providers/radius: simple radius outpost (#1796)

* initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
parent 84c2da8a6e
commit 3f5effb1bc
54 changed files with 5433 additions and 677 deletions
--- a/website/docs/outposts/manual-deploy-docker-compose.md
+++ b/website/docs/outposts/manual-deploy-docker-compose.md
@ -19,11 +19,8 @@ services:
        # networks:
        #   - foo
        ports:
-            - 4180:4180
-            - 4443:4443
-            # Starting in authentik 2021.9, use the ports below
-            # - 9000:9000
-            # - 9443:9443
+            - 9000:9000
+            - 9443:9443
        environment:
            AUTHENTIK_HOST: https://your-authentik.tld
            AUTHENTIK_INSECURE: "false"
--- a/website/docs/providers/radius.md
+++ b/website/docs/providers/radius.md
@ -0,0 +1,33 @@
+---
+title: Radius Provider
+---
+
+:::info
+This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
+:::
+
+You can configure a Radius Provider for applications that don't support any other protocols or require Radius.
+
+:::info
+Note: This provider requires the deployment of the [Radius Outpost](../outposts/)
+:::
+
+Currently, only authentication requests are supported.
+
+Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.
+
+The following stages are supported:
+
+-   [Identification](../flow/stages/identification/index.md)
+-   [Password](../flow/stages/password/index.md)
+-   [Authenticator validation](../flow/stages/authenticator_validate/index.md)
+
+    Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
+
+    For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the code `123456`, the input must be `example-password;123456`.
+
+    SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
+
+-   [User Logout](../flow/stages/user_logout.md)
+-   [User Login](../flow/stages/user_login/index.md)
+-   [Deny](../flow/stages/deny.md)
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -55,6 +55,7 @@ module.exports = {
                    ],
                },
                "providers/saml",
+                "providers/radius",
                {
                    type: "category",
                    label: "Proxy Provider",