import "@goauthentik/admin/common/ak-crypto-certificate-search"; import "@goauthentik/admin/common/ak-flow-search/ak-source-flow-search"; import { iconHelperText, placeholderHelperText } from "@goauthentik/admin/helperText"; import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm"; import { GroupMatchingModeToLabel, UserMatchingModeToLabel, } from "@goauthentik/admin/sources/oauth/utils"; import { DEFAULT_CONFIG, config } from "@goauthentik/common/api/config"; import { CapabilitiesEnum, WithCapabilitiesConfig, } from "@goauthentik/elements/Interface/capabilitiesProvider"; import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import "@goauthentik/elements/forms/Radio"; import "@goauthentik/elements/utils/TimeDeltaHelp"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement, state } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { BindingTypeEnum, DigestAlgorithmEnum, FlowsInstancesListDesignationEnum, GroupMatchingModeEnum, NameIdPolicyEnum, SAMLSource, SignatureAlgorithmEnum, SourcesApi, UserMatchingModeEnum, } from "@goauthentik/api"; import { propertyMappingsProvider, propertyMappingsSelector } from "./SAMLSourceFormHelpers.js"; @customElement("ak-source-saml-form") export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm) { @state() clearIcon = false; async loadInstance(pk: string): Promise { const source = await new SourcesApi(DEFAULT_CONFIG).sourcesSamlRetrieve({ slug: pk, }); this.clearIcon = false; return source; } async send(data: SAMLSource): Promise { let source: SAMLSource; if (this.instance) { source = await new SourcesApi(DEFAULT_CONFIG).sourcesSamlUpdate({ slug: this.instance.slug, sAMLSourceRequest: data, }); } else { source = await new SourcesApi(DEFAULT_CONFIG).sourcesSamlCreate({ sAMLSourceRequest: data, }); } const c = await config(); if (c.capabilities.includes(CapabilitiesEnum.CanSaveMedia)) { const icon = this.getFormFiles().icon; if (icon || this.clearIcon) { await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({ slug: source.slug, file: icon, clear: this.clearIcon, }); } } else { await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconUrlCreate({ slug: source.slug, filePathRequest: { url: data.icon || "", }, }); } return source; } renderForm(): TemplateResult { return html` ${this.can(CapabilitiesEnum.CanSaveMedia) ? html` ${this.instance?.icon ? html`

${msg("Currently set to:")} ${this.instance?.icon}

` : html``} ${this.instance?.icon ? html`

${msg("Delete currently set icon.")}

` : html``}` : html`

${iconHelperText}

`} ${msg("Protocol settings")}

${msg("URL that the initial Login request is sent to.")}

${msg("Optional URL if the IDP supports Single-Logout.")}

${msg("Also known as Entity ID. Defaults the Metadata URL.")}

${msg( "Keypair which is used to sign outgoing requests. Leave empty to disable signing.", )}

${msg( "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.", )}

${msg("Advanced protocol settings")}

${msg( "Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.", )}

${placeholderHelperText}

${msg( "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.", )}

${msg( "When selected, encrypted assertions will be decrypted using this keypair.", )}

${msg("SAML Attribute mapping")}

${msg("Property mappings for user creation.")}

${msg("Property mappings for group creation.")}

${msg("Flow settings")}

${msg("Flow used before authentication.")}

${msg("Flow to use when authenticating existing users.")}

${msg("Flow to use when enrolling new users.")}

`; } } declare global { interface HTMLElementTagNameMap { "ak-source-saml-form": SAMLSourceForm; } }