|
|
41d17dc543
|
internal: fix crash when port 9000 is in use (#4863)
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-07 13:27:46 +01:00 |
|
|
|
cd99b6e48f
|
providers/ldap: making ldap compatible with synology (#4694)
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-22 15:26:41 +01:00 |
|
|
|
51c6a14786
|
providers/ldap: Improve compatibility with LDAP clients (#4750)
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-22 14:18:22 +01:00 |
|
|
|
f70be86ddc
|
providers/proxy: strip scheme when comparing redirect URL
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-20 21:22:26 +01:00 |
|
|
|
9f431396c0
|
providers/proxy: ensure issuer is correct when browser url override is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4715
|
2023-02-19 17:35:29 +01:00 |
|
|
|
0874574e5c
|
*: add additional prometheus metrics, remove unusable high entropy metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-19 17:08:40 +01:00 |
|
|
|
d842fc4958
|
release: 2023.2.2
|
2023-02-15 19:53:42 +01:00 |
|
|
|
acfa9c76d1
|
providers/ldap: check MFA password on password stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 16:27:08 +01:00 |
|
|
|
d945d30cda
|
providers/proxy: fix value is too long with filesystem sessions
closes #4693
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 10:50:01 +01:00 |
|
|
|
b6c120f555
|
providers/proxy: fix client credential flows not using http interceptor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 00:22:56 +01:00 |
|
|
|
80de3ee853
|
release: 2023.2.1
|
2023-02-14 18:52:36 +01:00 |
|
|
|
58e001c3d5
|
internal: fix scheme not being forwarded correctly for host intercepted requests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-14 14:31:04 +01:00 |
|
|
|
81d70e5d41
|
release: 2023.2.0
|
2023-02-14 13:15:47 +01:00 |
|
|
|
ec42b597ab
|
providers/proxy: send token request internally, with overwritten host header (#4675)
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-13 16:34:47 +01:00 |
|
|
|
d4dce5b250
|
root: fix config load order to include /etc/authentik/config.yml (#4669)
|
2023-02-12 23:52:13 +01:00 |
|
|
|
8f70354e3c
|
internal: remove debug remnant from cookie testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-12 17:29:18 +01:00 |
|
|
|
21e29744c2
|
providers/proxy: different cookie name based on hashed client id (#4666)
|
2023-02-12 16:34:57 +01:00 |
|
|
|
af43330fd6
|
providers/oauth2: rework OAuth2 Provider (#4652)
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-09 20:19:48 +01:00 |
|
|
|
5aa43eeb04
|
internal: better error message when outpost API controller couldn't fetch outposts
closes #4642
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-08 14:13:17 +01:00 |
|
|
|
3170b2f92c
|
providers/proxy: add token support for basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-07 22:50:49 +01:00 |
|
|
|
61b06eff06
|
providers/proxy: better log outpost token errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-06 20:26:43 +01:00 |
|
|
|
146d54813c
|
providers/ldap: fix error not being checked correctly when fetching users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-03 18:10:06 +01:00 |
|
|
|
388367785d
|
*/saml: disable pretty_print, add signature tests
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-03 15:42:09 +01:00 |
|
|
|
7d4ce41e12
|
providers/proxy: outpost wide logout implementation (#4605)
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-02 21:18:59 +01:00 |
|
|
|
5ea9595c9c
|
internal: fix cache-control header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4525
|
2023-01-25 21:18:20 +01:00 |
|
|
|
a9b32e2f97
|
providers/ldap: add unbind flow execution (#4484)
add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-23 20:36:30 +01:00 |
|
|
|
9397598376
|
release: 2023.1.2
|
2023-01-23 14:25:55 +01:00 |
|
|
|
430a207865
|
release: 2023.1.1
|
2023-01-23 11:34:58 +01:00 |
|
|
|
8deac81364
|
outposts/ldap: fix queries filtering objectClass with non-lowercase values
closes #2756
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-20 11:42:23 +01:00 |
|
|
|
43854dc828
|
outposts/proxy: fix panic due to IsSet misbehaving
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-19 18:22:55 +01:00 |
|
|
|
c11367553e
|
providers/proxy: fix issuer for embedded outpost (#4480)
fix issuer for embedded outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-19 15:39:30 +01:00 |
|
|
|
49b6c71079
|
release: 2023.1.0
|
2023-01-18 15:49:45 +01:00 |
|
|
|
23c69c456a
|
providers/proxy: add setting to intercept authorization header (#4457)
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 18:56:48 +01:00 |
|
|
|
bd0ef69ece
|
outposts/ldap: decrease verbosity
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 11:12:31 +01:00 |
|
|
|
19ee98b36d
|
outposts/proxy: allow setting no-redirect via header or query param
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 10:56:43 +01:00 |
|
|
|
9b2ceb0d44
|
outposts/proxy: make logged user more consistent, set FlushInterval
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 23:58:15 +01:00 |
|
|
|
2deb185550
|
internal: fix empty scheme field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 23:27:34 +01:00 |
|
|
|
69d4719687
|
outposts/proxy: set http code when no redirect header is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 22:20:52 +01:00 |
|
|
|
d31e566873
|
outposts/proxy: add header to prevent redirects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 22:18:25 +01:00 |
|
|
|
0ddcefce80
|
outposts/proxy: cache basic and bearer credentials for one minute
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 22:12:48 +01:00 |
|
|
|
4c45d35507
|
outposts/proxy: fix error handling, remove requirement for profile/etc scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 21:44:28 +01:00 |
|
|
|
829e49275d
|
outposts/proxy: fix proxy's TokenIntrospection potentially not being set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 20:54:34 +01:00 |
|
|
|
cd12e177ea
|
providers/proxy: add initial header token auth (#4421)
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-13 16:22:03 +01:00 |
|
|
|
a42f2f7217
|
internal: fix linting error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-09 17:17:27 +01:00 |
|
|
|
a1be924fa4
|
*: strip leading and trailing whitespace when reading config values from files
also add a debug endpoint that dumps the go parsed config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-09 15:29:22 +01:00 |
|
|
|
98876df5c5
|
internal: improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-08 20:35:25 +01:00 |
|
|
|
a9680d6088
|
internal: fix race condition with config loading on startup, add index on debug server
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-08 20:33:04 +01:00 |
|
|
|
7eb6320d74
|
outposts: use common config loader for outposts to support loading values from file
closes #4383
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-08 14:19:16 +01:00 |
|
|
|
001869641d
|
web: ensure img tags have alt attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-06 12:44:51 +01:00 |
|
|
|
2604dc14fe
|
providers/ldap: add code-MFA support for ldap provider (#4354)
* add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-05 18:32:06 +01:00 |
|
