d4bf3b7068
root: check remote IP for proxy protocol same as HTTP/etc ( #12094 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:33:35 +01:00
a892d4afd8
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set ( #11968 )
...
correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical
2024-11-13 00:54:40 +01:00
4a434d581d
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn ( #6630 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-09-27 11:34:29 +00:00
d22d147c8e
security: fix CVE-2023-36456 ( #6171 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-06 18:16:26 +02:00
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-05-05 15:57:52 +03:00
58e001c3d5
internal: fix scheme not being forwarded correctly for host intercepted requests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-14 14:31:04 +01:00
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-13 16:34:47 +01:00
2deb185550
internal: fix empty scheme field
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-14 23:27:34 +01:00
c21c1757de
core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0 ( #4179 )
...
* core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.15.0 to 0.16.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.15.0...v0.16.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* update custom tracer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-09 12:20:41 +01:00
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-20 11:54:10 +02:00
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-10 22:21:11 +02:00
ebb5711c32
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-27 18:14:02 +01:00
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 10:33:21 +01:00
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-16 11:00:19 +01:00
d1bd8f333b
outposts/proxy: use disableIndex for static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-19 10:50:56 +01:00
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-08 18:04:56 +00:00
9ad4cf1db9
outposts/ldap: improve logging of client IPs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-05 19:47:30 +02:00
f01bc20d44
Embedded outpost ( #1193 )
...
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-29 11:30:30 +02:00
