habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into dev

Browse Source 
* main:
  web: update gen-client-ts to OpenAPI 7.11.0 (#12756)
  website/integrations: rustdesk-server-pro (#12706)
  core: bump codespell from 2.3.0 to 2.4.0 (#12762)
  root: docker: ensure apt packages are up-to-date (#12683)
  ci: fix missing build args for dev and release (#12760)
  web: bump vite from 5.4.11 to 5.4.14 in /web (#12757)
  web: bump undici from 6.21.0 to 6.21.1 in /web (#12755)
  lifecycle: fix cryptography's OpenSSL path (#12753)
This commit is contained in:
Ken Sternberg
2025-01-22 10:09:24 -08:00
parent 25eefb7d55 3253de73ec
commit 457b61c5b4
64 changed files with 219 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/actions/docker-push-variables/action.yml vendored
View File

@ -9,6 +9,9 @@ inputs:
image-arch:
required: false
description: "Docker image arch"
release:
required: true
description: "True if this is a release build, false if this is a dev/PR build"
outputs:
shouldPush:
@ -44,6 +47,9 @@ outputs:
imageMainName:
description: "Docker image main name"
value: ${{ steps.ev.outputs.imageMainName }}
imageBuildArgs:
description: "Docker image build args"
value: ${{ steps.ev.outputs.imageBuildArgs }}
runs:
using: "composite"
@ -54,6 +60,8 @@ runs:
env:
IMAGE_NAME: ${{ inputs.image-name }}
IMAGE_ARCH: ${{ inputs.image-arch }}
RELEASE: ${{ inputs.release }}
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
REF: ${{ github.ref }}
run: |
python3 ${{ github.action_path }}/push_vars.py

8
.github/actions/docker-push-variables/push_vars.py vendored
View File

@ -80,6 +80,13 @@ if should_push:
cache_to = f"type=registry,ref={get_attest_image_names(image_tags)}:{_cache_tag},mode=max"
image_build_args = []
if os.getenv("RELEASE", "false").lower() == "true":
image_build_args = [f"VERSION={os.getenv('REF')}"]
else:
image_build_args = [f"GIT_BUILD_HASH={sha}"]
image_build_args = "\n".join(image_build_args)
with open(os.environ["GITHUB_OUTPUT"], "a+", encoding="utf-8") as _output:
print(f"shouldPush={str(should_push).lower()}", file=_output)
print(f"sha={sha}", file=_output)
@ -91,3 +98,4 @@ with open(os.environ["GITHUB_OUTPUT"], "a+", encoding="utf-8") as _output:
print(f"imageMainTag={image_main_tag}", file=_output)
print(f"imageMainName={image_tags[0]}", file=_output)
print(f"cacheTo={cache_to}", file=_output)
print(f"imageBuildArgs={image_build_args}", file=_output)

3
.github/workflows/_reusable-docker-build-single.yaml vendored
View File

@ -50,6 +50,7 @@ jobs:
with:
image-name: ${{ inputs.image_name }}
image-arch: ${{ inputs.image_arch }}
release: ${{ inputs.release }}
- name: Login to Docker Hub
if: ${{ inputs.registry_dockerhub }}
uses: docker/login-action@v3
@ -81,7 +82,7 @@ jobs:
GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}
GEOIPUPDATE_LICENSE_KEY=${{ secrets.GEOIPUPDATE_LICENSE_KEY }}
build-args: |
VERSION=${{ github.ref }}
${{ steps.ev.outputs.imageBuildArgs }}
tags: ${{ steps.ev.outputs.imageTags }}
platforms: linux/${{ inputs.image_arch }}
cache-from: type=registry,ref=${{ steps.ev.outputs.attestImageNames }}:buildcache-${{ inputs.image_arch }}

7
Dockerfile
View File

@ -132,9 +132,10 @@ RUN --mount=type=bind,target=./pyproject.toml,src=./pyproject.toml \
. "$HOME/.cargo/env" && \
python -m venv /ak-root/venv/ && \
bash -c "source ${VENV_PATH}/bin/activate && \
pip3 install --upgrade pip && \
pip3 install poetry && \
pip3 install --upgrade pip poetry && \
poetry config --local installer.no-binary cryptography,xmlsec,lxml,python-kadmin-rs && \
poetry install --only=main --no-ansi --no-interaction --no-root && \
pip uninstall cryptography -y && \
poetry install --only=main --no-ansi --no-interaction --no-root"
# Stage 6: Run
@ -154,10 +155,12 @@ WORKDIR /
# We cannot cache this layer otherwise we'll end up with a bigger image
RUN apt-get update && \
apt-get upgrade -y && \
# Required for runtime
apt-get install -y --no-install-recommends libpq5 libmaxminddb0 ca-certificates libkrb5-3 libkadm5clnt-mit12 libkdb5-10 libltdl7 libxslt1.1 && \
# Required for bootstrap & healtcheck
apt-get install -y --no-install-recommends runit && \
pip3 install --no-cache-dir --upgrade pip && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \
adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \

