b5a8957720
lib/sync/outgoing: add dry run ( #13244 )
...
* lib/sync/outgoing: add dry run
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add option to temporarily override dry run
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web a
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web b
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dry run label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for entra too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add entra test and improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-01 19:44:17 +00:00
989d39b154
release: 2025.2.1 ( #13278 )
2025-02-27 10:55:18 +00:00
2b39748c84
root: Backport version 2025.2 ( #13225 )
...
* release: 2025.2.0-rc1
* release: 2025.2.0-rc2
* release: 2025.2.0-rc3
* release: 2025.2.0
2025-02-24 18:35:13 +01:00
2128e7f45f
providers/rac: move to open source ( #13015 )
...
* move RAC to open source
* move web out of enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove enterprise license requirements from RAC
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-02-19 12:48:11 +01:00
ab8f5a2ac4
policies/geoip: distance + impossible travel ( #12541 )
...
* add history distance checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start impossible travel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ui start
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix and add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ui, fix missing api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-17 18:47:25 +01:00
74e090239a
core: add additional RBAC permission to restrict setting the superuser status on groups ( #12900 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-17 16:57:21 +01:00
4ba360e7af
stages/authenticator_email: Email OTP ( #12630 )
...
* stages/authenticator_email: Add basic structure for stages/authenticator_email
* stages/authenticator_email: Add stages/authenticator_email django app to settings.py
* stages/authenticator_email: Fix imports due changes introduced in #12598
* stages/authenticator_email: fix linting
* stages/authenticator_email: Add tests for token verification
* Add UI structure for authenticator_email
* Add autheticator_email to AuthenticatorValidateStageForm.ts and create AuthenticatorEmailStageForm.ts
* Add serializer property to emaildevice
* Add DeviceClasses.EMAIL to DeviceClasses
* Add migration file for DeviceClasses change (added email)
* Add new schema.yml and blueprints/schema.json to refelct email authenticator
* Fix UI to show the Email Authenticator
* Add support for email templates for the email authenticator
* Add templates
* Add DeviceClasses.EMAIL option to authenticator_validate/stage.py
* Fix logic for sending emails in stage.py and use the proper class AuthenticatorEmailStage in tasks.py
* Fix token expiration display in the email templates
* Fix authenticator email stage set up
* Add template and email to api response for Authenticator Email stage
* Fix Authenticator Email stage set up form
* Use different flow if the user has an email configured or not for Authenticator Email stage UI
* Use the correct field for the token in AuthenticatorEmailStage.ts
* Fix linting and code style
* Use the correct assertions in tests
* Fix mask email helper
* Add missing cases for Email Authenticator in the UI
* Fix email sending, add _compose_email() method to EmailDevice
* Fix cosmetic changes
* Add support for email device challenge validation in validate_selected_challenge
* Fix tests
* Add from_address to email template
* Refactor tests
* Update API Schema
* Refactor AuthenticatorEmailStage UI for cleaner code
* Fix saving token_expiry in the stage configuration
* Remove debug statements
* Add email connection settings to the Email authenticator stage configuration UI
* Remove unused field activate_on_success from AuthenticatorEmailStage
* Add tests for duplicate email, token expiration and template error
* cosmetic/styling changes
* Use authentik's GroupMemberSerializer and ManagedAppConfig in api and apps for email authenticathor
* stages/authenticator_email: Fix typos, styling and unused fields
* stages/authenticator_email: remove unused field responseStatus
* stages/authenticator_email: regen migrations
* Fix linting issues
* Fix app label issue, typos, missing user field
* Add a trailing space in email_otp.txt RFC 3676 sec. 4.3
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* Move mask_email method to a helper function in authentik.lib.utils.email
* Remove unused function
* Use authentik.stages.email.tasks instead of authentik.stages.authenticator_email.tasks, delete authentik.stages.authenticator_email.tasks
* Fix use global settings not using the global setting if there's a default
* Revert "Fix use global settings not using the global setting if there's a default"
This reverts commit 3825248bb4marce@melizeche.com >
* Change Email Authenticator Setup Stage name for consistency with other authenticators
* Add tests to test properties and methods of EmailDevice and AuthenticatorEmailStage, add test for email tasks
* Add tests for email challenge in authenticator_validate
* Update migration to reflect new verbose name for AuthenticatorEmailStage
* Update schema.yml to reflect new verbose name for AuthenticatorEmailStage
* Add default email subject in Email Authenticator Setup Stage configuration
* Remove from_address from email template to ensure global settings use if use global settings is on
* Add flow-default-authenticator-email-setup.yaml blueprint
* Move email authenticator blueprint to the examples folder
* Update authentik/stages/authenticator_email/models.py
Signed-off-by: Jens L. <jens@beryju.org >
* Change self.user_pk to self.user_id because user_pk doesn't exists here
* Remove unused logger import
* Remove more unused logger import
* Add error handling to authentik.lib.utils.email.mask_email
* fix linting
* don't catch Exception
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update icons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-02-17 15:16:58 +01:00
6549b303d5
enterprise/providers: SSF ( #12327 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some other stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work, send verification event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save iss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signals for MFA devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-work auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API to list ssf streams
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start rbac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ssf icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make events expire, rewrite sending logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add oidc token test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stream list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks tests and fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix configuration endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace port number correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better log what went wrong
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* linter has opinions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix set status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more debug logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix issuer here too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove port :443...removal
apparently apple's HTTP logic is wrong and includes the port in the Host header even if the default port is used (80 or 443), which then fails as the URL doesn't exactly match what the admin configured...so instead of trying to add magic about this we'll add it in the docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when no request in context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal for admin session revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set txn based on request id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* validate method and endpoint url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix request ID detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add timestamp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* temp migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the final commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually the last commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-05 17:52:14 +01:00
8cad66536c
release: 2024.12.3 ( #12883 )
...
