search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.05k stars 868 forks source link

Blueprint does not apply #9431

Closed m00nyONE closed 3 months ago

m00nyONE commented 5 months ago

Describe the bug

we use an application and a provider to authentikate against our zabbix instance. now, to be reproducable in the future, i wanted to write this as a blueprint. So i create an application and a samlprovider in the blueprint. Whatever i do, i can not make it apply. There is no error message in the event/logs and also nothing in the worker/server containers. i checked the blueprint and validated it with https://goauthentik.io/blueprints/schema.json and it seems fine.

The certificate i want to use is mounted in /certs and shows up fine. It has the id: CompanyName-main-cert

Before you ask, yes i tested the application and the provider beforehand. But thats not the problem here. The application and provider don't even apply / show up in the dashboard.

i even tried applying the two models individually. That also does not work.

To Reproduce

write a secret/configmap with the blueprint, load it up into authentik and execute this blueprint

version: 1
metadata:
  name: CompanyName - Zabbix
  labels:
    blueprints.goauthentik.io/instantiate: "true"
    blueprints.goauthentik.io/description: |
      This blueprint configures zabbix for CompanyName
context: { }
entries:
  - model: authentik_providers_saml.samlprovider
    conditions: [ ]
    state: created
    id: samlprovider-zabbix
    identifiers:
      name: samlprovider-zabbix
    attrs:
      acs_url: https://zabbix.CompanyName.com/index_sso.php?acs
      assertion_valid_not_before: minutes=-5
      assertion_valid_not_on_or_after: minutes=5
      authentication_flow: !KeyOf default-authentication-flow
      authorization_flow: !KeyOf default-provider-authorization-implicit-consent
      digest_algorithm: http://www.w3.org/2000/09/xmldsig#sha1
      issuer: authentik
      name: zabbix
      session_valid_not_on_or_after: minutes=86400
      signature_algorithm: http://www.w3.org/2000/09/xmldsig#rsa-sha1
      signing_kp: !KeyOf CompanyName-main-cert
      sp_binding: post
      verification_kp: !KeyOf CompanyName-main-cert
  - model: authentik_core.application
    id: application-zabbix
    identifiers:
      name: application-zabbix
    state: created
    attrs:
      name: zabbix
      policy_engine_mode: any
      provider: !KeyOf samlprovider-zabbix
      slug: zabbix

Expected behavior blueprint creates provider and application

Screenshots my region does not change, even when i set it to "EN". so it's in german now :-( Fehler = Error Ja = Yes Vor X Minuten = X minutes ago

image

Logs

{"domain_url": null, "event": "Task started", "level": "info", "logger": "authentik.root.celery", "pid": 100, "schema_name": "public", "task_id": "0e6a869f-479f-4621-9c73-0cd318c7b316", "task_name": "apply_blueprint", "timestamp": "2024-04-25T14:46:02.458528"}
{"domain_url": null, "event": "Task finished", "level": "info", "logger": "authentik.root.celery", "pid": 100, "schema_name": "public", "state": "SUCCESS", "task_id": "0e6a869f479f46219c730cd318c7b316", "task_name": "apply_blueprint", "timestamp": "2024-04-25T14:46:02.519917"}
{"domain_url": null, "event": "Task started", "level": "info", "logger": "authentik.root.celery", "pid": 100, "schema_name": "public", "task_id": "8b4fda6f-4eff-4d06-8a4b-6edc69264ba6", "task_name": "apply_blueprint", "timestamp": "2024-04-25T14:46:04.614418"}
{"domain_url": null, "event": "Task finished", "level": "info", "logger": "authentik.root.celery", "pid": 100, "schema_name": "public", "state": "SUCCESS", "task_id": "8b4fda6f4eff4d068a4b6edc69264ba6", "task_name": "apply_blueprint", "timestamp": "2024-04-25T14:46:04.676865"}

Version and Deployment:

Additional context There is sadly no documentation examples or anything else on the internet regarding application blueprints and provider blueprints

authentik-automation[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

PGimenez commented 1 month ago

I'm having the same issue creating a provider an an application. it works fine for users for example but can't create applications or providers. did you figure this out @m00nyONE ?