version: 1
metadata:
  labels:
    blueprints.goauthentik.io/system: "true"
  name: System - SAML Provider - Mappings
entries:
  - identifiers:
      managed: goauthentik.io/providers/saml/upn
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: UPN"
      saml_name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
      expression: |
        return request.user.attributes.get('upn', request.user.email)
  - identifiers:
      managed: goauthentik.io/providers/saml/name
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: Name"
      saml_name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
      expression: |
        return request.user.name
  - identifiers:
      managed: goauthentik.io/providers/saml/email
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: Email"
      saml_name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
      expression: |
        return request.user.email
  - identifiers:
      managed: goauthentik.io/providers/saml/username
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: Username"
      saml_name: "http://schemas.goauthentik.io/2021/02/saml/username"
      expression: |
        return request.user.username
  - identifiers:
      managed: goauthentik.io/providers/saml/uid
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: User ID"
      saml_name: "http://schemas.goauthentik.io/2021/02/saml/uid"
      expression: |
        return request.user.pk
  - identifiers:
      managed: goauthentik.io/providers/saml/groups
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: Groups"
      saml_name: "http://schemas.xmlsoap.org/claims/Group"
      expression: |
        for group in request.user.ak_groups.all():
            yield group.name
  - identifiers:
      managed: goauthentik.io/providers/saml/ms-windowsaccountname
    model: authentik_providers_saml.samlpropertymapping
    attrs:
      name: "authentik default SAML Mapping: WindowsAccountname (Username)"
      saml_name: "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
      expression: |
        return request.user.username