Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/integrations: add Aruba Orchestrator #12027

Open
wants to merge 27 commits into
base: main
Choose a base branch
from

Conversation

jazzyj123
Copy link

This integration guide details how to configure authentik as a SAML identity provider for Aruba Orchestrator, allowing centralized authentication and role-based access control. It involves setting up SAML mappings in authentik and configuring Aruba Orchestrator to accept SAML assertions from authentik for user login.

@jazzyj123 jazzyj123 requested a review from a team as a code owner November 14, 2024 17:13
Copy link

netlify bot commented Nov 14, 2024

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 90ca493
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/67409e79fa616b00088bd4eb
😎 Deploy Preview https://deploy-preview-12027--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

netlify bot commented Nov 14, 2024

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit 90ca493
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/67409e7b2e87dd00080641bd
😎 Deploy Preview https://deploy-preview-12027--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Added Aruba Orchestrator to the sidebar. 

Signed-off-by: jazzyj123 <[email protected]>
Copy link
Author

@jazzyj123 jazzyj123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated sidebarIntegrations.js to include Aruba Orchestator in the networking section.

@tanberry
Copy link
Contributor

Thanks so much @jazzyj123 for this contribution! I'll give it a review (looks like 4d62 already caught most things) and hopefully we can get it merged after any requested changes are made. Thanks again!

@tanberry
Copy link
Contributor

Oh, also @jazzyj123 it looks like you'll need to run make website or npm run prettier and then push again, please... the build failed on that linter.

Copy link

codecov bot commented Nov 14, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.62%. Comparing base (bcb91d2) to head (90ca493).
Report is 71 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #12027      +/-   ##
==========================================
- Coverage   92.66%   92.62%   -0.04%     
==========================================
  Files         761      761              
  Lines       37863    38025     +162     
==========================================
+ Hits        35085    35222     +137     
- Misses       2778     2803      +25     
Flag Coverage Δ
e2e 49.18% <ø> (-0.09%) ⬇️
integration 24.83% <ø> (-0.07%) ⬇️
unit 90.21% <ø> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

New Aruba Orchestrator Integration v2

Signed-off-by: jazzyj123 <[email protected]>
@jazzyj123
Copy link
Author

@tanberry @4d62 - I've made all the changes, I hope this is enough. Best Regards.

jazzyj123

This comment was marked as duplicate.

had a \ character which was failing build.

Signed-off-by: jazzyj123 <[email protected]>
Copy link
Contributor

@4d62 4d62 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just this little thing, other than that it looks good to me. thanks for your contribution to authentik. tana will need to give final "ok" as I am not a maintainer.

website/integrations/services/aruba-orchestrator/index.md Outdated Show resolved Hide resolved
@4d62
Copy link
Contributor

4d62 commented Nov 17, 2024

oh i just noticed, the expression should be a code block instead of a quote >

@jazzyj123
Copy link
Author

oh i just noticed, the expression should be a code block instead of a quote >

Can you help amend? Would appreciate it as I cannot see directly what the problem is? Promise I’ll try and contribute a bit more :)

@4d62
Copy link
Contributor

4d62 commented Nov 18, 2024

oh i just noticed, the expression should be a code block instead of a quote >

Can you help amend? Would appreciate it as I cannot see directly what the problem is? Promise I’ll try and contribute a bit more :)

In lines https://github.com/goauthentik/authentik/pull/12027/files#diff-771a6edf120716eb47a74a38d01342a1186cbf7a1063441db43d1765acfadcb7R32-R34 , the expression gets shown as a quote due to

writing it like this

Codeblocks should be used instead for expressions

like this, with three backticks ```

The expression should look like this instead:

if ak_is_group_member(request.user, name="authentik Admins"):
   result = "superAdmin"
return result

hope this helps

@jazzyj123
Copy link
Author

jazzyj123 commented Nov 18, 2024 via email

@tanberry
Copy link
Contributor

tanberry commented Nov 20, 2024

@jazzyj123 can you run make website or npm run prettier, and then push again? The linter is failing on that check.

Screenshot 2024-11-20 at 2 33 28 PM

Copy link
Author

@jazzyj123 jazzyj123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated the file using prettier. Hope this works!

Updated SSL Certificate referenced on line 50.

Signed-off-by: jazzyj123 <[email protected]>
@jazzyj123
Copy link
Author

@tanberry - hope this fixes it now. Thanks. :)

@jazzyj123
Copy link
Author

Anyone able to help me with the lint issue? I ran I through before and it made loads of changes but it appears it’s till not good enough? Thx

@4d62
Copy link
Contributor

4d62 commented Nov 22, 2024

apply patch:

diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md
index 24815b3970..003513e73b 100644
--- a/website/integrations/services/aruba-orchestrator/index.md
+++ b/website/integrations/services/aruba-orchestrator/index.md
@@ -17,39 +17,39 @@ sidebar_label: Aruba Orchestrator
 
 The following placeholders will be used:
 
-- `arubaorchestrator.company` is the FQDN of the Aruba Orchestrator install.
-- `authentik.company` is the FQDN of the authentik install.
-- `SSL Certificate` is the name of the SSL certificate used to sign outgoing responses.
+-   `arubaorchestrator.company` is the FQDN of the Aruba Orchestrator install.
+-   `authentik.company` is the FQDN of the authentik install.
+-   `SSL Certificate` is the name of the SSL certificate used to sign outgoing responses.
 
 ## authentik Configuration
 
 1. Log in to authentik as an admin, and go to the Admin interface.
 2. Create a new SAML Property Mapping under **Customisation** -> **Property Mappings**:
 
-   - **Name**: `Aruba Orchestrator RBAC`
-   - **SAML Attribute Name**: `sp-roles`
-   - **Expression**: Use the expression below but amend the group name as desired.
+    - **Name**: `Aruba Orchestrator RBAC`
+    - **SAML Attribute Name**: `sp-roles`
+    - **Expression**: Use the expression below but amend the group name as desired.
 
-   ```
-   if ak_is_group_member(request.user, name="authentik Admins"):
-             result = "superAdmin"
-        return result
-   ```
+    ```
+    if ak_is_group_member(request.user, name="authentik Admins"):
+              result = "superAdmin"
+         return result
+    ```
 
-   - Save settings
+    - Save settings
 
 3. Create a new SAML Provider under **Applications** -> **Providers** using the following settings:
-   - **Name**: Aruba Orchestrator
-   - **Authentication Flow**: Use your preferred authentication flow (e.g., default-authentication-flow`)
-   - **Authorization Flow ID**: `default-provider-authorization-explicit-consent (Authorize Application)`
-   - Protocol settings:
-   - - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
-   - - **Issuer**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
-   - - **Service Provider Binding**: Post
-   - Advanced protocol settings:
-   - - **Signing Certificate**:`SSL Certificate`
-   - - **Property Mappings**:`default` + `sp-roles`
-   - Leave everything else as default and save the settings.
+    - **Name**: Aruba Orchestrator
+    - **Authentication Flow**: Use your preferred authentication flow (e.g., default-authentication-flow`)
+    - **Authorization Flow ID**: `default-provider-authorization-explicit-consent (Authorize Application)`
+    - Protocol settings:
+    -   - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+    -   - **Issuer**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+    -   - **Service Provider Binding**: Post
+    - Advanced protocol settings:
+    -   - **Signing Certificate**:`SSL Certificate`
+    -   - **Property Mappings**:`default` + `sp-roles`
+    - Leave everything else as default and save the settings.
 4. Download the signing certificate under **Applications** -> **Providers** -> **Aruba Orchestrator** .
 5. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you have just created.
 