2
Makefile
View File

@ -152,7 +152,7 @@ gen-client-ts: gen-clean-ts ## Build and install the authentik API for Typescri
docker run \
--rm -v ${PWD}:/local \
--user ${UID}:${GID} \
docker.io/openapitools/openapi-generator-cli:v6.5.0 generate \
docker.io/openapitools/openapi-generator-cli:v7.11.0 generate \
-i /local/schema.yml \
-g typescript-fetch \
-o /local/${GEN_API_TS} \

5
ldap.Dockerfile
View File

@ -43,6 +43,11 @@ LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.revision=${GIT_BUILD_HASH}
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/*
COPY --from=builder /go/ldap /
HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "/ldap", "healthcheck" ]

8
poetry.lock generated
View File

@ -1061,13 +1061,13 @@ testing = ["pytest (>=7.2.1)", "pytest-cov (>=4.0.0)", "tox (>=4.4.3)"]
[[package]]
name = "codespell"
version = "2.3.0"
description = "Codespell"
version = "2.4.0"
description = "Fix common misspellings in text files"
optional = false
python-versions = ">=3.8"
files = [
{file = "codespell-2.3.0-py3-none-any.whl", hash = "sha256:a9c7cef2501c9cfede2110fd6d4e5e62296920efe9abfb84648df866e47f58d1"},
{file = "codespell-2.3.0.tar.gz", hash = "sha256:360c7d10f75e65f67bad720af7007e1060a5d395670ec11a7ed1fed9dd17471f"},
{file = "codespell-2.4.0-py3-none-any.whl", hash = "sha256:b4c5b779f747dd481587aeecb5773301183f52b94b96ed51a28126d0482eec1d"},
{file = "codespell-2.4.0.tar.gz", hash = "sha256:587d45b14707fb8ce51339ba4cce50ae0e98ce228ef61f3c5e160e34f681be58"},
]
[package.extras]

5
proxy.Dockerfile
View File

@ -59,6 +59,11 @@ LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.revision=${GIT_BUILD_HASH}
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/*
COPY --from=builder /go/proxy /
COPY --from=web-builder /static/robots.txt /web/robots.txt
COPY --from=web-builder /static/security.txt /web/security.txt

7
rac.Dockerfile
View File

@ -43,6 +43,13 @@ LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.revision=${GIT_BUILD_HASH}
USER root
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/*
USER 1000
COPY --from=builder /go/rac /
HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "/rac", "healthcheck" ]

5
radius.Dockerfile
View File

@ -43,6 +43,11 @@ LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.revision=${GIT_BUILD_HASH}
RUN apt-get update && \
apt-get upgrade -y && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/*
COPY --from=builder /go/radius /
HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "/radius", "healthcheck" ]

14
web/package-lock.json generated
View File

@ -21468,10 +21468,11 @@
}
},
"node_modules/undici": {
"version": "6.21.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.21.0.tgz",
"integrity": "sha512-BUgJXc752Kou3oOIuU1i+yZZypyZRqNPW0vqoMPl8VaoalSfeR0D8/t4iAS3yirs79SSMTxTag+ZC86uswv+Cw==",
"version": "6.21.1",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.21.1.tgz",
"integrity": "sha512-q/1rj5D0/zayJB2FraXdaWxbhWiNKDvu8naDT2dl1yTlvJp4BLtOcp2a5BvgGNQpYYJzau7tf1WgKv3b+7mqpQ==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=18.17"
}
@ -21792,10 +21793,11 @@
}
},
"node_modules/vite": {
"version": "5.4.11",
"resolved": "https://registry.npmjs.org/vite/-/vite-5.4.11.tgz",
"integrity": "sha512-c7jFQRklXua0mTzneGW9QVyxFjUgwcihC4bXEtujIo2ouWCe1Ajt/amn2PCxYnhYfd5k09JX3SB7OYWFKYqj8Q==",
"version": "5.4.14",
"resolved": "https://registry.npmjs.org/vite/-/vite-5.4.14.tgz",
"integrity": "sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA==",
"dev": true,
"license": "MIT",
"dependencies": {
"esbuild": "^0.21.3",
"postcss": "^8.4.43",

1
web/package.json
View File

@ -125,6 +125,7 @@
"lint:nightmare": "wireit",
"lint:package": "wireit",
"lint:precommit": "wireit",
"lint:types": "wireit",
"lit-analyse": "wireit",
"postinstall": "bash scripts/patch-spotlight.sh",
"precommit": "wireit",

6
web/src/admin/applications/ApplicationViewPage.ts
View File

@ -80,8 +80,8 @@ export class ApplicationViewPage extends AKElement {
if (
app.providerObj &&
[
RbacPermissionsAssignedByUsersListModelEnum.ProvidersProxyProxyprovider.toString(),
RbacPermissionsAssignedByUsersListModelEnum.ProvidersLdapLdapprovider.toString(),
RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersProxyProxyprovider.toString(),
RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersLdapLdapprovider.toString(),
].includes(app.providerObj.metaModelName)
) {
this.fetchIsMissingOutpost([app.provider || 0]);
@ -340,7 +340,7 @@ export class ApplicationViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreApplication}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreApplication}
objectPk=${this.application.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/applications/entitlements/ApplicationEntitlementPage.ts
View File

@ -86,7 +86,7 @@ export class ApplicationEntitlementsPage extends Table<ApplicationEntitlement> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreApplicationentitlement}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreApplicationentitlement}
objectPk=${item.pbmUuid}
>
</ak-rbac-object-permission-modal>`,

14
web/src/admin/applications/wizard/steps/SubmitStepOverviewRenderers.ts
View File

@ -142,11 +142,11 @@ function renderLDAPOverview(rawProvider: OneOfProvider) {
const providerName = (p: ProviderModelEnum): string => p.toString().split(".")[1];
export const providerRenderers = new Map([
[providerName(ProviderModelEnum.SamlSamlprovider), renderSAMLOverview],
[providerName(ProviderModelEnum.ScimScimprovider), renderSCIMOverview],
[providerName(ProviderModelEnum.RadiusRadiusprovider), renderRadiusOverview],
[providerName(ProviderModelEnum.RacRacprovider), renderRACOverview],
[providerName(ProviderModelEnum.ProxyProxyprovider), renderProxyOverview],
[providerName(ProviderModelEnum.Oauth2Oauth2provider), renderOAuth2Overview],
[providerName(ProviderModelEnum.LdapLdapprovider), renderLDAPOverview],
[providerName(ProviderModelEnum.AuthentikProvidersSamlSamlprovider), renderSAMLOverview],
[providerName(ProviderModelEnum.AuthentikProvidersScimScimprovider), renderSCIMOverview],
[providerName(ProviderModelEnum.AuthentikProvidersRadiusRadiusprovider), renderRadiusOverview],
[providerName(ProviderModelEnum.AuthentikProvidersRacRacprovider), renderRACOverview],
[providerName(ProviderModelEnum.AuthentikProvidersProxyProxyprovider), renderProxyOverview],
[providerName(ProviderModelEnum.AuthentikProvidersOauth2Oauth2provider), renderOAuth2Overview],
[providerName(ProviderModelEnum.AuthentikProvidersLdapLdapprovider), renderLDAPOverview],
]);

2
web/src/admin/blueprints/BlueprintListPage.ts
View File

@ -155,7 +155,7 @@ export class BlueprintListPage extends TablePage<BlueprintInstance> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.BlueprintsBlueprintinstance}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikBlueprintsBlueprintinstance}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>

2
web/src/admin/brands/BrandListPage.ts
View File

@ -93,7 +93,7 @@ export class BrandListPage extends TablePage<Brand> {
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.BrandsBrand}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikBrandsBrand}
objectPk=${item.brandUuid}
>
</ak-rbac-object-permission-modal>`,

2
web/src/admin/crypto/CertificateKeyPairListPage.ts
View File

@ -134,7 +134,7 @@ export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.CryptoCertificatekeypair}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCryptoCertificatekeypair}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>`,

2
web/src/admin/enterprise/EnterpriseLicenseListPage.ts
View File

@ -231,7 +231,7 @@ export class EnterpriseLicenseListPage extends TablePage<License> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.EnterpriseLicense}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikEnterpriseLicense}
objectPk=${item.licenseUuid}
>
</ak-rbac-object-permission-modal> `,

2
web/src/admin/events/RuleListPage.ts
View File

@ -99,7 +99,7 @@ export class RuleListPage extends TablePage<NotificationRule> {
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationrule}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikEventsNotificationrule}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>`,

2
web/src/admin/events/TransportListPage.ts
View File

@ -94,7 +94,7 @@ export class TransportListPage extends TablePage<NotificationTransport> {
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationtransport}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikEventsNotificationtransport}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>

