Skip to main content

authentik_client/models/
saml_provider_request.rs

1/*
2 * authentik
3 *
4 * Making authentication simple.
5 *
6 * The version of the OpenAPI document: 2025.8.6
7 * Contact: hello@goauthentik.io
8 * Generated by: https://openapi-generator.tech
9 */
10
11use crate::models;
12use serde::{Deserialize, Serialize};
13
14/// SamlProviderRequest : SAMLProvider Serializer
15#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
16pub struct SamlProviderRequest {
17    #[serde(rename = "name")]
18    pub name: String,
19    /// Flow used for authentication when the associated application is accessed by an un-authenticated user.
20    #[serde(
21        rename = "authentication_flow",
22        default,
23        with = "::serde_with::rust::double_option",
24        skip_serializing_if = "Option::is_none"
25    )]
26    pub authentication_flow: Option<Option<uuid::Uuid>>,
27    /// Flow used when authorizing this provider.
28    #[serde(rename = "authorization_flow")]
29    pub authorization_flow: uuid::Uuid,
30    /// Flow used ending the session from a provider.
31    #[serde(rename = "invalidation_flow")]
32    pub invalidation_flow: uuid::Uuid,
33    #[serde(rename = "property_mappings", skip_serializing_if = "Option::is_none")]
34    pub property_mappings: Option<Vec<uuid::Uuid>>,
35    #[serde(rename = "acs_url")]
36    pub acs_url: String,
37    /// Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
38    #[serde(rename = "audience", skip_serializing_if = "Option::is_none")]
39    pub audience: Option<String>,
40    /// Also known as EntityID
41    #[serde(rename = "issuer", skip_serializing_if = "Option::is_none")]
42    pub issuer: Option<String>,
43    /// Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
44    #[serde(rename = "assertion_valid_not_before", skip_serializing_if = "Option::is_none")]
45    pub assertion_valid_not_before: Option<String>,
46    /// Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
47    #[serde(rename = "assertion_valid_not_on_or_after", skip_serializing_if = "Option::is_none")]
48    pub assertion_valid_not_on_or_after: Option<String>,
49    /// Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
50    #[serde(rename = "session_valid_not_on_or_after", skip_serializing_if = "Option::is_none")]
51    pub session_valid_not_on_or_after: Option<String>,
52    /// Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
53    #[serde(
54        rename = "name_id_mapping",
55        default,
56        with = "::serde_with::rust::double_option",
57        skip_serializing_if = "Option::is_none"
58    )]
59    pub name_id_mapping: Option<Option<uuid::Uuid>>,
60    /// Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.
61    #[serde(
62        rename = "authn_context_class_ref_mapping",
63        default,
64        with = "::serde_with::rust::double_option",
65        skip_serializing_if = "Option::is_none"
66    )]
67    pub authn_context_class_ref_mapping: Option<Option<uuid::Uuid>>,
68    #[serde(rename = "digest_algorithm", skip_serializing_if = "Option::is_none")]
69    pub digest_algorithm: Option<models::DigestAlgorithmEnum>,
70    #[serde(rename = "signature_algorithm", skip_serializing_if = "Option::is_none")]
71    pub signature_algorithm: Option<models::SignatureAlgorithmEnum>,
72    /// Keypair used to sign outgoing Responses going to the Service Provider.
73    #[serde(
74        rename = "signing_kp",
75        default,
76        with = "::serde_with::rust::double_option",
77        skip_serializing_if = "Option::is_none"
78    )]
79    pub signing_kp: Option<Option<uuid::Uuid>>,
80    /// When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
81    #[serde(
82        rename = "verification_kp",
83        default,
84        with = "::serde_with::rust::double_option",
85        skip_serializing_if = "Option::is_none"
86    )]
87    pub verification_kp: Option<Option<uuid::Uuid>>,
88    /// When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.
89    #[serde(
90        rename = "encryption_kp",
91        default,
92        with = "::serde_with::rust::double_option",
93        skip_serializing_if = "Option::is_none"
94    )]
95    pub encryption_kp: Option<Option<uuid::Uuid>>,
96    #[serde(rename = "sign_assertion", skip_serializing_if = "Option::is_none")]
97    pub sign_assertion: Option<bool>,
98    #[serde(rename = "sign_response", skip_serializing_if = "Option::is_none")]
99    pub sign_response: Option<bool>,
100    /// This determines how authentik sends the response back to the Service Provider.
101    #[serde(rename = "sp_binding", skip_serializing_if = "Option::is_none")]
102    pub sp_binding: Option<models::SpBindingEnum>,
103    /// Default relay_state value for IDP-initiated logins
104    #[serde(rename = "default_relay_state", skip_serializing_if = "Option::is_none")]
105    pub default_relay_state: Option<String>,
106    #[serde(rename = "default_name_id_policy", skip_serializing_if = "Option::is_none")]
107    pub default_name_id_policy: Option<models::SamlNameIdPolicyEnum>,
108}
109
110impl SamlProviderRequest {
111    /// SAMLProvider Serializer
112    pub fn new(
113        name: String,
114        authorization_flow: uuid::Uuid,
115        invalidation_flow: uuid::Uuid,
116        acs_url: String,
117    ) -> SamlProviderRequest {
118        SamlProviderRequest {
119            name,
120            authentication_flow: None,
121            authorization_flow,
122            invalidation_flow,
123            property_mappings: None,
124            acs_url,
125            audience: None,
126            issuer: None,
127            assertion_valid_not_before: None,
128            assertion_valid_not_on_or_after: None,
129            session_valid_not_on_or_after: None,
130            name_id_mapping: None,
131            authn_context_class_ref_mapping: None,
132            digest_algorithm: None,
133            signature_algorithm: None,
134            signing_kp: None,
135            verification_kp: None,
136            encryption_kp: None,
137            sign_assertion: None,
138            sign_response: None,
139            sp_binding: None,
140            default_relay_state: None,
141            default_name_id_policy: None,
142        }
143    }
144}