authentik_client/models/
saml_provider_request.rs

1/*
2 * authentik
3 *
4 * Making authentication simple.
5 *
6 * The version of the OpenAPI document: 2025.12.1
7 * Contact: hello@goauthentik.io
8 * Generated by: https://openapi-generator.tech
9 */
10
11use crate::models;
12use serde::{Deserialize, Serialize};
13
14/// SamlProviderRequest : SAMLProvider Serializer
15#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
16pub struct SamlProviderRequest {
17    #[serde(rename = "name")]
18    pub name: String,
19    /// Flow used for authentication when the associated application is accessed by an un-authenticated user.
20    #[serde(
21        rename = "authentication_flow",
22        default,
23        with = "::serde_with::rust::double_option",
24        skip_serializing_if = "Option::is_none"
25    )]
26    pub authentication_flow: Option<Option<uuid::Uuid>>,
27    /// Flow used when authorizing this provider.
28    #[serde(rename = "authorization_flow")]
29    pub authorization_flow: uuid::Uuid,
30    /// Flow used ending the session from a provider.
31    #[serde(rename = "invalidation_flow")]
32    pub invalidation_flow: uuid::Uuid,
33    #[serde(rename = "property_mappings", skip_serializing_if = "Option::is_none")]
34    pub property_mappings: Option<Vec<uuid::Uuid>>,
35    #[serde(rename = "acs_url")]
36    pub acs_url: String,
37    /// Single Logout Service URL where the logout response should be sent.
38    #[serde(rename = "sls_url", skip_serializing_if = "Option::is_none")]
39    pub sls_url: Option<String>,
40    /// Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
41    #[serde(rename = "audience", skip_serializing_if = "Option::is_none")]
42    pub audience: Option<String>,
43    /// Also known as EntityID
44    #[serde(rename = "issuer", skip_serializing_if = "Option::is_none")]
45    pub issuer: Option<String>,
46    /// Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
47    #[serde(rename = "assertion_valid_not_before", skip_serializing_if = "Option::is_none")]
48    pub assertion_valid_not_before: Option<String>,
49    /// Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
50    #[serde(rename = "assertion_valid_not_on_or_after", skip_serializing_if = "Option::is_none")]
51    pub assertion_valid_not_on_or_after: Option<String>,
52    /// Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
53    #[serde(rename = "session_valid_not_on_or_after", skip_serializing_if = "Option::is_none")]
54    pub session_valid_not_on_or_after: Option<String>,
55    /// Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
56    #[serde(
57        rename = "name_id_mapping",
58        default,
59        with = "::serde_with::rust::double_option",
60        skip_serializing_if = "Option::is_none"
61    )]
62    pub name_id_mapping: Option<Option<uuid::Uuid>>,
63    /// Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
64    #[serde(
65        rename = "authn_context_class_ref_mapping",
66        default,
67        with = "::serde_with::rust::double_option",
68        skip_serializing_if = "Option::is_none"
69    )]
70    pub authn_context_class_ref_mapping: Option<Option<uuid::Uuid>>,
71    #[serde(rename = "digest_algorithm", skip_serializing_if = "Option::is_none")]
72    pub digest_algorithm: Option<models::DigestAlgorithmEnum>,
73    #[serde(rename = "signature_algorithm", skip_serializing_if = "Option::is_none")]
74    pub signature_algorithm: Option<models::SignatureAlgorithmEnum>,
75    /// Keypair used to sign outgoing Responses going to the Service Provider.
76    #[serde(
77        rename = "signing_kp",
78        default,
79        with = "::serde_with::rust::double_option",
80        skip_serializing_if = "Option::is_none"
81    )]
82    pub signing_kp: Option<Option<uuid::Uuid>>,
83    /// When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
84    #[serde(
85        rename = "verification_kp",
86        default,
87        with = "::serde_with::rust::double_option",
88        skip_serializing_if = "Option::is_none"
89    )]
90    pub verification_kp: Option<Option<uuid::Uuid>>,
91    /// When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
92    #[serde(
93        rename = "encryption_kp",
94        default,
95        with = "::serde_with::rust::double_option",
96        skip_serializing_if = "Option::is_none"
97    )]
98    pub encryption_kp: Option<Option<uuid::Uuid>>,
99    #[serde(rename = "sign_assertion", skip_serializing_if = "Option::is_none")]
100    pub sign_assertion: Option<bool>,
101    #[serde(rename = "sign_response", skip_serializing_if = "Option::is_none")]
102    pub sign_response: Option<bool>,
103    #[serde(rename = "sign_logout_request", skip_serializing_if = "Option::is_none")]
104    pub sign_logout_request: Option<bool>,
105    /// This determines how authentik sends the response back to the Service Provider.
106    #[serde(rename = "sp_binding", skip_serializing_if = "Option::is_none")]
107    pub sp_binding: Option<models::SamlBindingsEnum>,
108    /// This determines how authentik sends the logout response back to the Service Provider.
109    #[serde(rename = "sls_binding", skip_serializing_if = "Option::is_none")]
110    pub sls_binding: Option<models::SamlBindingsEnum>,
111    /// Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).
112    #[serde(rename = "logout_method", skip_serializing_if = "Option::is_none")]
113    pub logout_method: Option<models::SamlProviderLogoutMethodEnum>,
114    /// Default relay_state value for IDP-initiated logins
115    #[serde(rename = "default_relay_state", skip_serializing_if = "Option::is_none")]
116    pub default_relay_state: Option<String>,
117    #[serde(rename = "default_name_id_policy", skip_serializing_if = "Option::is_none")]
118    pub default_name_id_policy: Option<models::SamlNameIdPolicyEnum>,
119}
120
121impl SamlProviderRequest {
122    /// SAMLProvider Serializer
123    pub fn new(
124        name: String,
125        authorization_flow: uuid::Uuid,
126        invalidation_flow: uuid::Uuid,
127        acs_url: String,
128    ) -> SamlProviderRequest {
129        SamlProviderRequest {
130            name,
131            authentication_flow: None,
132            authorization_flow,
133            invalidation_flow,
134            property_mappings: None,
135            acs_url,
136            sls_url: None,
137            audience: None,
138            issuer: None,
139            assertion_valid_not_before: None,
140            assertion_valid_not_on_or_after: None,
141            session_valid_not_on_or_after: None,
142            name_id_mapping: None,
143            authn_context_class_ref_mapping: None,
144            digest_algorithm: None,
145            signature_algorithm: None,
146            signing_kp: None,
147            verification_kp: None,
148            encryption_kp: None,
149            sign_assertion: None,
150            sign_response: None,
151            sign_logout_request: None,
152            sp_binding: None,
153            sls_binding: None,
154            logout_method: None,
155            default_relay_state: None,
156            default_name_id_policy: None,
157        }
158    }
159}