|
|
c3445374c2
|
core: FIPS (#9683)
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
|
2024-05-23 17:34:52 +00:00 |
|
|
|
240cf6dd94
|
enterprise/providers: Add RAC [AUTH-15] (#7291)
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-12-30 21:33:14 +01:00 |
|
|
|
729ef4d786
|
root: bump python deps (django 5) (#7862)
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-12-18 22:07:59 +01:00 |
|
|
|
4db365c947
|
providers/proxy: improve SLO by backchannel logging out sessions (#7099)
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-10-09 01:06:52 +02:00 |
|
|
|
5aa43eeb04
|
internal: better error message when outpost API controller couldn't fetch outposts
closes #4642
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-08 14:13:17 +01:00 |
|
|
|
2b2323fae7
|
outposts: include hostname in outpost heartbeat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-12-28 16:07:52 +01:00 |
|
|
|
b6267fdf28
|
*: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-20 11:54:10 +02:00 |
|
|
|
f9a419107a
|
outposts/proxyv2: add basic envoy support (#3026)
* outposts/proxyv2: add basic envoy support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't crash when backend is not available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add envoy tests and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-03 00:06:09 +02:00 |
|
|
|
a286f999e2
|
api: migrate to openapi generator v6 (#2968)
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-26 15:15:30 +02:00 |
|
|
|
62a939b91d
|
internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-03 10:40:07 +01:00 |
|
|
|
819af78e2b
|
internal: make internal go version match python version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-14 10:45:37 +01:00 |
|
|
|
87e99625e6
|
internal: update tenant certificates on outpost refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-23 00:38:49 +01:00 |
|
|
|
3c048a1921
|
outposts/proxy: fix session not expiring correctly due to miscalculation
closes #1976
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 13:10:57 +01:00 |
|
|
|
f910da0f8a
|
outposts: fix initial refresh not calling Server.Refresh()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-20 21:47:32 +01:00 |
|
|
|
052e465041
|
outpost: re-run globalSetup when updating config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-20 21:08:03 +01:00 |
|
|
|
ac9cf590bc
|
*: use prefixed span names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-13 16:18:42 +01:00 |
|
|
|
deebdf2bcc
|
outposts: fix unlabeled transaction
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-12 13:46:31 +01:00 |
|
|
|
f4988bc45e
|
outpost: rewrite re-connect logic without recws
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-11 22:53:59 +01:00 |
|
|
|
9a393848b2
|
outpost: configure error reporting based off of main instance config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-29 14:42:19 +01:00 |
|
|
|
c7681dde32
|
outposts: reload on signal USR1, fix display of reload offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-24 22:45:27 +01:00 |
|
|
|
e7b4363d21
|
outposts/ldap: fix logic error in cached ldap searcher
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-11 23:18:32 +01:00 |
|
|
|
e6963c543d
|
outpost: remove analytics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-08 19:35:53 +01:00 |
|
|
|
dd82d55725
|
outposts: also send outpost type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-04 15:08:31 +01:00 |
|
|
|
9ac3b29418
|
outpost: add lightweight, anonymous metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-04 14:10:43 +01:00 |
|
|
|
8d5460a132
|
outposts: separate websocket re-connection logic to decrease requests on reconnect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-30 21:33:50 +02:00 |
|
|
|
234a5e2b66
|
outposts: fix outposts not correctly updating central state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 11:40:21 +02:00 |
|
|
|
0f8880ab0a
|
outposts: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-22 13:14:28 +02:00 |
|
|
|
f771383c4b
|
cmd: fix outpost metrics not being set in embedded mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 12:09:12 +02:00 |
|
|
|
471f7d9c62
|
outposts: add consistent name and type to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 10:14:51 +02:00 |
|
|
|
2428d5f1c2
|
outpost: update global outpost config on refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 12:18:19 +02:00 |
|
|
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
|
|
70d1e3a0cb
|
outpost: fix spans being sent without parent context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-03 18:17:08 +02:00 |
|
|
|
ff24bc8cb8
|
outpost/ldap: regularly pre-heat flow executor cache to increase bind performance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 16:17:30 +02:00 |
|
|
|
2015d91484
|
outpost: load global config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 14:14:18 +02:00 |
|
|
|
7e62b82d56
|
outpost/embedded: fix login URL not being set correctly from outpost config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-11 12:39:27 +02:00 |
|
|
|
f01bc20d44
|
Embedded outpost (#1193)
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-29 11:30:30 +02:00 |
|
|
|
aca3a5c458
|
outpost: add tracing for http client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-23 17:37:06 +02:00 |
|
|
|
b3159a74e5
|
Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Dockerfile
# internal/outpost/ak/api.go
# internal/outpost/ak/api_uag.go
# internal/outpost/ak/global.go
# internal/outpost/ldap/api_tls.go
# internal/outpost/ldap/instance_bind.go
# internal/outpost/ldap/utils.go
# internal/outpost/proxy/api_bundle.go
# outpost/go.mod
# outpost/go.sum
# outpost/pkg/ak/cert.go
|
2021-07-17 12:49:38 +02:00 |
|
|
|
ff42663d3c
|
root: more code merging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-29 16:21:00 +02:00 |
|
|
|
1005f341e4
|
Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
|
2021-06-23 20:41:06 +02:00 |
|
|
|
6dc38b0132
|
root: start deduplicating code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-16 12:41:34 +02:00 |
|
|
|
690b7be1d8
|
root: initial merging of outpost and main project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-16 12:02:02 +02:00 |
|
