UltiSuite/ultisuite-client
UltiSuite/ultisuite-client
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2a0958b70d
ultisuite-client/components/admin/settings/guides/identity-provider-guides.ts
R3D347HR4Y 5304790ed5
Some checks are pending
E2E / Playwright e2e (push) Waiting to run
Details
feat(auth): enhance session management and identity provider settings 
- Added SessionGuard component to manage session expiration and online status.
- Updated AuthProvider to streamline session fetching and handling.
- Introduced IdentityProvidersSection for managing OAuth, SAML, and LDAP identity providers.
- Implemented identity provider guides for easier configuration.
- Enhanced mail settings with infinite scroll option for improved user experience.
- Updated global styles and layout components for better consistency across the application.
2026-06-09 09:36:46 +02:00

96 lines
3.3 KiB
TypeScript
Raw Blame History

import type {
IdentityProviderType,
OAuthProviderPreset,
} from "@/lib/admin-settings/org-settings-types"
export type IdentityProviderGuide = {
title: string
steps: string[]
}
const OAUTH_GUIDES: Record<OAuthProviderPreset, IdentityProviderGuide> = {
google: {
title: "Google Workspace / Google Cloud",
steps: [
"Console Google Cloud → APIs & Services → Credentials.",
"Créer un client OAuth « Web application ».",
"Ajouter l'URI de redirection Authentik (copier depuis le formulaire).",
"Renseigner Client ID et Client Secret ici.",
"Restreindre aux comptes de votre organisation via domaines autorisés (claim hd).",
"Scopes recommandés : openid email profile.",
],
},
github: {
title: "GitHub OAuth App",
steps: [
"GitHub → Settings → Developer settings → OAuth Apps → New OAuth App.",
"Authorization callback URL = URI de redirection Authentik.",
"Copier Client ID et générer un Client Secret.",
"Limiter l'accès avec la liste d'organisations GitHub autorisées si besoin.",
],
},
linkedin: {
title: "LinkedIn OAuth 2.0",
steps: [
"LinkedIn Developer Portal → créer une application.",
"Ajouter l'URI de redirection Authentik dans Authorized redirect URLs.",
"Activer les produits Sign In with LinkedIn / OpenID Connect.",
"Copier Client ID et Client Secret.",
],
},
microsoft: {
title: "Microsoft Entra ID (Azure AD)",
steps: [
"Portail Azure → App registrations → New registration.",
"Type de compte : organisation uniquement si SSO entreprise.",
"Redirect URI (Web) = URI Authentik.",
"Créer un client secret dans Certificates & secrets.",
"Renseigner le tenant ID dans organisations autorisées (claim tid).",
],
},
custom: {
title: "OAuth / OpenID Connect personnalisé",
steps: [
"Créer une application OAuth chez votre fournisseur.",
"Renseigner authorization, token et profile/userinfo URLs.",
"URI de redirection = callback Authentik affiché dans le formulaire.",
"Scopes minimum : openid email profile.",
],
},
}
const SAML_GUIDE: IdentityProviderGuide = {
title: "Fournisseur SAML (Azure AD, Okta, Google Workspace…)",
steps: [
"Créer une application SAML côté IdP entreprise.",
"Renseigner l'Entity ID / Audience = slug Authentik ou valeur fournie.",
"ACS / SSO URL = URL de connexion Authentik pour cette source.",
"Importer metadata URL/XML ou renseigner SSO URL + certificat signing.",
"Mapper l'email dans les attributs SAML (NameID ou mail).",
],
}
const LDAP_GUIDE: IdentityProviderGuide = {
title: "LDAP / Active Directory",
steps: [
"Préparer un compte de bind en lecture (bind DN + mot de passe).",
"Indiquer server_uri (ldap:// ou ldaps://) et base_dn de recherche.",
"Activer StartTLS si le serveur ne supporte que LDAP clair + TLS.",
"Optionnel : filtre utilisateur (ex. (sAMAccountName=%(user)s)).",
"Laisser sync_users désactivé pour l'authentification seule.",
],
}
export function guideForProvider(
type: IdentityProviderType,
oauthPreset?: OAuthProviderPreset
): IdentityProviderGuide {
if (type === "oauth") {
return OAUTH_GUIDES[oauthPreset ?? "custom"]
}
if (type === "saml") {
return SAML_GUIDE
}
return LDAP_GUIDE
}
Reference in New Issue View Git Blame Copy Permalink