work with authentik

2026-02-27 17:48:21 -05:00
parent 90eb649940
commit 2aaa0442b2
13 changed files with 699 additions and 2 deletions
--- a/templates/settings-custom.php.template
+++ b/templates/settings-custom.php.template
@@ -0,0 +1,63 @@
+<?php
+$authentication = new \Xibo\Middleware\SAMLAuthentication();
+$samlSettings = [
+    'workflow' => [
+        'jit' => true,
+        'field_to_identify' => 'UserName',
+        'libraryQuota' => 1000,
+        'homePage' => 'icondashboard.view',
+        'slo' => true,
+        'mapping' => [
+            'UserID' => '',
+            'usertypeid' => '',
+            'UserName' => 'http://schemas.goauthentik.io/2021/02/saml/username',
+            'email' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
+        ],
+        'group' => 'Users',
+        'matchGroups' => [
+            'enabled' => false,
+            'attribute' => null,
+            'extractionRegEx' => null,
+        ],
+    ],
+    'strict' => true,
+    'debug' => true,
+    'baseurl' => '{{SAML_BASE_URL}}',
+    'idp' => [
+        'entityId' => '{{AUTHENTIK_IDP_ENTITY_ID}}',
+        'singleSignOnService' => [
+            'url' => '{{AUTHENTIK_SSO_URL}}',
+            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+        ],
+        'singleLogoutService' => [
+            'url' => '{{AUTHENTIK_SLO_URL}}',
+            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+        ],
+        'x509cert' => '{{AUTHENTIK_IDP_X509_CERT}}',
+    ],
+    'sp' => [
+        'entityId' => '{{SAML_SP_ENTITY_ID}}',
+        'assertionConsumerService' => [
+            'url' => '{{SAML_BASE_URL}}/acs',
+            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+        ],
+        'singleLogoutService' => [
+            'url' => '{{SAML_BASE_URL}}/sls',
+            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+        ],
+        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+        'x509cert' => '',
+        'privateKey' => '',
+    ],
+    'security' => [
+        'nameIdEncrypted' => false,
+        'authnRequestsSigned' => false,
+        'logoutRequestSigned' => false,
+        'logoutResponseSigned' => false,
+        'signMetadata' => false,
+        'wantMessagesSigned' => false,
+        'wantAssertionsSigned' => false,
+        'wantAssertionsEncrypted' => false,
+        'wantNameIdEncrypted' => false,
+    ],
+];