authentik.enterprise.stages.mtls.models

View Source

 1from django.db import models
 2from django.utils.translation import gettext_lazy as _
 3from rest_framework.serializers import Serializer
 4
 5from authentik.crypto.models import CertificateKeyPair
 6from authentik.endpoints.models import StageMode
 7from authentik.flows.models import Stage
 8from authentik.flows.stage import StageView
 9
10
11class CertAttributes(models.TextChoices):
12    """Certificate attribute used for user matching"""
13
14    SUBJECT = "subject"
15    COMMON_NAME = "common_name"
16    EMAIL = "email"
17
18
19class UserAttributes(models.TextChoices):
20    """User attribute for user matching"""
21
22    USERNAME = "username"
23    EMAIL = "email"
24
25
26class MutualTLSStage(Stage):
27    """Authenticate/enroll users using a client-certificate."""
28
29    mode = models.TextField(choices=StageMode.choices)
30
31    certificate_authorities = models.ManyToManyField(
32        CertificateKeyPair,
33        default=None,
34        blank=True,
35        help_text=_(
36            "Configure certificate authorities to validate the certificate against. "
37            "This option has a higher priority than the `client_certificate` option on `Brand`."
38        ),
39    )
40
41    cert_attribute = models.TextField(choices=CertAttributes.choices)
42    user_attribute = models.TextField(choices=UserAttributes.choices)
43
44    @property
45    def view(self) -> type[StageView]:
46        from authentik.enterprise.stages.mtls.stage import MTLSStageView
47
48        return MTLSStageView
49
50    @property
51    def serializer(self) -> type[Serializer]:
52        from authentik.enterprise.stages.mtls.api import MutualTLSStageSerializer
53
54        return MutualTLSStageSerializer
55
56    @property
57    def component(self) -> str:
58        return "ak-stage-mtls-form"
59
60    class Meta:
61        verbose_name = _("Mutual TLS Stage")
62        verbose_name_plural = _("Mutual TLS Stages")
63        permissions = [
64            ("pass_outpost_certificate", _("Permissions to pass Certificates for outposts.")),
65        ]

class CertAttributes(django.db.models.enums.TextChoices): View Source

12class CertAttributes(models.TextChoices):
13    """Certificate attribute used for user matching"""
14
15    SUBJECT = "subject"
16    COMMON_NAME = "common_name"
17    EMAIL = "email"

Certificate attribute used for user matching

SUBJECT = CertAttributes.SUBJECT

COMMON_NAME = CertAttributes.COMMON_NAME

EMAIL = CertAttributes.EMAIL

class UserAttributes(django.db.models.enums.TextChoices): View Source

20class UserAttributes(models.TextChoices):
21    """User attribute for user matching"""
22
23    USERNAME = "username"
24    EMAIL = "email"

User attribute for user matching

USERNAME = UserAttributes.USERNAME

EMAIL = UserAttributes.EMAIL

class MutualTLSStage(authentik.flows.models.Stage): View Source

27class MutualTLSStage(Stage):
28    """Authenticate/enroll users using a client-certificate."""
29
30    mode = models.TextField(choices=StageMode.choices)
31
32    certificate_authorities = models.ManyToManyField(
33        CertificateKeyPair,
34        default=None,
35        blank=True,
36        help_text=_(
37            "Configure certificate authorities to validate the certificate against. "
38            "This option has a higher priority than the `client_certificate` option on `Brand`."
39        ),
40    )
41
42    cert_attribute = models.TextField(choices=CertAttributes.choices)
43    user_attribute = models.TextField(choices=UserAttributes.choices)
44
45    @property
46    def view(self) -> type[StageView]:
47        from authentik.enterprise.stages.mtls.stage import MTLSStageView
48
49        return MTLSStageView
50
51    @property
52    def serializer(self) -> type[Serializer]:
53        from authentik.enterprise.stages.mtls.api import MutualTLSStageSerializer
54
55        return MutualTLSStageSerializer
56
57    @property
58    def component(self) -> str:
59        return "ak-stage-mtls-form"
60
61    class Meta:
62        verbose_name = _("Mutual TLS Stage")
63        verbose_name_plural = _("Mutual TLS Stages")
64        permissions = [
65            ("pass_outpost_certificate", _("Permissions to pass Certificates for outposts.")),
66        ]

Authenticate/enroll users using a client-certificate.

def mode(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

certificate_authorities

Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.

In the example::

class Pizza(Model):
    toppings = ManyToManyField(Topping, related_name='pizzas')

Pizza.toppings and Topping.pizzas are ManyToManyDescriptor instances.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

def cert_attribute(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def user_attribute(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

view: type[authentik.flows.stage.StageView] View Source

45    @property
46    def view(self) -> type[StageView]:
47        from authentik.enterprise.stages.mtls.stage import MTLSStageView
48
49        return MTLSStageView

Return StageView class that implements logic for this stage

serializer: type[rest_framework.serializers.Serializer] View Source

51    @property
52    def serializer(self) -> type[Serializer]:
53        from authentik.enterprise.stages.mtls.api import MutualTLSStageSerializer
54
55        return MutualTLSStageSerializer

Get serializer for this model

component: str View Source

57    @property
58    def component(self) -> str:
59        return "ak-stage-mtls-form"

Return component used to edit this object

def get_mode_display(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_cert_attribute_display(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_user_attribute_display(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

stage_ptr_id

stage_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members

authentik.lib.models.SerializerModel: Meta
authentik.flows.models.Stage: stage_uuid; name; objects; ui_user_settings; is_in_memory; flow_set; flowstagebinding_set; emailstage; endpointstage; invitationstage; passwordstage; promptstage; authenticatorstaticstage; authenticatorduostage; authenticatoremailstage; authenticatorsmsstage; authenticatorwebauthnstage; authenticatorvalidatestage; captchastage; identificationstage; authenticatortotpstage; consentstage; denystage; dummystage; redirectstage; userdeletestage; userloginstage; userlogoutstage; userwritestage; authenticatorendpointgdtcstage; mutualtlsstage; sourcestage

class MutualTLSStage.DoesNotExist(authentik.flows.models.Stage.DoesNotExist):

The requested object does not exist

class MutualTLSStage.MultipleObjectsReturned(authentik.flows.models.Stage.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.