From 10d76fa4f1b95665f7fe3331d277f30cfe23acdb Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 26 Sep 2023 23:13:48 +0200 Subject: [PATCH] update Signed-off-by: Jens Langhammer --- .vscode/settings.json | 2 +- authentik/root/settings.py | 2 +- authentik/sources/scim/api.py | 4 +- authentik/sources/scim/apps.py | 1 - blueprints/schema.json | 107 +++++++++++++++++++++++++++++++++ schema.yml | 10 +++ 6 files changed, 121 insertions(+), 5 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index ab61102ba..e674c02b5 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -17,7 +17,7 @@ "kubernetes", "sso", "slo", - "scim" + "scim", ], "python.linting.pylintEnabled": true, "todo-tree.tree.showCountsInTree": true, diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 19b9cc07e..4988135e9 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -83,8 +83,8 @@ INSTALLED_APPS = [ "authentik.sources.plex", "authentik.sources.saml", "authentik.sources.scim", - "authentik.stages.authenticator_duo", "authentik.stages.authenticator", + "authentik.stages.authenticator_duo", "authentik.stages.authenticator_sms", "authentik.stages.authenticator_static", "authentik.stages.authenticator_totp", diff --git a/authentik/sources/scim/api.py b/authentik/sources/scim/api.py index e5ba4a495..645eb07c0 100644 --- a/authentik/sources/scim/api.py +++ b/authentik/sources/scim/api.py @@ -6,7 +6,7 @@ from rest_framework.viewsets import ModelViewSet from authentik.core.api.sources import SourceSerializer from authentik.core.api.tokens import TokenSerializer from authentik.core.api.used_by import UsedByMixin -from authentik.core.models import USER_ATTRIBUTE_SA, Token, TokenIntents, User +from authentik.core.models import Token, TokenIntents, User, UserTypes from authentik.sources.scim.models import SCIMSource @@ -32,7 +32,7 @@ class SCIMSourceSerializer(SourceSerializer): user = User.objects.create( username=identifier, name=f"SCIM Source {instance.name} Service-Account", - attributes={USER_ATTRIBUTE_SA: True}, + type=UserTypes.SERVICE_ACCOUNT, ) token = Token.objects.create( user=user, diff --git a/authentik/sources/scim/apps.py b/authentik/sources/scim/apps.py index 89f943180..3e08a3d8f 100644 --- a/authentik/sources/scim/apps.py +++ b/authentik/sources/scim/apps.py @@ -9,4 +9,3 @@ class AuthentikSourceSCIMConfig(AppConfig): name = "authentik.sources.scim" label = "authentik_sources_scim" verbose_name = "authentik Sources.SCIM" - mountpoint = "source/scim/" diff --git a/blueprints/schema.json b/blueprints/schema.json index 6fe11e20a..797857825 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -1521,6 +1521,43 @@ } } }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_sources_scim.scimsource" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_sources_scim.scimsource" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_sources_scim.scimsource" + } + } + }, { "type": "object", "required": [ @@ -3452,6 +3489,7 @@ "authentik.sources.oauth", "authentik.sources.plex", "authentik.sources.saml", + "authentik.sources.scim", "authentik.stages.authenticator", "authentik.stages.authenticator_duo", "authentik.stages.authenticator_sms", @@ -3527,6 +3565,7 @@ "authentik_sources_plex.plexsourceconnection", "authentik_sources_saml.samlsource", "authentik_sources_saml.usersamlsourceconnection", + "authentik_sources_scim.scimsource", "authentik_stages_authenticator_duo.authenticatorduostage", "authentik_stages_authenticator_duo.duodevice", "authentik_stages_authenticator_sms.authenticatorsmsstage", @@ -5700,6 +5739,74 @@ }, "required": [] }, + "model_authentik_sources_scim.scimsource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name", + "description": "Source's display Name." + }, + "slug": { + "type": "string", + "maxLength": 50, + "minLength": 1, + "pattern": "^[-a-zA-Z0-9_]+$", + "title": "Slug", + "description": "Internal source name, used in URLs." + }, + "enabled": { + "type": "boolean", + "title": "Enabled" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow to use when authenticating existing users." + }, + "enrollment_flow": { + "type": "integer", + "title": "Enrollment flow", + "description": "Flow to use when enrolling new users." + }, + "policy_engine_mode": { + "type": "string", + "enum": [ + "all", + "any" + ], + "title": "Policy engine mode" + }, + "user_matching_mode": { + "type": "string", + "enum": [ + "identifier", + "email_link", + "email_deny", + "username_link", + "username_deny" + ], + "title": "User matching mode", + "description": "How the source determines if an existing user should be authenticated or a new user enrolled." + }, + "user_path_template": { + "type": "string", + "minLength": 1, + "title": "User path template" + }, + "icon": { + "type": "string", + "minLength": 1, + "title": "Icon" + }, + "token": { + "type": "integer", + "title": "Token" + } + }, + "required": [] + }, "model_authentik_stages_authenticator_duo.authenticatorduostage": { "type": "object", "properties": { diff --git a/schema.yml b/schema.yml index fd025466a..3d635eede 100644 --- a/schema.yml +++ b/schema.yml @@ -27809,6 +27809,7 @@ components: - authentik.sources.oauth - authentik.sources.plex - authentik.sources.saml + - authentik.sources.scim - authentik.stages.authenticator - authentik.stages.authenticator_duo - authentik.stages.authenticator_sms @@ -27860,6 +27861,7 @@ components: * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML + * `authentik.sources.scim` - authentik Sources.SCIM * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS @@ -30611,6 +30613,7 @@ components: * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML + * `authentik.sources.scim` - authentik Sources.SCIM * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS @@ -30682,6 +30685,7 @@ components: * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection + * `authentik_sources_scim.scimsource` - SCIM Source * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage @@ -30807,6 +30811,7 @@ components: * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML + * `authentik.sources.scim` - authentik Sources.SCIM * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS @@ -30878,6 +30883,7 @@ components: * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection + * `authentik_sources_scim.scimsource` - SCIM Source * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage @@ -33181,6 +33187,7 @@ components: - authentik_sources_plex.plexsourceconnection - authentik_sources_saml.samlsource - authentik_sources_saml.usersamlsourceconnection + - authentik_sources_scim.scimsource - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice - authentik_stages_authenticator_sms.authenticatorsmsstage @@ -33257,6 +33264,7 @@ components: * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection + * `authentik_sources_scim.scimsource` - SCIM Source * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage @@ -36253,6 +36261,7 @@ components: * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML + * `authentik.sources.scim` - authentik Sources.SCIM * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS @@ -36324,6 +36333,7 @@ components: * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection + * `authentik_sources_scim.scimsource` - SCIM Source * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage