import "@goauthentik/admin/common/ak-crypto-certificate-search"; import "@goauthentik/admin/common/ak-flow-search/ak-flow-search"; import { BaseProviderForm } from "@goauthentik/admin/providers/BaseProviderForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import "@goauthentik/elements/forms/Radio"; import "@goauthentik/elements/forms/SearchSelect"; import "@goauthentik/elements/utils/TimeDeltaHelp"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { DigestAlgorithmEnum, FlowsInstancesListDesignationEnum, PaginatedSAMLPropertyMappingList, PropertymappingsApi, PropertymappingsSamlListRequest, ProvidersApi, SAMLPropertyMapping, SAMLProvider, SignatureAlgorithmEnum, SpBindingEnum, } from "@goauthentik/api"; @customElement("ak-provider-saml-form") export class SAMLProviderFormPage extends BaseProviderForm { loadInstance(pk: number): Promise { return new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({ id: pk, }); } async load(): Promise { this.propertyMappings = await new PropertymappingsApi( DEFAULT_CONFIG, ).propertymappingsSamlList({ ordering: "saml_name", }); } propertyMappings?: PaginatedSAMLPropertyMappingList; async send(data: SAMLProvider): Promise { if (this.instance) { return new ProvidersApi(DEFAULT_CONFIG).providersSamlUpdate({ id: this.instance.pk || 0, sAMLProviderRequest: data, }); } else { return new ProvidersApi(DEFAULT_CONFIG).providersSamlCreate({ sAMLProviderRequest: data, }); } } renderForm(): TemplateResult { return html`

${msg("Flow used when a user access this provider and is not authenticated.")}

${msg("Flow used when authorizing this provider.")}

${msg("Protocol settings")}

${msg("Also known as EntityID.")}

${msg( "Determines how authentik sends the response back to the Service Provider.", )}

${msg("Advanced protocol settings")}

${msg( "Certificate used to sign outgoing Responses going to the Service Provider.", )}

${msg( "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.", )}

${msg("Hold control/command to select multiple items.")}

=> { const args: PropertymappingsSamlListRequest = { ordering: "saml_name", }; if (query !== undefined) { args.search = query; } const items = await new PropertymappingsApi( DEFAULT_CONFIG, ).propertymappingsSamlList(args); return items.results; }} .renderElement=${(item: SAMLPropertyMapping): string => { return item.name; }} .value=${( item: SAMLPropertyMapping | undefined, ): string | undefined => { return item?.pk; }} .selected=${(item: SAMLPropertyMapping): boolean => { return this.instance?.nameIdMapping === item.pk; }} ?blankable=${true} >

${msg( "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected.", )}

${msg("Configure the maximum allowed time drift for an assertion.")}

${msg("Assertion not valid on or after current time + this value.")}

${msg("Session not valid on or after current time + this value.")}

${msg( "When using IDP-initiated logins, the relay state will be set to this value.", )}

`; } }