|  | bb92c4a967 | providers/ldap: remove deprecated fields (#5154) * providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-04-21 14:10:24 +03:00 |  | 
			
				
					|  | 367f86ecfb | root: optimise healthchecks (#5337) * tests: remove redundant healthchecks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* internal: do healthcheck within proxy instead of wget to use correct port
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-04-21 13:32:48 +03:00 |  | 
			
				
					|  | fd2677af1f | root: bump api generator (#5139) * root: bump api generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump api diff too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump go api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* simplify go api generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-04-01 18:10:52 +02:00 |  | 
			
				
					|  | 3f5effb1bc | providers/radius: simple radius outpost (#1796) * initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-03-20 16:54:35 +01:00 |  | 
			
				
					|  | ef028af7d1 | providers/proxy: rework endpoints logic (#4993) * providers/proxy: rework endpoints logic
again...this time with tests and better logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-03-18 18:51:20 +01:00 |  | 
			
				
					|  | 345fa1bed6 | providers/ldap: fix duplicate attributes (#4972) closes #4971
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-03-16 12:14:17 +01:00 |  | 
			
				
					|  | eaf56f4f3f | stages/user_login: stay logged in (#4958) * add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-03-15 20:21:05 +01:00 |  | 
			
				
					|  | 41d17dc543 | internal: fix crash when port 9000 is in use (#4863) fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-03-07 13:27:46 +01:00 |  | 
			
				
					|  | cd99b6e48f | providers/ldap: making ldap compatible with synology (#4694) * internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-22 15:26:41 +01:00 |  | 
			
				
					|  | 51c6a14786 | providers/ldap: Improve compatibility with LDAP clients (#4750) * Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-22 14:18:22 +01:00 |  | 
			
				
					|  | f70be86ddc | providers/proxy: strip scheme when comparing redirect URL Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-20 21:22:26 +01:00 |  | 
			
				
					|  | 9f431396c0 | providers/proxy: ensure issuer is correct when browser url override is set Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4715 | 2023-02-19 17:35:29 +01:00 |  | 
			
				
					|  | acfa9c76d1 | providers/ldap: check MFA password on password stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-15 16:27:08 +01:00 |  | 
			
				
					|  | d945d30cda | providers/proxy: fix value is too long with filesystem sessions closes #4693
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-15 10:50:01 +01:00 |  | 
			
				
					|  | b6c120f555 | providers/proxy: fix client credential flows not using http interceptor Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-15 00:22:56 +01:00 |  | 
			
				
					|  | ec42b597ab | providers/proxy: send token request internally, with overwritten host header (#4675) * send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-13 16:34:47 +01:00 |  | 
			
				
					|  | 8f70354e3c | internal: remove debug remnant from cookie testing Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-12 17:29:18 +01:00 |  | 
			
				
					|  | 21e29744c2 | providers/proxy: different cookie name based on hashed client id (#4666) | 2023-02-12 16:34:57 +01:00 |  | 
			
				
					|  | af43330fd6 | providers/oauth2: rework OAuth2 Provider (#4652) * always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-09 20:19:48 +01:00 |  | 
			
				
					|  | 5aa43eeb04 | internal: better error message when outpost API controller couldn't fetch outposts closes #4642
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-08 14:13:17 +01:00 |  | 
			
				
					|  | 3170b2f92c | providers/proxy: add token support for basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-07 22:50:49 +01:00 |  | 
			
				
					|  | 61b06eff06 | providers/proxy: better log outpost token errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-06 20:26:43 +01:00 |  | 
			
				
					|  | 146d54813c | providers/ldap: fix error not being checked correctly when fetching users Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-03 18:10:06 +01:00 |  | 
			
				
					|  | 388367785d | */saml: disable pretty_print, add signature tests closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-03 15:42:09 +01:00 |  | 
			
				
					|  | 7d4ce41e12 | providers/proxy: outpost wide logout implementation (#4605) * initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-02-02 21:18:59 +01:00 |  | 
			