* release: 2024.12.3
* ci: fix permissions for release-publish pipeline
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ci: fix missing dockerhub login
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-01-29 23:35:06 +01:00
6c0d462410
release: 2024.12.2 ( #12615 )
2025-01-09 20:38:27 +01:00
aa4f817856
admin: monitor worker version ( #12463 )
...
* root: include version in celery ping
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check version in worker endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include worker version in prom metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-23 22:13:38 +01:00
3eaaa35a4c
release: 2024.12.1 ( #12466 )
2024-12-23 20:51:05 +01:00
6b8782556c
blueprints: fix schema for meta models ( #12421 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-20 03:27:28 +01:00
3367ac0e08
root: backport version bump ( #12426 )
2024-12-19 21:27:13 +01:00
40a7135c0c
core: app entitlements ( #12090 )
...
* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 14:32:44 +01:00
1a1d499833
sources/oauth: allow creation of user connection objects with parameters ( #12195 )
...
* sources/oauth: allow creation of user connection objects with parameters
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add for all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* align
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 13:28:22 +01:00
ff504a3b80
stages/redirect: create redirect stage ( #12275 )
...
* create redirect stage
* show "keep context" toggle in Flow mode only
* fix typos
* add docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
* simplify property pass
* simplify toggle
* remove `print` statements
whoops
* fix typo
* remove default from `RedirectStage.mode`
* remove migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* oops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-12-12 18:00:09 +01:00
deacc17832
sources/kerberos: add kadmin type setting, provide additional context to property mappings ( #12286 )
2024-12-12 13:25:43 +01:00
e5dd923333
release: 2024.10.5 ( #12319 )
...
* release: 2024.10.5
* manually bump aws version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-10 19:20:01 +01:00
19488b7b9e
providers/oauth2: Add provider federation between OAuth2 Providers ( #12083 )
...
* rename + add field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework source cc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-12-03 11:57:10 +02:00
520148bba4
root: Backport version change ( #12146 )
...
* release: 2024.10.3
* release: 2024.10.4
2024-11-22 01:51:30 +01:00
85bb638243
security: fix CVE 2024 52289 ( #12113 )
...
* initial migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start dynamic ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add serialize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error message handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix/add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prepare docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to new input
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:46:43 +01:00
6702f34b40
release: 2024.10.2 ( #12031 )
2024-11-15 00:53:40 +01:00
6b155621fe
blueprints: add default Password policy ( #11793 )
...
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-11-11 13:31:30 +01:00
4f1ddc5779
stages/captcha: Run interactive captcha in Frame ( #11857 )
...
* initial turnstile frame
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add interactive flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add interactive support for all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't hide in identification stage if interactive
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* require less hacky css
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-11 13:20:49 +01:00
0a862e4fff
root: backport version bump 2024.10.1 ( #11929 )
...
release: 2024.10.1
2024-11-05 20:29:31 +01:00
7352f37b05
enterprise/rac: fix API Schema for invalidation_flow ( #11907 )
...
* enterprise/rac: fix API Schema for invalidation_flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-04 19:33:31 +01:00
8245d08ddb
root: backport version bump 2024.10.0 ( #11868 )
...
* release: 2024.10.0-rc1
* root: `bumpversion` 2024.10 (#11865 )
release: 2024.10.0
2024-10-31 00:39:41 +01:00
c38adcf25a
sources/kerberos: add kiprop to ignored system principals ( #11852 )
2024-10-29 17:30:33 +01:00
9ee0ba141c
stages/identification: add captcha to identification stage ( #11711 )
...
* add captcha to identification stage
* simplify component invocations
* fail fast on `onTokenChange` default behavior
* reword docs
* rename `token` to `captcha_token` in Identification stage contexts
(In Captcha stage contexts the name `token` seems well-scoped.)
* use `nothing` instead of ``` html`` ```
* remove rendered Captcha component from document flow on Identification stages
Note: this doesn't remove the captcha itself, if interactive, only the loading
indicator.
