core: move end-session to core

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-06 13:24:27 +02:00
parent 67470590c2
commit 9180d448df
9 changed files with 16 additions and 9 deletions

View File

@ -1,4 +1,5 @@
"""authentik URL Configuration"""
from authentik.core.views.session import EndSessionView
from django.contrib.auth.decorators import login_required
from django.urls import path
from django.views.decorators.csrf import ensure_csrf_cookie
@ -36,6 +37,11 @@ urlpatterns = [
ensure_csrf_cookie(FlowInterfaceView.as_view()),
name="if-flow",
),
path(
"if/session-end/<slug:application_slug>/",
ensure_csrf_cookie(EndSessionView.as_view()),
name="if-session-end",
),
# Fallback for WS
path("ws/outpost/<uuid:pk>/", TemplateView.as_view(template_name="if/admin.html")),
path(

View File

@ -1,4 +1,4 @@
"""authentik OAuth2 Session Views"""
"""authentik Session Views"""
from typing import Any
from django.shortcuts import get_object_or_404
@ -10,7 +10,7 @@ from authentik.core.models import Application
class EndSessionView(TemplateView):
"""Allow the client to end the Session"""
template_name = "providers/oauth2/end_session.html"
template_name = "if/end_session.html"
def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
context = super().get_context_data(**kwargs)

View File

@ -107,7 +107,7 @@ class OAuth2ProviderViewSet(ModelViewSet):
)
data["logout"] = request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:end-session",
"authentik_core:if-session-end",
kwargs={"application_slug": provider.application.slug},
)
)

View File

@ -11,8 +11,8 @@ class AuthentikProviderOAuth2Config(AppConfig):
label = "authentik_providers_oauth2"
verbose_name = "authentik Providers.OAuth2"
mountpoints = {
"authentik.providers.oauth2.urls": "application/o/",
"authentik.providers.oauth2.urls_github": "",
"authentik.providers.oauth2.urls": "application/o/",
}
def ready(self) -> None:

View File

@ -1,6 +1,7 @@
"""OAuth provider URLs"""
from django.urls import path
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.base import RedirectView
from authentik.providers.oauth2.constants import SCOPE_OPENID
from authentik.providers.oauth2.utils import protected_resource_view
@ -8,7 +9,6 @@ from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
from authentik.providers.oauth2.views.jwks import JWKSView
from authentik.providers.oauth2.views.provider import ProviderInfoView
from authentik.providers.oauth2.views.session import EndSessionView
from authentik.providers.oauth2.views.token import TokenView
from authentik.providers.oauth2.views.userinfo import UserInfoView
@ -31,7 +31,7 @@ urlpatterns = [
),
path(
"<slug:application_slug>/end-session/",
EndSessionView.as_view(),
RedirectView.as_view(pattern_name="authentik_core:if-session-end"),
name="end-session",
),
path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),

View File

@ -54,7 +54,7 @@ class ProviderInfoView(View):
),
"end_session_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:end-session",
"authentik_core:if-session-end",
kwargs={"application_slug": provider.application.slug},
)
),

View File

@ -72,7 +72,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
),
"GF_AUTH_SIGNOUT_REDIRECT_URL": (
self.url(
"authentik_providers_oauth2:end-session",
"authentik_core:if-session-end",
application_slug=APPLICATION_SLUG,
)
),
@ -250,7 +250,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
self.driver.get("http://localhost:3000/logout")
self.wait_for_url(
self.url(
"authentik_providers_oauth2:end-session",
"authentik_core:if-session-end",
application_slug=APPLICATION_SLUG,
)
)

View File

@ -46,6 +46,7 @@ Set the following values:
- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
- Identifier of the IdP entity (must be a URI): `https://authentik.company`
- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
- URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end/<application-slug>/`
- Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate
Under Attribute mapping, set these values: