-
-
Notifications
You must be signed in to change notification settings - Fork 923
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/integrations: add Aruba Orchestrator #12027
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: jazzyj123 <[email protected]>
Signed-off-by: jazzyj123 <[email protected]>
Signed-off-by: jazzyj123 <[email protected]>
Signed-off-by: jazzyj123 <[email protected]>
Signed-off-by: jazzyj123 <[email protected]>
Added the Aruba Orchestrator to the integrations section of the website. Signed-off-by: jazzyj123 <[email protected]>
Added Aruba Orchestrator
Signed-off-by: jazzyj123 <[email protected]>
Signed-off-by: jazzyj123 <[email protected]>
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Added Aruba Orchestrator to the sidebar. Signed-off-by: jazzyj123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated sidebarIntegrations.js to include Aruba Orchestator in the networking section.
Thanks so much @jazzyj123 for this contribution! I'll give it a review (looks like 4d62 already caught most things) and hopefully we can get it merged after any requested changes are made. Thanks again! |
Oh, also @jazzyj123 it looks like you'll need to run |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #12027 +/- ##
==========================================
- Coverage 92.66% 92.62% -0.04%
==========================================
Files 761 761
Lines 37863 38025 +162
==========================================
+ Hits 35085 35222 +137
- Misses 2778 2803 +25
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
New Aruba Orchestrator Integration v2 Signed-off-by: jazzyj123 <[email protected]>
had a \ character which was failing build. Signed-off-by: jazzyj123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just this little thing, other than that it looks good to me. thanks for your contribution to authentik. tana will need to give final "ok" as I am not a maintainer.
oh i just noticed, the expression should be a code block instead of a quote > |
Can you help amend? Would appreciate it as I cannot see directly what the problem is? Promise I’ll try and contribute a bit more :) |
In lines https://github.com/goauthentik/authentik/pull/12027/files#diff-771a6edf120716eb47a74a38d01342a1186cbf7a1063441db43d1765acfadcb7R32-R34 , the expression gets shown as a quote due to
Codeblocks should be used instead for expressions
The expression should look like this instead: if ak_is_group_member(request.user, name="authentik Admins"):
result = "superAdmin"
return result hope this helps |
Right, I understand. I’ll make the amendments. Thank you
Sent from Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: 4d62 ***@***.***>
Sent: Monday, November 18, 2024 12:37:49 AM
To: goauthentik/authentik ***@***.***>
Cc: jazzyj123 ***@***.***>; Mention ***@***.***>
Subject: Re: [goauthentik/authentik] New Aruba Orchestrator Integration (PR #12027)
oh i just noticed, the expression should be a code block instead of a quote >
Can you help amend? Would appreciate it as I cannot see directly what the problem is? Promise I’ll try and contribute a bit more :)
In lines https://github.com/goauthentik/authentik/pull/12027/files#diff-771a6edf120716eb47a74a38d01342a1186cbf7a1063441db43d1765acfadcb7R32-R34 , the expression gets shown as a quote due to
writing it like this
Codeblocks should be used instead for expressions
like this, with three backticks ```
The expression should look like this instead:
if ak_is_group_member(request.user, name="authentik Admins"):
result = "superAdmin"
return result
hope this helps
—
Reply to this email directly, view it on GitHub<#12027 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASKTXT6SGZGGZTAQOE3NGOL2BEZF3AVCNFSM6AAAAABRZMPQA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBRG4YTCMZVHA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
@jazzyj123 can you run |
Co-authored-by: 4d62 <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Co-authored-by: 4d62 <[email protected]> Signed-off-by: jazzyj123 <[email protected]>
Ran through prettier. Signed-off-by: jazzyj123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated the file using prettier. Hope this works!
Updated SSL Certificate referenced on line 50. Signed-off-by: jazzyj123 <[email protected]>
@tanberry - hope this fixes it now. Thanks. :) |
Anyone able to help me with the lint issue? I ran I through before and it made loads of changes but it appears it’s till not good enough? Thx |
apply patch: diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md
index 24815b3970..003513e73b 100644
--- a/website/integrations/services/aruba-orchestrator/index.md
+++ b/website/integrations/services/aruba-orchestrator/index.md
@@ -17,39 +17,39 @@ sidebar_label: Aruba Orchestrator
The following placeholders will be used:
-- `arubaorchestrator.company` is the FQDN of the Aruba Orchestrator install.
-- `authentik.company` is the FQDN of the authentik install.
-- `SSL Certificate` is the name of the SSL certificate used to sign outgoing responses.
+- `arubaorchestrator.company` is the FQDN of the Aruba Orchestrator install.
+- `authentik.company` is the FQDN of the authentik install.
+- `SSL Certificate` is the name of the SSL certificate used to sign outgoing responses.
## authentik Configuration
1. Log in to authentik as an admin, and go to the Admin interface.
2. Create a new SAML Property Mapping under **Customisation** -> **Property Mappings**:
- - **Name**: `Aruba Orchestrator RBAC`
- - **SAML Attribute Name**: `sp-roles`
- - **Expression**: Use the expression below but amend the group name as desired.
+ - **Name**: `Aruba Orchestrator RBAC`
+ - **SAML Attribute Name**: `sp-roles`
+ - **Expression**: Use the expression below but amend the group name as desired.
- ```
- if ak_is_group_member(request.user, name="authentik Admins"):
- result = "superAdmin"
- return result
- ```
+ ```
+ if ak_is_group_member(request.user, name="authentik Admins"):
+ result = "superAdmin"
+ return result
+ ```
- - Save settings
+ - Save settings
3. Create a new SAML Provider under **Applications** -> **Providers** using the following settings:
- - **Name**: Aruba Orchestrator
- - **Authentication Flow**: Use your preferred authentication flow (e.g., default-authentication-flow`)
- - **Authorization Flow ID**: `default-provider-authorization-explicit-consent (Authorize Application)`
- - Protocol settings:
- - - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- - - **Issuer**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- - - **Service Provider Binding**: Post
- - Advanced protocol settings:
- - - **Signing Certificate**:`SSL Certificate`
- - - **Property Mappings**:`default` + `sp-roles`
- - Leave everything else as default and save the settings.
+ - **Name**: Aruba Orchestrator
+ - **Authentication Flow**: Use your preferred authentication flow (e.g., default-authentication-flow`)
+ - **Authorization Flow ID**: `default-provider-authorization-explicit-consent (Authorize Application)`
+ - Protocol settings:
+ - - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+ - - **Issuer**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+ - - **Service Provider Binding**: Post
+ - Advanced protocol settings:
+ - - **Signing Certificate**:`SSL Certificate`
+ - - **Property Mappings**:`default` + `sp-roles`
+ - Leave everything else as default and save the settings.
4. Download the signing certificate under **Applications** -> **Providers** -> **Aruba Orchestrator** .
5. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you have just created.
@@ -57,19 +57,19 @@ The following placeholders will be used:
1. Log in to the Aruba Orchestrator.
2. Create a new Remote Authentication Server under **Orchestrator** -> **Authentication** -> **Add New Server**.
- - **Type**: `SAML`
- - **Name**: `authentik`
- - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
- - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
- - **IdP X509 Cert**: (paste in the downloaded signing certificate)
- - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`
- - **iDP SLO Endpoint**: (optional)
- - **EdgeConnect X.509 Cert SLO**: (optional)
- - **Roles Attribute**: `sp-roles` (optional)
- - **Appliance Access Group Attribute**: (optional)
- - **Default role**: (optional)
+ - **Type**: `SAML`
+ - **Name**: `authentik`
+ - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
+ - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+ - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
+ - **IdP X509 Cert**: (paste in the downloaded signing certificate)
+ - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
+ - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`
+ - **iDP SLO Endpoint**: (optional)
+ - **EdgeConnect X.509 Cert SLO**: (optional)
+ - **Roles Attribute**: `sp-roles` (optional)
+ - **Appliance Access Group Attribute**: (optional)
+ - **Default role**: (optional)
## Verification
|
You should also work on Git branches instead of your main branch (for example, |
updated for lint again. Signed-off-by: jazzyj123 <[email protected]>
ok, fixed. Code style issues found in the above file. Run Prettier with --write to fix. Signed-off-by: jazzyj123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hopefully this fixes the lint check.
Hi @jazzyj123 dang the If those instructions don;' help, let me know if you want to have a chat and see if we can figure it out. Or alternatively, I can pull down your PR locally, run the commands, and push back to your PR. Whichever you prefer! :-)
Great, I have re-kicked off build, let's see. I was just writing you a longish reply, that if you want we can either try to sort it via a chat, or I can pull down your PR, run the commands, then push back to your PR. But let's see if this works first. |
I just executed npm run prettier and identified some issues and it said that it modified the file and I uploaded that file straight into my file I created. I originally referred to the documentation in the beginning by using the template and then an online Prettier. I'll see if I can reach out to you directly via GitHub shortly. Thanks for your persistence with this. It has become quite difficult just to do something quite simple :)
…________________________________
From: Tana M Berry ***@***.***>
Sent: Friday, November 22, 2024 3:11 pm
To: goauthentik/authentik ***@***.***>
Cc: jazzyj123 ***@***.***>; Mention ***@***.***>
Subject: Re: [goauthentik/authentik] website/integrations: add Aruba Orchestrator (PR #12027)
Hi @jazzyj123<https://github.com/jazzyj123> dang the prettier-check linter is still failing. Have you run make website or npm run prettier? Our Dev Docs<https://docs.goauthentik.io/docs/developer-docs/docs/writing-documentation> have a bit of info on how to prepare docs locally before pushing, to make sure they pass all the build checks.
If those instructions don;' help, let me know if you want to have a chat and see if we can figure it out. Or alternatively, I can pull down your PR locally, run the commands, and push back to your PR. Whichever you prefer! :-)
Hopefully this fixes the lint check.
Great, I have re-kicked off build, let's see. I was just writing you a longish reply, that if you want we can either try to sort it via a chat, or I can pull down your PR, run the commands, then push back to your PR. But let's see if this works first.
—
Reply to this email directly, view it on GitHub<#12027 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASKTXT7JSN3NEURCS3737YT2B5CRRAVCNFSM6AAAAABRZMPQA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJTHE3TSMBQHA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Welp, still not passing. @jazzyj123 let me know if you want to have a chat (google meet?) and step through what is happening, or I can pull down your PR and run commands. I'm fine with either, but since of course we hope you continue to contribute to authentik, I'd be very happy to talk and see if we can troubleshoot this. ;-) |
Yeah, true, sometimes what seems like it should be simple isn't. Often it is the "magic" of git being annoying, but once understood and sorted, it returns to being magical. I am free after 2:00 pm today Texas time (Central time zone). |
This integration guide details how to configure authentik as a SAML identity provider for Aruba Orchestrator, allowing centralized authentication and role-based access control. It involves setting up SAML mappings in authentik and configuring Aruba Orchestrator to accept SAML assertions from authentik for user login.