* add invisible requirement to captcha on Identification stage
* stylize docs
* add friendlier error messages to Captcha stage
* fix tests
* make captcha error messages even friendlier
* add test case to retriable captcha
* use default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-10-25 08:13:35 +02:00
3bdb287b78
providers/oauth2: fix amr claim not set due to login event not associated ( #11780 )
...
* providers/oauth2: fix amr claim not set due to login event not associated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add sid claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* import engine only once
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove manual sid extraction from proxy, add test, make session key hashing more obvious
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated string fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-23 21:29:18 +02:00
d817c646bd
sources: add Kerberos ( #10815 )
...
* sources: introduce new property mappings per-user and group
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: migrate to new property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix and make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web changes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove flatten for generic implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* rework migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add field migration to property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more migrations fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* easy fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate to propertymappingmanager
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* ruff and small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move mapping things into a separate class
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use using(db_alias)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use built-in variable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix login reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* refactor source flow manager matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* kerberos sync with mode matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fixup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* finish frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Optimised images with calibre/image-actions
* make web
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add test for internal password update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix filter
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to blueprints property mappings, improvements to frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* some more small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly deal with password changes signals
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually deal with it properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: realm as group: make it non default
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes and improvements
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix title
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add password backend to default flow
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add troubleshooting
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix default flow pass backend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix flaky spnego tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly convert gssapi name to python str
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix unpickable types
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure the last server token is returned to the client
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/developer-docs/setup/full-dev-environment.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library again
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web import
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v2
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-10-23 17:58:29 +02:00
cec3fdb612
stages: authenticator_endpoint_gdtc ( #10477 )
...
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add loading overlay for chrome
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* save data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui, prevent deletion
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* text fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-10-22 22:46:46 +02:00
47206d3328
providers/oauth2: add initial JWE support ( #11344 )
...
* providers/oauth2: add initial JWE support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate, only set id_token_encryption_* when encryption key is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks test with encryption
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-17 14:04:19 +02:00
075944abba
providers/scim: add option to ignore SCIM server cert ( #11437 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 17:03:58 +02:00
5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
77c595a0fd
sources/saml: fix NameIDFormat descriptor in metadata generation ( #11614 )
...
* source/saml - Changed namespace of X509SSubjectName NameIDFormat
Under the SAML2 Core spec
(http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf )
8.3.3 the URI of the 5.509 Subject Name contains SAML:1.1 and not
SAML:2.0
* source/saml - Change NameIDFormat descriptor build logic to only append chosen format for the source.
* Merge diff
2024-10-11 14:27:36 +02:00
975b6e53a6
release: 2024.8.3 ( #11542 )
2024-09-27 16:58:04 +02:00
ba28e6de41
security: fix CVE-2024-47070 ( #11536 )
...
* security: fix CVE-2024-47070
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/security/CVE-2024-47070.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-09-27 16:18:37 +02:00
5822653155
release: 2024.8.2 ( #11395 )
2024-09-16 15:02:51 +02:00
b8ae028d4d
root: backport release 2024.8.1 ( #11273 )
...
release: 2024.8.1
2024-09-08 01:35:15 +02:00
02ae099bdf
root: version 2024.8 backport ( #11166 )
...
* schemas: fix XML Schema loading...for some reason?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.8.0-rc1
* release: 2024.8.0
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# .bumpversion.cfg
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-03 14:41:40 +02:00
a6225ad7a7
root: backport version bump ( #11045 )
...
* fix outpost form not loading apps for correct type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bug from previous pr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.6.4
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-23 16:33:07 +02:00
eb5842fa5a
rbac: generate blueprint schema permissions from defined models not DB ( #10962 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-19 13:44:13 +02:00
d577152f83
providers/SAML: encryption support ( #10934 )
...
* providers/saml: add option to sign assertion and or response
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add encryption
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add form option
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-17 21:10:28 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
a073b7a5b1
enterprise: add support for license flags ( #10842 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 22:20:01 +02:00
4b5bb77d99
enterprise: UI improvements, better handling of expiry ( #10828 )
...
* web/admin: show enterprise banner on the very top
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework license
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for and fix read only mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* field name consistency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 14:26:38 +02:00
68af5b0572
sources/plex: add property mappings ( #10772 )
2024-08-08 11:36:24 +02:00
19c3f7dd80
sources/saml: Basic support for EncryptedAssertion element. ( #10099 )
...
* source/saml: Updated backend for encrypted assertion support
* source/saml: all lint-fix checks passed
* source/saml: Used Optional type instead of union, on enc_key_descriptor type hint
* source/saml: request_encrypted_assertion model field migration
* source/saml: Added 'noqa' comment to type hint on encryption key descriptor
* small fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool
* sources/saml: Typo fix
* re-create migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add improve error handling, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix to radius path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unrelated fix...sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-08-07 19:58:28 +02:00
