authentik

Author	SHA1	Message	Date
Jens L.	65517f3b7f	enterprise/stages: Add MTLS stage (#14296 ) * prepare client auth with inbuilt server Signed-off-by: Jens Langhammer <jens@goauthentik.io> * introduce better IPC auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only allow trusted proxies to set MTLS headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more stage progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont fail if ipc_key doesn't exist Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually install app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unquote Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix int serial number not jsonable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix git pull in makefile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix parse helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests and improvements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve labels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs on brand Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs to MTLS stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log ipcuser secret views Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go mod Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-19 22:48:17 +02:00
Jens L.	ffd5234396	web: only load version context when authenticated (#12482 ) * only add version context for authz interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename enterprise aware interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log startup error Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-12-25 16:58:18 +01:00
Marc 'risson' Schmitt	1623885dc6	root: fix health status code (#12255 )	2024-12-03 17:59:16 +02:00
Jens L.	5e72ec9c0c	root: support running authentik in subpath (#8675 ) * initial subpath support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make outpost compatible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix static files somewhat Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most static stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most web links Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix URL for static files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add root redirect for subpath Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set cookie path Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update internal/config/struct.go Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens L. <jens@beryju.org> * fix sfe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump required version Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow background Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and some more links Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix impersonate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens L. <jens@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2024-11-26 15:38:23 +01:00
Jens L	7ea721c487	root: move database calls from ready() to dedicated startup signal (#9081 ) * root: move database calls from ready() to dedicated startup signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise gunicorn startup to only do DB code in one worker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * always use 2 workers in compose Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send startup signals for test runner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove k8s import that isn't really needed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ci: bump nested actions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix @reconcile_app not triggering reconcile due to changed functions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * connect startup with uid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust some log levels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove internal healthcheck we didn't really use it to do anything, and we shouldn't have to since the live/ready probes are handled by django anyways and so the container runtime will restart the server if needed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add setproctitle for gunicorn and celery process titles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * configure structlog early to use it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Revert "configure structlog early to use it" This reverts commit 16778fdbbca0f5c474d376c2f85c6f8032c06044. * Revert "adjust some log levels" This reverts commit a129f7ab6aecf27f1206aea1ad8384ce897b74ad. Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # authentik/root/settings.py * optimize startup to not spawn a bunch of one-off processes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * idk why this shows up Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-04-02 14:19:32 +02:00
Jens L	dc7ffba8fa	internal: remove special route for /outpost.goauthentik.io (#7539 ) With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 17:39:40 +01:00
Jens L	4080080acd	internal: remove deprecated metrics (#7540 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 14:48:37 +01:00
Jens L	fd561ac802	root: connect to backend via socket (#6720 ) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-02 17:58:37 +02:00
Alexandre NICOLAIE	a2714ab1f1	outposts: make metrics compliant with Prometheus best-practices (#6398 ) web/outpost: make metrics compliant with Prometheus best-practices Today, all NewHistogramVec store values in nanoseconds without changing the default histogram bucket, which are made for seconds, making them a bit useless. In addition, some metrics names are not self-explanatoryand and do not comply with Prometheus best practices. This commit tries to fix all of this "issues". NOTE: I kept old metrics in order to avoid breaking changes with existing dashboards and metrics. Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>	2023-07-27 18:51:08 +02:00
Jens Langhammer	0874574e5c	*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:08:40 +01:00
Jens Langhammer	56181a45a1	internal: limit body size Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-17 18:52:16 +02:00
Jens Langhammer	514c48a986	internal: fix routing for requests with querystring signature to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 20:43:01 +02:00
Jens Langhammer	846b63a17b	*: remove some very verbose logging messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-17 13:36:56 +02:00
Jens Langhammer	201bea6d30	internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-07 18:50:24 +02:00
Jens L	393d7ec486	providers/proxy: no exposed urls (#3151 ) * test any callback Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont detect callback in per-server handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use full redirect uri with both path and query param Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * correctly route to embedded outpost for callback signature Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix allowed redirects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 17:51:01 +02:00
Jens Langhammer	0a83b04419	internal: fix routing to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-16 17:05:27 +02:00
Jens Langhammer	2d48fe42f4	internal: dont sample gunicorn proxied requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-16 11:32:21 +02:00
Jens Langhammer	e194715c3e	internal: fix CSRF error caused by Host header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-09 14:34:55 +01:00
Jens Langhammer	02ba493759	internal: trace headers and url for backend requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-09 12:48:17 +01:00
Jens Langhammer	a7fea5434d	internal: remove uvicorn server header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-09 12:38:47 +01:00
Jens Langhammer	4fb783e953	internal: improve error handling for internal reverse proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-09 12:33:37 +01:00
Jens L	4343246a41	*: rename akprox to outpost.goauthentik.io (#2266 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-08 20:25:38 +01:00
Jens Langhammer	e1c0c0b20c	internal: don't override server header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-24 22:05:11 +01:00
Jens Langhammer	14c7d8c4f4	internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2079	2022-01-18 23:19:43 +01:00
Jens Langhammer	57e86582d1	Revert "root: handle liveness probe in router (also keep internal one)" This reverts commit `dd7cb45733`.	2021-10-12 18:44:08 +02:00
Jens Langhammer	dd7cb45733	root: handle liveness probe in router (also keep internal one) This reverts commit `d39dbc7287`. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-12 18:43:39 +02:00
Jens Langhammer	d39dbc7287	root: handle liveness probe in router Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-12 14:54:15 +02:00
Jens Langhammer	6c603cdf80	internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-05 22:21:14 +02:00
Jens L	7158c9d2ea	core: metrics v2 (#1370 ) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-09 15:52:24 +02:00

29 Commits