2
web/src/admin/flows/FlowViewPage.ts
View File

@ -280,7 +280,7 @@ export class FlowViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.FlowsFlow}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikFlowsFlow}
objectPk=${this.flow.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/groups/GroupViewPage.ts
View File

@ -203,7 +203,7 @@ export class GroupViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreGroup}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreGroup}
objectPk=${this.group.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/outposts/OutpostListPage.ts
View File

@ -148,7 +148,7 @@ export class OutpostListPage extends TablePage<Outpost> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.OutpostsOutpost}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikOutpostsOutpost}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>

2
web/src/admin/policies/reputation/ReputationListPage.ts
View File

@ -93,7 +93,7 @@ export class ReputationListPage extends TablePage<Reputation> {
<small>${item.updated.toLocaleString()}</small>`,
html`
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.PoliciesReputationReputationpolicy}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikPoliciesReputationReputationpolicy}
objectPk=${item.pk || ""}
>
</ak-rbac-object-permission-modal>

2
web/src/admin/property-mappings/PropertyMappingTestForm.ts
View File

@ -71,7 +71,7 @@ export class PolicyTestForm extends Form<PropertyMappingTestRequest> {
renderExampleButtons() {
return this.mapping?.metaModelName ===
RbacPermissionsAssignedByUsersListModelEnum.SourcesLdapLdapsourcepropertymapping
RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesLdapLdapsourcepropertymapping
? html`<p>${msg("Example context data")}</p>
${this.renderExampleLDAP()}`
: nothing;

2
web/src/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList.ts
View File

@ -35,7 +35,7 @@ export class GoogleWorkspaceProviderGroupList extends Table<GoogleWorkspaceProvi
<span slot="header">${msg("Sync Group")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.Group}
model=${SyncObjectModelEnum.AuthentikCoreModelsGroup}
.sync=${(data: ProvidersGoogleWorkspaceSyncObjectCreateRequest) => {
return new ProvidersApi(
DEFAULT_CONFIG,

2
web/src/admin/providers/google_workspace/GoogleWorkspaceProviderUserList.ts
View File

@ -35,7 +35,7 @@ export class GoogleWorkspaceProviderUserList extends Table<GoogleWorkspaceProvid
<span slot="header">${msg("Sync User")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.User}
model=${SyncObjectModelEnum.AuthentikCoreModelsUser}
.sync=${(data: ProvidersGoogleWorkspaceSyncObjectCreateRequest) => {
return new ProvidersApi(
DEFAULT_CONFIG,

2
web/src/admin/providers/google_workspace/GoogleWorkspaceProviderViewPage.ts
View File

@ -147,7 +147,7 @@ export class GoogleWorkspaceProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersGoogleWorkspaceGoogleworkspaceprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersGoogleWorkspaceGoogleworkspaceprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/ldap/LDAPProviderViewPage.ts
View File

@ -111,7 +111,7 @@ export class LDAPProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersLdapLdapprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersLdapLdapprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList.ts
View File

@ -32,7 +32,7 @@ export class MicrosoftEntraProviderGroupList extends Table<MicrosoftEntraProvide
<span slot="header">${msg("Sync Group")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.Group}
model=${SyncObjectModelEnum.AuthentikCoreModelsGroup}
.sync=${(data: ProvidersMicrosoftEntraSyncObjectCreateRequest) => {
return new ProvidersApi(
DEFAULT_CONFIG,

2
web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList.ts
View File

@ -35,7 +35,7 @@ export class MicrosoftEntraProviderUserList extends Table<MicrosoftEntraProvider
<span slot="header">${msg("Sync User")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.User}
model=${SyncObjectModelEnum.AuthentikCoreModelsUser}
.sync=${(data: ProvidersMicrosoftEntraSyncObjectCreateRequest) => {
return new ProvidersApi(
DEFAULT_CONFIG,

2
web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderViewPage.ts
View File

@ -147,7 +147,7 @@ export class MicrosoftEntraProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersMicrosoftEntraMicrosoftentraprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersMicrosoftEntraMicrosoftentraprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
View File

@ -158,7 +158,7 @@ export class OAuth2ProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersOauth2Oauth2provider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersOauth2Oauth2provider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/proxy/ProxyProviderViewPage.ts
View File

@ -229,7 +229,7 @@ export class ProxyProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersProxyProxyprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersProxyProxyprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/rac/EndpointList.ts
View File

@ -102,7 +102,7 @@ export class EndpointListPage extends Table<Endpoint> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersRacEndpoint}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersRacEndpoint}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>`,

