From 76634819403f384a381adde09690672493af2a79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Huss?= <sebastien.huss@gmail.com>
Date: Fri, 24 May 2024 14:39:11 +0200
Subject: [PATCH] fix

---
 apps/sonar/sonar_ConfigMap.tf | 10 +++++-----
 apps/sonar/sonar_Service.tf   |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/sonar/sonar_ConfigMap.tf b/apps/sonar/sonar_ConfigMap.tf
index 90032a1..bfbb25a 100644
--- a/apps/sonar/sonar_ConfigMap.tf
+++ b/apps/sonar/sonar_ConfigMap.tf
@@ -37,13 +37,13 @@ resource "kubectl_manifest" "cm_files" {
         sonar.auth.saml.enabled=true
         sonar.auth.saml.applicationId=https://${local.dns_name}/saml2/metadata
         sonar.auth.saml.providerName=vynil
-        sonar.auth.saml.providerId=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}
+        sonar.auth.saml.providerId=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/
         sonar.auth.saml.loginUrl=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/saml/${var.component}-${var.instance}/sso/binding/redirect/
         sonar.auth.saml.certificate.secured=${join("",[for line in split("\n",module.saml.certificate_data): line if !endswith(line, "CERTIFICATE-----")])}
-        sonar.auth.saml.user.login=windowsaccountname
-        sonar.auth.saml.user.name=name
-        sonar.auth.saml.user.email=emailaddress
-        sonar.auth.saml.group.name=group
+        sonar.auth.saml.user.login=http://schemas.goauthentik.io/2021/02/saml/username
+        sonar.auth.saml.user.name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
+        sonar.auth.saml.user.email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
+        sonar.auth.saml.group.name=http://schemas.xmlsoap.org/claims/Group
       prometheus-ce-config.yaml: |-
         rules:
         - pattern: .*
diff --git a/apps/sonar/sonar_Service.tf b/apps/sonar/sonar_Service.tf
index 14d5005..1a17112 100644
--- a/apps/sonar/sonar_Service.tf
+++ b/apps/sonar/sonar_Service.tf
@@ -57,7 +57,7 @@ module "saml" {
   namespace         = var.namespace
   labels            = local.common_labels
   audience          = "https://${local.dns_name}/saml2/metadata"
-  saml_issuer       = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}"
+  saml_issuer       = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/"
   group_mapping     = <<ENDF
 for group in user.ak_groups.all():
     if group.name == "authentik Admins":