request is sent to.`}

${t`Optional URL if the IDP supports Single-Logout.`}

${t`Also known as Entity ID. Defaults the Metadata URL.`}

${t`Keypair which is used to sign outgoing requests. Leave empty to disable signing.`}

${t`Advanced protocol settings`}

${t`Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.`}

${t`Path template for users created. Use placeholders like \`%(slug)s\` to insert the source slug.`}

${t`Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.`}

${t`Flow settings`}

${t`Flow used before authentication.`}

${t`Flow to use when authenticating existing users.`}

${t`Flow to use when enrolling new users.`}

`; } }