2
web/src/admin/providers/rac/RACProviderViewPage.ts
View File

@ -119,7 +119,7 @@ export class RACProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersRacRacprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersRacRacprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/radius/RadiusProviderViewPage.ts
View File

@ -169,7 +169,7 @@ export class RadiusProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersRadiusRadiusprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersRadiusRadiusprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

26
web/src/admin/providers/saml/SAMLProviderOptions.ts
View File

@ -18,20 +18,20 @@ export const spBindingOptions = toOptions([
]);
export const digestAlgorithmOptions = toOptions([
["SHA1", DigestAlgorithmEnum._200009Xmldsigsha1],
["SHA256", DigestAlgorithmEnum._200104Xmlencsha256, true],
["SHA384", DigestAlgorithmEnum._200104XmldsigMoresha384],
["SHA512", DigestAlgorithmEnum._200104Xmlencsha512],
["SHA1", DigestAlgorithmEnum.HttpWwwW3Org200009Xmldsigsha1],
["SHA256", DigestAlgorithmEnum.HttpWwwW3Org200104Xmlencsha256, true],
["SHA384", DigestAlgorithmEnum.HttpWwwW3Org200104XmldsigMoresha384],
["SHA512", DigestAlgorithmEnum.HttpWwwW3Org200104Xmlencsha512],
]);
export const signatureAlgorithmOptions = toOptions([
["RSA-SHA1", SignatureAlgorithmEnum._200009XmldsigrsaSha1],
["RSA-SHA256", SignatureAlgorithmEnum._200104XmldsigMorersaSha256, true],
["RSA-SHA384", SignatureAlgorithmEnum._200104XmldsigMorersaSha384],
["RSA-SHA512", SignatureAlgorithmEnum._200104XmldsigMorersaSha512],
["ECDSA-SHA1", SignatureAlgorithmEnum._200104XmldsigMoreecdsaSha1],
["ECDSA-SHA256", SignatureAlgorithmEnum._200104XmldsigMoreecdsaSha256],
["ECDSA-SHA384", SignatureAlgorithmEnum._200104XmldsigMoreecdsaSha384],
["ECDSA-SHA512", SignatureAlgorithmEnum._200104XmldsigMoreecdsaSha512],
["DSA-SHA1", SignatureAlgorithmEnum._200009XmldsigdsaSha1],
["RSA-SHA1", SignatureAlgorithmEnum.HttpWwwW3Org200009XmldsigrsaSha1],
["RSA-SHA256", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha256, true],
["RSA-SHA384", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha384],
["RSA-SHA512", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha512],
["ECDSA-SHA1", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMoreecdsaSha1],
["ECDSA-SHA256", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMoreecdsaSha256],
["ECDSA-SHA384", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMoreecdsaSha384],
["ECDSA-SHA512", SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMoreecdsaSha512],
["DSA-SHA1", SignatureAlgorithmEnum.HttpWwwW3Org200009XmldsigdsaSha1],
]);

2
web/src/admin/providers/saml/SAMLProviderViewPage.ts
View File

@ -247,7 +247,7 @@ export class SAMLProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersSamlSamlprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersSamlSamlprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/providers/scim/SCIMProviderGroupList.ts
View File

@ -33,7 +33,7 @@ export class SCIMProviderGroupList extends Table<SCIMProviderGroup> {
<span slot="header">${msg("Sync Group")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.Group}
model=${SyncObjectModelEnum.AuthentikCoreModelsGroup}
.sync=${(data: ProvidersScimSyncObjectCreateRequest) => {
return new ProvidersApi(DEFAULT_CONFIG).providersScimSyncObjectCreate(data);
}}

2
web/src/admin/providers/scim/SCIMProviderUserList.ts
View File

@ -33,7 +33,7 @@ export class SCIMProviderUserList extends Table<SCIMProviderUser> {
<span slot="header">${msg("Sync User")}</span>
<ak-sync-object-form
.provider=${this.providerId}
model=${SyncObjectModelEnum.User}
model=${SyncObjectModelEnum.AuthentikCoreModelsUser}
.sync=${(data: ProvidersScimSyncObjectCreateRequest) => {
return new ProvidersApi(DEFAULT_CONFIG).providersScimSyncObjectCreate(data);
}}

2
web/src/admin/providers/scim/SCIMProviderViewPage.ts
View File

@ -130,7 +130,7 @@ export class SCIMProviderViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersScimScimprovider}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikProvidersScimScimprovider}
objectPk=${this.provider.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

4
web/src/admin/rbac/ObjectPermissionsPage.ts
View File

@ -35,10 +35,10 @@ export class ObjectPermissionPage extends AKElement {
render() {
return html` <ak-tabs pageIdentifier="permissionPage" ?vertical=${!this.embedded}>
${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser
${this.model === RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreUser
? this.renderCoreUser()
: nothing}
${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole
${this.model === RbacPermissionsAssignedByUsersListModelEnum.AuthentikRbacRole
? this.renderRbacRole()
: nothing}
<section

2
web/src/admin/rbac/RoleObjectPermissionTable.ts
View File

@ -35,7 +35,7 @@ export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectP
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({
...(await this.defaultEndpointConfig()),
// TODO: better default
model: this.model || RbacPermissionsAssignedByRolesListModelEnum.CoreUser,
model: this.model || RbacPermissionsAssignedByRolesListModelEnum.AuthentikCoreUser,
objectPk: this.objectPk?.toString(),
});
const [appLabel, modelName] = (this.model || "").split(".");

2
web/src/admin/rbac/UserObjectPermissionTable.ts
View File

@ -35,7 +35,7 @@ export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectP
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersList({
...(await this.defaultEndpointConfig()),
// TODO: better default
model: this.model || RbacPermissionsAssignedByUsersListModelEnum.CoreUser,
model: this.model || RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreUser,
objectPk: this.objectPk?.toString(),
});
const [appLabel, modelName] = (this.model || "").split(".");

2
web/src/admin/roles/RoleViewPage.ts
View File

@ -133,7 +133,7 @@ export class RoleViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.RbacRole}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikRbacRole}
objectPk=${this._role.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/sources/kerberos/KerberosSourceViewPage.ts
View File

@ -216,7 +216,7 @@ export class KerberosSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesKerberosKerberossource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesKerberosKerberossource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/sources/ldap/LDAPSourceViewPage.ts
View File

@ -192,7 +192,7 @@ export class LDAPSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesLdapLdapsource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesLdapLdapsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/sources/oauth/OAuthSourceViewPage.ts
View File

@ -253,7 +253,7 @@ export class OAuthSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesOauthOauthsource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesOauthOauthsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/sources/plex/PlexSourceViewPage.ts
View File

@ -143,7 +143,7 @@ export class PlexSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesPlexPlexsource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesPlexPlexsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

38
web/src/admin/sources/saml/SAMLSourceForm.ts
View File

@ -358,37 +358,37 @@ export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm<SAMLSo
>
<select class="pf-c-form-control">
<option
value=${NameIdPolicyEnum._20nameidFormatpersistent}
value=${NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatPersistent}
?selected=${this.instance?.nameIdPolicy ===
NameIdPolicyEnum._20nameidFormatpersistent}
NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatPersistent}
>
${msg("Persistent")}
</option>
<option
value=${NameIdPolicyEnum._11nameidFormatemailAddress}
value=${NameIdPolicyEnum.UrnOasisNamesTcSaml11NameidFormatEmailAddress}
?selected=${this.instance?.nameIdPolicy ===
NameIdPolicyEnum._11nameidFormatemailAddress}
NameIdPolicyEnum.UrnOasisNamesTcSaml11NameidFormatEmailAddress}
>
${msg("Email address")}
</option>
<option
value=${NameIdPolicyEnum._20nameidFormatWindowsDomainQualifiedName}
value=${NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatWindowsDomainQualifiedName}
?selected=${this.instance?.nameIdPolicy ===
NameIdPolicyEnum._20nameidFormatWindowsDomainQualifiedName}
NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatWindowsDomainQualifiedName}
>
${msg("Windows")}
</option>
<option
value=${NameIdPolicyEnum._11nameidFormatX509SubjectName}
value=${NameIdPolicyEnum.UrnOasisNamesTcSaml11NameidFormatX509SubjectName}
?selected=${this.instance?.nameIdPolicy ===
NameIdPolicyEnum._11nameidFormatX509SubjectName}
NameIdPolicyEnum.UrnOasisNamesTcSaml11NameidFormatX509SubjectName}
>
${msg("X509 Subject")}
</option>
<option
value=${NameIdPolicyEnum._20nameidFormattransient}
value=${NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatTransient}
?selected=${this.instance?.nameIdPolicy ===
NameIdPolicyEnum._20nameidFormattransient}
NameIdPolicyEnum.UrnOasisNamesTcSaml20NameidFormatTransient}
>
${msg("Transient")}
</option>
@ -432,20 +432,20 @@ export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm<SAMLSo
.options=${[
{
label: "SHA1",
value: DigestAlgorithmEnum._200009Xmldsigsha1,
value: DigestAlgorithmEnum.HttpWwwW3Org200009Xmldsigsha1,
},
{
label: "SHA256",
value: DigestAlgorithmEnum._200104Xmlencsha256,
value: DigestAlgorithmEnum.HttpWwwW3Org200104Xmlencsha256,
default: true,
},
{
label: "SHA384",
value: DigestAlgorithmEnum._200104XmldsigMoresha384,
value: DigestAlgorithmEnum.HttpWwwW3Org200104XmldsigMoresha384,
},
{
label: "SHA512",
value: DigestAlgorithmEnum._200104Xmlencsha512,
value: DigestAlgorithmEnum.HttpWwwW3Org200104Xmlencsha512,
},
]}
.value=${this.instance?.digestAlgorithm}
@ -461,24 +461,24 @@ export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm<SAMLSo
.options=${[
{
label: "RSA-SHA1",
value: SignatureAlgorithmEnum._200009XmldsigrsaSha1,
value: SignatureAlgorithmEnum.HttpWwwW3Org200009XmldsigrsaSha1,
},
{
label: "RSA-SHA256",
value: SignatureAlgorithmEnum._200104XmldsigMorersaSha256,
value: SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha256,
default: true,
},
{
label: "RSA-SHA384",
value: SignatureAlgorithmEnum._200104XmldsigMorersaSha384,
value: SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha384,
},
{
label: "RSA-SHA512",
value: SignatureAlgorithmEnum._200104XmldsigMorersaSha512,
value: SignatureAlgorithmEnum.HttpWwwW3Org200104XmldsigMorersaSha512,
},
{
label: "DSA-SHA1",
value: SignatureAlgorithmEnum._200009XmldsigdsaSha1,
value: SignatureAlgorithmEnum.HttpWwwW3Org200009XmldsigdsaSha1,
},
]}
.value=${this.instance?.signatureAlgorithm}

