05f4e738a1
root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094 ) ( #12097 )
...
root: check remote IP for proxy protocol same as HTTP/etc (#12094 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-11-20 21:49:53 +01:00
dc1562a7de
internal: restore /ping behaviour for embedded outpost ( #11568 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-30 18:44:03 +02:00
dc7ffba8fa
internal: remove special route for /outpost.goauthentik.io ( #7539 )
...
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 17:39:40 +01:00
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-09 01:06:52 +02:00
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-05-05 15:57:52 +03:00
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-07 13:27:46 +01:00
21e29744c2
providers/proxy: different cookie name based on hashed client id ( #4666 )
2023-02-12 16:34:57 +01:00
a9b32e2f97
providers/ldap: add unbind flow execution ( #4484 )
...
add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-23 20:36:30 +01:00
514c48a986
internal: fix routing for requests with querystring signature to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-18 20:43:01 +02:00
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-17 13:36:56 +02:00
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-03 21:33:27 +02:00
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-10 22:21:11 +02:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-03 10:40:07 +01:00
affbf85699
internal: don't attempt to lookup SNI Certificate if no SNI is sent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:33:25 +01:00
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-08 20:25:38 +01:00
96ae68cf09
internal: make error message less confusing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-25 15:45:21 +01:00
650e2cbc38
internal: remove duplicate log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-24 22:25:35 +01:00
e1c0c0b20c
internal: don't override server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-24 22:05:11 +01:00
14c7d8c4f4
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#2079
2022-01-18 23:19:43 +01:00
c741c13132
internal: fix listen attempt on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-03 12:36:11 +01:00
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 10:33:21 +01:00
22a8603892
internal: add custom proxy certificates support to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 10:16:01 +01:00
37ee555c8e
outposts/proxy: fix ping URI not being routed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-20 22:12:02 +01:00
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-16 11:00:19 +01:00
8abc9cc031
outposts: cleanup logs for failed binds
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-11 22:09:18 +01:00
471f7d9c62
outposts: add consistent name and type to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-16 10:14:51 +02:00
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-09 15:52:24 +02:00
4c3a9e69f2
outposts/proxy: fix securecookie: no codecs provided error with redis
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-09 10:23:46 +02:00
502393ee56
outpost/proxyv2: allow port offset via yaml
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-08 21:07:06 +02:00
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-08 18:04:56 +00:00
