|
|
c45bb8e985
|
providers/proxy: rework redirect mechanism (#8594)
* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-05-06 03:07:08 +02:00 |
|
|
|
21e29744c2
|
providers/proxy: different cookie name based on hashed client id (#4666)
|
2023-02-12 16:34:57 +01:00 |
|
|
|
cd12e177ea
|
providers/proxy: add initial header token auth (#4421)
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-13 16:22:03 +01:00 |
|
|
|
47daaf969a
|
outposts: fix oauth state when using signature routing (#3616)
* fix oauth state when using signature routing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more retires
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-09-19 21:38:34 +02:00 |
|
|
|
8e7a456f74
|
providers/proxy: fix routing based on signature in traefik and caddy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-09-02 22:03:08 +02:00 |
|
|
|
8ffae4505f
|
internal: set Host on url in envoy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-08-18 23:20:12 +01:00 |
|
|
|
393d7ec486
|
providers/proxy: no exposed urls (#3151)
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-30 17:51:01 +02:00 |
|
|
|
b41acebf5b
|
providers/proxy: add caddy endpoint (#3330)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-29 10:58:53 +02:00 |
|
|
|
e30103aa9f
|
providers/proxy: use same redirect-save code for all modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-04 23:25:47 +02:00 |
|
|
|
8447e9b9c2
|
providers/proxy: envoy v2 (#3029)
* add path prefix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use prefix correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only set redirect if session doesn't have a redirect yet
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-03 10:32:52 +02:00 |
|
|
|
f9a419107a
|
outposts/proxyv2: add basic envoy support (#3026)
* outposts/proxyv2: add basic envoy support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't crash when backend is not available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add envoy tests and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-03 00:06:09 +02:00 |
|
|
|
a286f999e2
|
api: migrate to openapi generator v6 (#2968)
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-26 15:15:30 +02:00 |
|
|
|
a52638d898
|
internal: fix typo in session name constant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-20 10:10:29 +02:00 |
|
|
|
62a939b91d
|
internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-03 10:40:07 +01:00 |
|
|
|
4343246a41
|
*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-08 20:25:38 +01:00 |
|
|
|
ebb5711c32
|
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:14:02 +01:00 |
|
|
|
b32800ea71
|
outposts/proxy: trace full headers to debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 22:08:31 +01:00 |
|
|
|
ef335ec083
|
outposts/proxy: add more test cases for domain-level auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 21:41:15 +01:00 |
|
|
|
07b09df3fe
|
internal: add more outpost tests, add support for X-Original-URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 20:50:13 +01:00 |
|
|
|
1dce408c72
|
internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 09:30:33 +01:00 |
|
|
|
3bfb8b2cb2
|
outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-21 13:43:16 +01:00 |
|
|
|
ba55538a34
|
outposts/proxy: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 19:16:06 +01:00 |
|
|
|
f10b57ba0b
|
outposts/proxy: handle redirect loop in start handler, show error message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 10:07:08 +01:00 |
|
|
|
eca2ef20d0
|
outposts/proxy: add initial redirect-loop prevention
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-20 22:21:53 +01:00 |
|
|
|
e42ad8db93
|
outposts/proxy: copy user-agent header from upstream request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-02 10:01:54 +01:00 |
|
|
|
3b068610b9
|
outposts/proxy: clean up header setting (don't copy all headers)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:05:56 +01:00 |
|
|
|
2462d58135
|
outposts/proxy: fix duplicate protocol in domain auth mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-27 20:49:00 +02:00 |
|
|
|
3d042e708a
|
outposts/proxy: always redirect on forward_auth for traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 12:43:57 +02:00 |
|
|
|
d296c12d01
|
outposts/proxy: fix redirect when using forward_auth mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 10:56:20 +02:00 |
|
|
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
