authentik/blueprints/system/providers-scim.yaml

61 lines
2.0 KiB
YAML

version: 1
metadata:
labels:
blueprints.goauthentik.io/system: "true"
name: System - SCIM Provider - Mappings
entries:
- identifiers:
managed: goauthentik.io/providers/scim/user
model: authentik_providers_scim.scimmapping
attrs:
name: "authentik default SCIM Mapping: User"
expression: |
# Some implementations require givenName and familyName to be set
givenName, familyName = request.user.name, ""
# This default sets givenName to the name before the first space
# and the remainder as family name
# if the user's name has no space the givenName is the entire name
# (this might cause issues with some SCIM implementations)
if " " in request.user.name:
givenName, _, familyName = request.user.name.partition(" ")
# photos supports URLs to images, however authentik might return data URIs
avatar = request.user.avatar
photos = None
if "://" in avatar:
photos = [{"value": avatar, "type": "photo"}]
locale = request.user.locale()
if locale == "":
locale = None
emails = []
if request.user.email != "":
emails = [{
"value": request.user.email,
"type": "other",
"primary": True,
}]
return {
"userName": request.user.username,
"name": {
"formatted": request.user.name,
"givenName": givenName,
"familyName": familyName,
},
"displayName": request.user.name,
"photos": photos,
"locale": locale,
"active": request.user.is_active,
"emails": emails,
}
- identifiers:
managed: goauthentik.io/providers/scim/group
model: authentik_providers_scim.scimmapping
attrs:
name: "authentik default SCIM Mapping: Group"
expression: |
return {
"displayName": group.name,
}