--- title: Weblate --- Support level: Community ## What is Weblate From https://weblate.org/en/ :::note Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries. ::: ## Preparation The following placeholders will be used: - `weblate.company` is the FQDN of the Weblate install. - `authentik.company` is the FQDN of the authentik install. - `weblate-slug` is the slug of the Weblate application Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: - ACS URL: `https://weblate.company/accounts/complete/saml/` - Audience: `https://weblate.company/accounts/metadata/saml/` - Service Provider Binding: Post - Issuer: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` You can of course use a custom signing certificate, and adjust durations. ## Property mappings We need to create some property mappings so our application will work. After you create the property mappings, assign them to the provider. ### Full name - Name: `Weblate - Full name` - SAML Attribute Name: `urn:oid:2.5.4.3` - Expression ```python return request.user.name ``` ### OID_USERID - Name: `Weblate - OID_USERID` - SAML Attribute Name: `urn:oid:0.9.2342.19200300.100.1.1` - Expression ```python return request.user.username ``` ### Username - Name: `Weblate - Username` - SAML Attribute Name: `username` - Expression ```python return request.user.username ``` ### Email - Name: `Weblate - Email` - SAML Attribute Name: `email` - Expression ```python return request.user.email ``` ## Weblate configuration The variables bellow need to be set, depending on if you deploy in a container or not you can take a look at the following links - https://docs.weblate.org/en/latest/admin/config.html#config - https://docs.weblate.org/en/latest/admin/install/docker.html#docker-environment Variables to set - ENABLE_HTTPS: `1` - SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` - SAML_IDP_URL: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` - SAML_IDP_X509CERT: `MIIFDjCCAvagAwIBAgIRAJV8hH0wGkhGvbhhDKppWIYwDQYJKoZIhvcNAQELBQAw....F9lT9hHwHhsnA=` The `SAML_IDP_X509CERT` is the certificate in the SAML Metadata `X509Certificate` key. Should you wish to only allow registration and login through Authentik, you should set the following variables as well. - REGISTRATION_OPEN: `0` - REGISTRATION_ALLOW_BACKENDS: `saml` - REQUIRE_LOGIN: `1` - NO_EMAIL_AUTH: `1` Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as enviornment variables