2
web/src/admin/sources/saml/SAMLSourceViewPage.ts
View File

@ -220,7 +220,7 @@ export class SAMLSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesSamlSamlsource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesSamlSamlsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/sources/scim/SCIMSourceViewPage.ts
View File

@ -207,7 +207,7 @@ export class SCIMSourceViewPage extends AKElement {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesScimScimsource}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikSourcesScimScimsource}
objectPk=${this.source.pk}
></ak-rbac-object-permission-page>
</ak-tabs>`;

2
web/src/admin/stages/invitation/InvitationListPage.ts
View File

@ -141,7 +141,7 @@ export class InvitationListPage extends TablePage<Invitation> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesInvitationInvitation}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikStagesInvitationInvitation}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>`,

8
web/src/admin/stages/password/PasswordStageForm.ts
View File

@ -55,19 +55,19 @@ export class PasswordStageForm extends BaseStageForm<PasswordStage> {
renderForm(): TemplateResult {
const backends = [
{
name: BackendsEnum.CoreAuthInbuiltBackend,
name: BackendsEnum.AuthentikCoreAuthInbuiltBackend,
label: msg("User database + standard password"),
},
{
name: BackendsEnum.CoreAuthTokenBackend,
name: BackendsEnum.AuthentikCoreAuthTokenBackend,
label: msg("User database + app passwords"),
},
{
name: BackendsEnum.SourcesLdapAuthLdapBackend,
name: BackendsEnum.AuthentikSourcesLdapAuthLdapBackend,
label: msg("User database + LDAP password"),
},
{
name: BackendsEnum.SourcesKerberosAuthKerberosBackend,
name: BackendsEnum.AuthentikSourcesKerberosAuthKerberosBackend,
label: msg("User database + Kerberos password"),
},
];

2
web/src/admin/stages/prompt/PromptListPage.ts
View File

@ -97,7 +97,7 @@ export class PromptListPage extends TablePage<Prompt> {
</button>
</ak-forms-modal>
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesPromptPrompt}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikStagesPromptPrompt}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal> `,

2
web/src/admin/tokens/TokenListPage.ts
View File

@ -132,7 +132,7 @@ export class TokenListPage extends TablePage<Token> {
</pf-tooltip>
</button>`}
<ak-rbac-object-permission-modal
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreToken}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreToken}
objectPk=${item.pk}
>
</ak-rbac-object-permission-modal>

2
web/src/admin/users/UserViewPage.ts
View File

@ -458,7 +458,7 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) {
<ak-rbac-object-permission-page
slot="page-permissions"
data-tab-title="${msg("Permissions")}"
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreUser}
model=${RbacPermissionsAssignedByUsersListModelEnum.AuthentikCoreUser}
objectPk=${this.user.pk}
>
</ak-rbac-object-permission-page>

8
web/src/elements/sync/SyncObjectForm.ts
View File

@ -118,8 +118,12 @@ export class SyncObjectForm extends Form<SyncObjectRequest> {
}
renderForm() {
return html` ${this.model === SyncObjectModelEnum.User ? this.renderSelectUser() : nothing}
${this.model === SyncObjectModelEnum.Group ? this.renderSelectGroup() : nothing}
return html` ${this.model === SyncObjectModelEnum.AuthentikCoreModelsUser
? this.renderSelectUser()
: nothing}
${this.model === SyncObjectModelEnum.AuthentikCoreModelsGroup
? this.renderSelectGroup()
: nothing}
${this.result ? this.renderResult() : html``}`;
}
}

2
website/docs/developer-docs/docs/templates/conceptual.md vendored
View File

@ -24,7 +24,7 @@ In this optional section, provide some example use cases for the feature. Who wo
Dive deeper into explaining the concepts behind the feature/component.
Write about the feature/functionalilty from the user's perspective. What is this feature used for, why should they use it, are there situations where they should **_not_** use it?
Write about the feature/functionality from the user's perspective. What is this feature used for, why should they use it, are there situations where they should **_not_** use it?
> Pro Tip: If you were writing the related procedural topic, and you found that you had a lot to say about the topic, this is exactly where that info would go (not crowded up at the top of the procedural topic!).

2
website/docs/install-config/configuration/configuration.mdx
View File

@ -117,7 +117,7 @@ When your PostgreSQL database(s) are running behind a connection pooler, like Pg
Using a connection pooler in transaction pool mode (e.g. PgPool, or PgBouncer in transaction or statement pool mode) requires disabling server-side cursors, so this setting must be set to `false`.
Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform health checks on persistent database connections before they are re-used.
Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform health checks on persistent database connections before they are reused.
## Redis Settings

62
website/integrations/services/rustdesk-pro/index.mdx Normal file
View File

@ -0,0 +1,62 @@
---
title: Integrate with RustDesk Server Pro
sidebar_label: RustDesk Server Pro
---
# RustDesk Server Pro
<span class="badge badge--secondary">Support level: Community</span>
## What is RustDesk Server Pro?
> RustDesk Server Pro is a premium self-hosted solution for managing remote desktop connections securely and efficiently.
> It offers enhanced performance, advanced security features, and customization options like branding to meet professional needs.
> Ideal for businesses, it provides full control over data while ensuring scalable and reliable remote access.
>
> -- https://rustdesk.com/
## Preparation
This guide uses the following placeholders:
- `rustdesk.company` is the FQDN of the RustDesk Server Pro installation.
- `authentik.company` is the FQDN of the authentik installation.
## authentik configuration
1. In the authentik Admin interface, navigate to **Applications** -> **Applications**.
2. Use the wizard to create a new application and provider. During this process:
- Note the **Client ID**, **Client Secret**, and **slug** values for later use.
- Set the redirect URI to https://_rustdesk.company_/api/oidc/callback.
- Select any available signing key.
## RustDesk Server Pro configuration
1. Sign in to RustDesk Server Pro using a browser.
2. In the left menu, select **Settings** and then **OIDC**.
3. Click **+ New Auth Provider**.
4. In the popup window, select **custom** as the **Auth Type** and click **OK**.
5. Configure the following values using information from the authentik provider:
- **Name**: _SSO-Login_
- **Client ID**: _client-id_
- **Client Secret**: _client-secret_
- **Issuer**: https://_authentik.company_/application/o/_slug_/
- **Authorization Endpoint**: https://_authentik.company_/application/o/authorize/
- **Token Endpoint**: https://_authentik.company_/application/o/token/
- **Userinfo Endpoint**: https://_authentik.company_/application/o/userinfo/
- **JWKS Endpoint**: https://_authentik.company_/application/o/_slug_/jwks/
:::info
Users are created automatically on login. Permissions must be assigned by an administrator after user creation.
:::
## Test the Login
- Open a browser and navigate to https://_rustdesk.company_.
- Click **Continue with SSO-Login**.
- You should be redirected to authentik (with the login flows you configured). After logging in, authentik will redirect you back to https://_rustdesk.company_.
- If you are redirected back to https://_rustdesk.company_ and can read the username in the top right corner, the setup was successful.

1
website/sidebarsIntegrations.js
View File

@ -91,6 +91,7 @@ module.exports = {
"services/powerdns-admin/index",
"services/proftpd/index",
"services/qnap-nas/index",
"services/rustdesk-pro/index",
"services/semgrep/index",
"services/synology-dsm/index",
"services/skyhigh/index",