@@ -57,19 +57,19 @@ The following placeholders will be used:
 
 1. Log in to the Aruba Orchestrator.
 2. Create a new Remote Authentication Server under **Orchestrator** -> **Authentication** -> **Add New Server**.
-   - **Type**: `SAML`
-   - **Name**: `authentik`
-   - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
-   - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
-   - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
-   - **IdP X509 Cert**: (paste in the downloaded signing certificate)
-   - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
-   - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`
-   - **iDP SLO Endpoint**: (optional)
-   - **EdgeConnect X.509 Cert SLO**: (optional)
-   - **Roles Attribute**: `sp-roles` (optional)
-   - **Appliance Access Group Attribute**: (optional)
-   - **Default role**: (optional)
+    - **Type**: `SAML`
+    - **Name**: `authentik`
+    - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
+    - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+    - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
+    - **IdP X509 Cert**: (paste in the downloaded signing certificate)
+    - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+    - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`
+    - **iDP SLO Endpoint**: (optional)
+    - **EdgeConnect X.509 Cert SLO**: (optional)
+    - **Roles Attribute**: `sp-roles` (optional)
+    - **Appliance Access Group Attribute**: (optional)
+    - **Default role**: (optional)
 
 ## Verification
 

@4d62
Copy link
Contributor

4d62 commented Nov 22, 2024

You should also work on Git branches instead of your main branch (for example, 4d62/website/integrations/arruba-orchestrator) to facilitate development and branch fast-forwards.

updated for lint again. 

Signed-off-by: jazzyj123 <[email protected]>
ok, fixed. 

Code style issues found in the above file. Run Prettier with --write to fix.

Signed-off-by: jazzyj123 <[email protected]>
Copy link
Author

@jazzyj123 jazzyj123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hopefully this fixes the lint check.

@tanberry
Copy link
Contributor

Hi @jazzyj123 dang the prettier-check linter is still failing. Have you run make website or npm run prettier? Our Dev Docs have a bit of info on how to prepare docs locally before pushing, to make sure they pass all the build checks.

If those instructions don;' help, let me know if you want to have a chat and see if we can figure it out. Or alternatively, I can pull down your PR locally, run the commands, and push back to your PR. Whichever you prefer! :-)

Hopefully this fixes the lint check.

Great, I have re-kicked off build, let's see. I was just writing you a longish reply, that if you want we can either try to sort it via a chat, or I can pull down your PR, run the commands, then push back to your PR. But let's see if this works first.

@jazzyj123
Copy link
Author

jazzyj123 commented Nov 22, 2024 via email

@tanberry
Copy link
Contributor

Welp, still not passing. @jazzyj123 let me know if you want to have a chat (google meet?) and step through what is happening, or I can pull down your PR and run commands. I'm fine with either, but since of course we hope you continue to contribute to authentik, I'd be very happy to talk and see if we can troubleshoot this. ;-)

@tanberry
Copy link
Contributor

I just executed npm run prettier and identified some issues and it said that it modified the file and I uploaded that file straight into my file I created. I originally referred to the documentation in the beginning by using the template and then an online Prettier. I'll see if I can reach out to you directly via GitHub shortly. Thanks for your persistence with this. It has become quite difficult just to do something quite simple :)

________________________________ From: Tana M Berry @.> Sent: Friday, November 22, 2024 3:11 pm To: goauthentik/authentik @.> Cc: jazzyj123 @.>; Mention @.> Subject: Re: [goauthentik/authentik] website/integrations: add Aruba Orchestrator (PR #12027) Hi @jazzyj123https://github.com/jazzyj123 dang the prettier-check linter is still failing. Have you run make website or npm run prettier? Our Dev Docshttps://docs.goauthentik.io/docs/developer-docs/docs/writing-documentation have a bit of info on how to prepare docs locally before pushing, to make sure they pass all the build checks. If those instructions don;' help, let me know if you want to have a chat and see if we can figure it out. Or alternatively, I can pull down your PR locally, run the commands, and push back to your PR. Whichever you prefer! :-) Hopefully this fixes the lint check. Great, I have re-kicked off build, let's see. I was just writing you a longish reply, that if you want we can either try to sort it via a chat, or I can pull down your PR, run the commands, then push back to your PR. But let's see if this works first. — Reply to this email directly, view it on GitHub<#12027 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASKTXT7JSN3NEURCS3737YT2B5CRRAVCNFSM6AAAAABRZMPQA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJTHE3TSMBQHA. You are receiving this because you were mentioned.Message ID: @.***>

Yeah, true, sometimes what seems like it should be simple isn't. Often it is the "magic" of git being annoying, but once understood and sorted, it returns to being magical. I am free after 2:00 pm today Texas time (Central time zone).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants