authentik.sources.saml.api.source
SAMLSource API Views
1"""SAMLSource API Views""" 2 3from django.urls import reverse 4from django.utils.translation import gettext_lazy as _ 5from drf_spectacular.utils import extend_schema 6from rest_framework.decorators import action 7from rest_framework.request import Request 8from rest_framework.response import Response 9from rest_framework.serializers import ValidationError 10from rest_framework.viewsets import ModelViewSet 11 12from authentik.core.api.sources import SourceSerializer 13from authentik.core.api.used_by import UsedByMixin 14from authentik.providers.saml.api.providers import SAMLMetadataSerializer 15from authentik.sources.saml.models import SAMLSource 16from authentik.sources.saml.processors.metadata import MetadataProcessor 17 18 19class SAMLSourceSerializer(SourceSerializer): 20 """SAMLSource Serializer""" 21 22 def validate(self, attrs: dict): 23 if attrs.get("verification_kp"): 24 if not attrs.get("signed_assertion") and not attrs.get("signed_response"): 25 raise ValidationError( 26 _( 27 "With a Verification Certificate selected, at least one of" 28 " 'Verify Assertion Signature' or 'Verify Response Signature' " 29 "must be selected." 30 ) 31 ) 32 return super().validate(attrs) 33 34 class Meta: 35 model = SAMLSource 36 fields = SourceSerializer.Meta.fields + [ 37 "group_matching_mode", 38 "pre_authentication_flow", 39 "issuer", 40 "sso_url", 41 "slo_url", 42 "allow_idp_initiated", 43 "force_authn", 44 "name_id_policy", 45 "binding_type", 46 "verification_kp", 47 "signing_kp", 48 "digest_algorithm", 49 "signature_algorithm", 50 "temporary_user_delete_after", 51 "encryption_kp", 52 "signed_assertion", 53 "signed_response", 54 ] 55 56 57class SAMLSourceViewSet(UsedByMixin, ModelViewSet): 58 """SAMLSource Viewset""" 59 60 queryset = SAMLSource.objects.all() 61 serializer_class = SAMLSourceSerializer 62 lookup_field = "slug" 63 filterset_fields = [ 64 "pbm_uuid", 65 "name", 66 "slug", 67 "enabled", 68 "authentication_flow", 69 "enrollment_flow", 70 "managed", 71 "policy_engine_mode", 72 "user_matching_mode", 73 "pre_authentication_flow", 74 "issuer", 75 "sso_url", 76 "slo_url", 77 "allow_idp_initiated", 78 "force_authn", 79 "name_id_policy", 80 "binding_type", 81 "verification_kp", 82 "signing_kp", 83 "digest_algorithm", 84 "signature_algorithm", 85 "temporary_user_delete_after", 86 "signed_assertion", 87 "signed_response", 88 ] 89 search_fields = ["name", "slug"] 90 ordering = ["name"] 91 92 @extend_schema(responses={200: SAMLMetadataSerializer(many=False)}) 93 @action(methods=["GET"], detail=True) 94 def metadata(self, request: Request, slug: str) -> Response: 95 """Return metadata as XML string""" 96 source = self.get_object() 97 metadata = MetadataProcessor(source, request).build_entity_descriptor() 98 return Response( 99 { 100 "metadata": metadata, 101 "download_url": reverse( 102 "authentik_sources_saml:metadata", 103 kwargs={ 104 "source_slug": source.slug, 105 }, 106 ), 107 } 108 )
20class SAMLSourceSerializer(SourceSerializer): 21 """SAMLSource Serializer""" 22 23 def validate(self, attrs: dict): 24 if attrs.get("verification_kp"): 25 if not attrs.get("signed_assertion") and not attrs.get("signed_response"): 26 raise ValidationError( 27 _( 28 "With a Verification Certificate selected, at least one of" 29 " 'Verify Assertion Signature' or 'Verify Response Signature' " 30 "must be selected." 31 ) 32 ) 33 return super().validate(attrs) 34 35 class Meta: 36 model = SAMLSource 37 fields = SourceSerializer.Meta.fields + [ 38 "group_matching_mode", 39 "pre_authentication_flow", 40 "issuer", 41 "sso_url", 42 "slo_url", 43 "allow_idp_initiated", 44 "force_authn", 45 "name_id_policy", 46 "binding_type", 47 "verification_kp", 48 "signing_kp", 49 "digest_algorithm", 50 "signature_algorithm", 51 "temporary_user_delete_after", 52 "encryption_kp", 53 "signed_assertion", 54 "signed_response", 55 ]
SAMLSource Serializer
def
validate(self, attrs: dict):
