|
|
b7417e77c7
|
outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time (#14724)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2025-06-07 03:01:00 +02:00 |
|
|
|
65517f3b7f
|
enterprise/stages: Add MTLS stage (#14296)
* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2025-05-19 22:48:17 +02:00 |
|
|
|
a892d4afd8
|
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical
|
2024-11-13 00:54:40 +01:00 |
|
|
|
d22d147c8e
|
security: fix CVE-2023-36456 (#6171)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-07-06 18:16:26 +02:00 |
|
|
|
58e001c3d5
|
internal: fix scheme not being forwarded correctly for host intercepted requests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-14 14:31:04 +01:00 |
|
|
|
ec42b597ab
|
providers/proxy: send token request internally, with overwritten host header (#4675)
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-13 16:34:47 +01:00 |
|
|
|
2deb185550
|
internal: fix empty scheme field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 23:27:34 +01:00 |
|
|
|
b6267fdf28
|
*: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-20 11:54:10 +02:00 |
|
|
|
ebb5711c32
|
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:14:02 +01:00 |
|
|
|
b3ba083ff0
|
internal: cleanup logging, remove duplicate code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-22 10:33:21 +01:00 |
|
|
|
f8aab40e3e
|
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-16 11:00:19 +01:00 |
|
|
|
d1bd8f333b
|
outposts/proxy: use disableIndex for static files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-19 10:50:56 +01:00 |
|
|
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
|
|
f01bc20d44
|
Embedded outpost (#1193)
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-29 11:30:30 +02:00 |
|
