core: move end-session to core
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
67470590c2
commit
9180d448df
|
@ -1,4 +1,5 @@
|
|||
"""authentik URL Configuration"""
|
||||
from authentik.core.views.session import EndSessionView
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.urls import path
|
||||
from django.views.decorators.csrf import ensure_csrf_cookie
|
||||
|
@ -36,6 +37,11 @@ urlpatterns = [
|
|||
ensure_csrf_cookie(FlowInterfaceView.as_view()),
|
||||
name="if-flow",
|
||||
),
|
||||
path(
|
||||
"if/session-end/<slug:application_slug>/",
|
||||
ensure_csrf_cookie(EndSessionView.as_view()),
|
||||
name="if-session-end",
|
||||
),
|
||||
# Fallback for WS
|
||||
path("ws/outpost/<uuid:pk>/", TemplateView.as_view(template_name="if/admin.html")),
|
||||
path(
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""authentik OAuth2 Session Views"""
|
||||
"""authentik Session Views"""
|
||||
from typing import Any
|
||||
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
@ -10,7 +10,7 @@ from authentik.core.models import Application
|
|||
class EndSessionView(TemplateView):
|
||||
"""Allow the client to end the Session"""
|
||||
|
||||
template_name = "providers/oauth2/end_session.html"
|
||||
template_name = "if/end_session.html"
|
||||
|
||||
def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
|
||||
context = super().get_context_data(**kwargs)
|
|
@ -107,7 +107,7 @@ class OAuth2ProviderViewSet(ModelViewSet):
|
|||
)
|
||||
data["logout"] = request.build_absolute_uri(
|
||||
reverse(
|
||||
"authentik_providers_oauth2:end-session",
|
||||
"authentik_core:if-session-end",
|
||||
kwargs={"application_slug": provider.application.slug},
|
||||
)
|
||||
)
|
||||
|
|
|
@ -11,8 +11,8 @@ class AuthentikProviderOAuth2Config(AppConfig):
|
|||
label = "authentik_providers_oauth2"
|
||||
verbose_name = "authentik Providers.OAuth2"
|
||||
mountpoints = {
|
||||
"authentik.providers.oauth2.urls": "application/o/",
|
||||
"authentik.providers.oauth2.urls_github": "",
|
||||
"authentik.providers.oauth2.urls": "application/o/",
|
||||
}
|
||||
|
||||
def ready(self) -> None:
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
"""OAuth provider URLs"""
|
||||
from django.urls import path
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.views.generic.base import RedirectView
|
||||
|
||||
from authentik.providers.oauth2.constants import SCOPE_OPENID
|
||||
from authentik.providers.oauth2.utils import protected_resource_view
|
||||
|
@ -8,7 +9,6 @@ from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
|
|||
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
|
||||
from authentik.providers.oauth2.views.jwks import JWKSView
|
||||
from authentik.providers.oauth2.views.provider import ProviderInfoView
|
||||
from authentik.providers.oauth2.views.session import EndSessionView
|
||||
from authentik.providers.oauth2.views.token import TokenView
|
||||
from authentik.providers.oauth2.views.userinfo import UserInfoView
|
||||
|
||||
|
@ -31,7 +31,7 @@ urlpatterns = [
|
|||
),
|
||||
path(
|
||||
"<slug:application_slug>/end-session/",
|
||||
EndSessionView.as_view(),
|
||||
RedirectView.as_view(pattern_name="authentik_core:if-session-end"),
|
||||
name="end-session",
|
||||
),
|
||||
path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),
|
||||
|
|
|
@ -54,7 +54,7 @@ class ProviderInfoView(View):
|
|||
),
|
||||
"end_session_endpoint": self.request.build_absolute_uri(
|
||||
reverse(
|
||||
"authentik_providers_oauth2:end-session",
|
||||
"authentik_core:if-session-end",
|
||||
kwargs={"application_slug": provider.application.slug},
|
||||
)
|
||||
),
|
||||
|
|
|
@ -72,7 +72,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
|||
),
|
||||
"GF_AUTH_SIGNOUT_REDIRECT_URL": (
|
||||
self.url(
|
||||
"authentik_providers_oauth2:end-session",
|
||||
"authentik_core:if-session-end",
|
||||
application_slug=APPLICATION_SLUG,
|
||||
)
|
||||
),
|
||||
|
@ -250,7 +250,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
|||
self.driver.get("http://localhost:3000/logout")
|
||||
self.wait_for_url(
|
||||
self.url(
|
||||
"authentik_providers_oauth2:end-session",
|
||||
"authentik_core:if-session-end",
|
||||
application_slug=APPLICATION_SLUG,
|
||||
)
|
||||
)
|
||||
|
|
|
@ -46,6 +46,7 @@ Set the following values:
|
|||
- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
|
||||
- Identifier of the IdP entity (must be a URI): `https://authentik.company`
|
||||
- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
|
||||
- URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end/<application-slug>/`
|
||||
- Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate
|
||||
|
||||
Under Attribute mapping, set these values:
|
||||
|
|
Reference in a new issue