23 def validate(self, attrs: dict): 24 if attrs.get("verification_kp"): 25 if not attrs.get("signed_assertion") and not attrs.get("signed_response"): 26 raise ValidationError( 27 _( 28 "With a Verification Certificate selected, at least one of" 29 " 'Verify Assertion Signature' or 'Verify Response Signature' " 30 "must be selected." 31 ) 32 ) 33 return super().validate(attrs)
Inherited Members
class
SAMLSourceSerializer.Meta:
35 class Meta: 36 model = SAMLSource 37 fields = SourceSerializer.Meta.fields + [ 38 "group_matching_mode", 39 "pre_authentication_flow", 40 "issuer", 41 "sso_url", 42 "slo_url", 43 "allow_idp_initiated", 44 "force_authn", 45 "name_id_policy", 46 "binding_type", 47 "verification_kp", 48 "signing_kp", 49 "digest_algorithm", 50 "signature_algorithm", 51 "temporary_user_delete_after", 52 "encryption_kp", 53 "signed_assertion", 54 "signed_response", 55 ]
model =
<class 'authentik.sources.saml.models.SAMLSource'>
fields =
['pk', 'name', 'slug', 'enabled', 'promoted', 'authentication_flow', 'enrollment_flow', 'user_property_mappings', 'group_property_mappings', 'component', 'verbose_name', 'verbose_name_plural', 'meta_model_name', 'policy_engine_mode', 'user_matching_mode', 'managed', 'user_path_template', 'icon', 'icon_url', 'icon_themed_urls', 'group_matching_mode', 'pre_authentication_flow', 'issuer', 'sso_url', 'slo_url', 'allow_idp_initiated', 'force_authn', 'name_id_policy', 'binding_type', 'verification_kp', 'signing_kp', 'digest_algorithm', 'signature_algorithm', 'temporary_user_delete_after', 'encryption_kp', 'signed_assertion', 'signed_response']
class
SAMLSourceViewSet(authentik.core.api.used_by.UsedByMixin, rest_framework.viewsets.ModelViewSet):
58class SAMLSourceViewSet(UsedByMixin, ModelViewSet): 59 """SAMLSource Viewset""" 60 61 queryset = SAMLSource.objects.all() 62 serializer_class = SAMLSourceSerializer 63 lookup_field = "slug" 64 filterset_fields = [ 65 "pbm_uuid", 66 "name", 67 "slug", 68 "enabled", 69 "authentication_flow", 70 "enrollment_flow", 71 "managed", 72 "policy_engine_mode", 73 "user_matching_mode", 74 "pre_authentication_flow", 75 "issuer", 76 "sso_url", 77 "slo_url", 78 "allow_idp_initiated", 79 "force_authn", 80 "name_id_policy", 81 "binding_type", 82 "verification_kp", 83 "signing_kp", 84 "digest_algorithm", 85 "signature_algorithm", 86 "temporary_user_delete_after", 87 "signed_assertion", 88 "signed_response", 89 ] 90 search_fields = ["name", "slug"] 91 ordering = ["name"] 92 93 @extend_schema(responses={200: SAMLMetadataSerializer(many=False)}) 94 @action(methods=["GET"], detail=True) 95 def metadata(self, request: Request, slug: str) -> Response: 96 """Return metadata as XML string""" 97 source = self.get_object() 98 metadata = MetadataProcessor(source, request).build_entity_descriptor() 99 return Response( 100 { 101 "metadata": metadata, 102 "download_url": reverse( 103 "authentik_sources_saml:metadata", 104 kwargs={ 105 "source_slug": source.slug, 106 }, 107 ), 108 } 109 )
SAMLSource Viewset
serializer_class =
<class 'SAMLSourceSerializer'>
filterset_fields =
['pbm_uuid', 'name', 'slug', 'enabled', 'authentication_flow', 'enrollment_flow', 'managed', 'policy_engine_mode', 'user_matching_mode', 'pre_authentication_flow', 'issuer', 'sso_url', 'slo_url', 'allow_idp_initiated', 'force_authn', 'name_id_policy', 'binding_type', 'verification_kp', 'signing_kp', 'digest_algorithm', 'signature_algorithm', 'temporary_user_delete_after', 'signed_assertion', 'signed_response']
@extend_schema(responses={200: SAMLMetadataSerializer(many=False)})
@action(methods=['GET'], detail=True)
def
metadata( self, request: rest_framework.request.Request, slug: str) -> rest_framework.response.Response:
93 @extend_schema(responses={200: SAMLMetadataSerializer(many=False)}) 94 @action(methods=["GET"], detail=True) 95 def metadata(self, request: Request, slug: str) -> Response: 96 """Return metadata as XML string""" 97 source = self.get_object() 98 metadata = MetadataProcessor(source, request).build_entity_descriptor() 99 return Response( 100 { 101 "metadata": metadata, 102 "download_url": reverse( 103 "authentik_sources_saml:metadata", 104 kwargs={ 105 "source_slug": source.slug, 106 }, 107 ), 108 } 109 )
Return metadata as XML string