cd12e177ea
* initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
3 KiB
| title |
|---|
| TrueNAS TrueCommand |
Support level: Community
What is TrueNAS TrueCommand
From https://www.truenas.com/truecommand/ :::note What is TrueCommand? TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storag e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti me when resolving issues. :::
:::caution This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL. :::
Preparation
The following placeholders will be used:
truecommand.companyis the FQDN of the snipe-it install.authentik.companyis the FQDN of the authentik install.
Create an application in authentik and use the slug for later as truenas-truecommand.
Create a SAML provider with the following parameters:
- ACS URL:
https://truecommand.company/saml/acs - Issuer:
truecommand-saml - Binding:
Post
Under Advanced protocol settings, set a certificate for Signing Certificate. Under Advanced protocol settings, set NameID Property to authentik default SAML Mapping: Email.
SAML Property Mappings
The following custom property mappings are required.
Under Customisation, select Property Mappings, then Create. Select SAML Property Mapping.
Username
- Name:
Truecommand - Username - SAML Attribute Name:
unique_name - Expression
return request.user.username
- Name:
Truecommand - Email - SAML Attribute Name:
email - Expression
return request.user.email
Fullname
- Name:
Truecommand - Fullname - SAML Attribute Name:
given_nameORdisplay_name - Expression
return request.user.name
Other Attributes
If you have custom attributes, or attributes imported from Active Directory, TrueCommand supports the following additional mappings:
Role
- Name:
Truecommand - Role - SAML Attribute Name:
title - Expression
return [custom_attribute]
Phone Number
- Name:
Truecommand - Phone Number - SAML Attribute Name:
telephone_number - Expression
return [custom_attribute]
Return to Providers under Applications, and edit the Provider created above.
Under Advanced protocol settings, select the additional property mappings created above.
SAML Metadata
Click the Copy download URL to save the Metadata URL into your clipboard.
TrueCommand Config
- Click on the gear icon in the upper right corner.
- Select Administration
- Click on CONFIGURE
- SAML Identity Provider URL:
Paste the Metadata URL from your clipboard. - Click Save, then click Configure again then select Start the SAML service, then click Save to start the service.