				
					|  | a9b32e2f97 | providers/ldap: add unbind flow execution (#4484) add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-23 20:36:30 +01:00 |  | 
			
				
					|  | 8deac81364 | outposts/ldap: fix queries filtering objectClass with non-lowercase values closes #2756
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-20 11:42:23 +01:00 |  | 
			
				
					|  | 43854dc828 | outposts/proxy: fix panic due to IsSet misbehaving Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-19 18:22:55 +01:00 |  | 
			
				
					|  | c11367553e | providers/proxy: fix issuer for embedded outpost (#4480) fix issuer for embedded outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-19 15:39:30 +01:00 |  | 
			
				
					|  | 23c69c456a | providers/proxy: add setting to intercept authorization header (#4457) * add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-17 18:56:48 +01:00 |  | 
			
				
					|  | bd0ef69ece | outposts/ldap: decrease verbosity Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-17 11:12:31 +01:00 |  | 
			
				
					|  | 19ee98b36d | outposts/proxy: allow setting no-redirect via header or query param closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-17 10:56:43 +01:00 |  | 
			
				
					|  | 9b2ceb0d44 | outposts/proxy: make logged user more consistent, set FlushInterval Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 23:58:15 +01:00 |  | 
			
				
					|  | 69d4719687 | outposts/proxy: set http code when no redirect header is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 22:20:52 +01:00 |  | 
			
				
					|  | d31e566873 | outposts/proxy: add header to prevent redirects Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 22:18:25 +01:00 |  | 
			
				
					|  | 0ddcefce80 | outposts/proxy: cache basic and bearer credentials for one minute Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 22:12:48 +01:00 |  | 
			
				
					|  | 4c45d35507 | outposts/proxy: fix error handling, remove requirement for profile/etc scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 21:44:28 +01:00 |  | 
			
				
					|  | 829e49275d | outposts/proxy: fix proxy's TokenIntrospection potentially not being set Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-14 20:54:34 +01:00 |  | 
			
				
					|  | cd12e177ea | providers/proxy: add initial header token auth (#4421) * initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-13 16:22:03 +01:00 |  | 
			
				
					|  | a9680d6088 | internal: fix race condition with config loading on startup, add index on debug server Signed-off-by: Jens Langhammer <jens@goauthentik.io> | 2023-01-08 20:33:04 +01:00 |  | 
			
				
					|  | 001869641d | web: ensure img tags have alt attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2023-01-06 12:44:51 +01:00 |  | 
			
				
					|  | 2604dc14fe | providers/ldap: add code-MFA support for ldap provider (#4354) * add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2023-01-05 18:32:06 +01:00 |  | 
			
				
					|  | 39424839c5 | outposts/ldap: only use common cert if cert is configured, correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-28 22:50:50 +01:00 |  | 
			
				
					|  | 2d03bd5c89 | outposts/ldap: only use common cert if cert is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-28 21:29:36 +01:00 |  | 
			
				
					|  | ff13b4bb46 | outposts/ldap: use configured certificate for LDAPS when all providers' certificates are identical Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-28 19:15:29 +01:00 |  | 
			
				
					|  | 2b2323fae7 | outposts: include hostname in outpost heartbeat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-28 16:07:52 +01:00 |  | 
			
				
					|  | b3da1d223c | providers/proxy: correctly set id_token_hint if possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-12 19:02:37 +00:00 |  | 
			
				
					|  | 107f2745c8 | providers/ldap: improve mapping of LDAP filters to authentik queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-12 18:30:52 +00:00 |  | 
			
				
					|  | c21c1757de | core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0 (#4179) * core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.15.0 to 0.16.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.15.0...v0.16.0)
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update custom tracer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> | 2022-12-09 12:20:41 +01:00 |  | 
			
				
					|  | be9790ef8a | internal: reuse http transport to prevent leaking connections (#3996) * Fix: Using the same http transport as the api
* fix: Using global tlsTransport instead of newly created one | 2022-11-25 18:24:01 +01:00 |  |