version: 1 metadata: labels: blueprints.goauthentik.io/instantiate: "true" name: zammad entries: - attrs: expression: return request.user.name managed: null name: 'Zammad SAML Mapping: name' saml_name: name conditions: [] identifiers: name: zammad_name_mapping id: zammad_name_mapping model: authentik_providers_saml.samlpropertymapping state: present - attrs: expression: return request.user.email managed: null name: 'Zammad SAML Mapping: email' saml_name: email conditions: [] identifiers: name: zammad_email_mapping id: zammad_email_mapping model: authentik_providers_saml.samlpropertymapping state: present - attrs: acs_url: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/callback assertion_valid_not_before: minutes=-5 assertion_valid_not_on_or_after: minutes=5 audience: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/metadata authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]] authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256 issuer: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/metadata name: zammad property_mappings: - !KeyOf zammad_name_mapping - !KeyOf zammad_email_mapping session_valid_not_on_or_after: minutes=86400 sign_assertion: true signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] sp_binding: post conditions: [] id: zammad_provider identifiers: pk: 9989 model: authentik_providers_saml.samlprovider state: present - attrs: meta_launch_url: "" open_in_new_tab: true policy_engine_mode: any provider: !KeyOf zammad_provider slug: zammad conditions: [] id: zammad_application identifiers: name: Zammad model: authentik_core.application state: present