habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17,876 Commits 205 Branches 395 Tags
91c87b7c3c9ad85d1cf8325d9e2936aed247618e
Commit Graph

27 Commits

Author SHA1 Message Date
Jens L.
a306cecb73 providers/proxy: add option to override host header with property mappings (#14927) 2025-06-06 14:54:59 +02:00
Jens L
4080080acd internal: remove deprecated metrics (#7540) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-11-13 14:48:37 +01:00
Alexandre NICOLAIE
a2714ab1f1 outposts: make metrics compliant with Prometheus best-practices (#6398) 
web/outpost: make metrics compliant with Prometheus best-practices

Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.

This commit tries to fix all of this "issues".

NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.

Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
 2023-07-27 18:51:08 +02:00
Jens Langhammer
9b2ceb0d44 outposts/proxy: make logged user more consistent, set FlushInterval 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 23:58:15 +01:00
Jens Langhammer
4c45d35507 outposts/proxy: fix error handling, remove requirement for profile/etc scopes 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 21:44:28 +01:00
Jens L
cd12e177ea providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens Langhammer
b6267fdf28 *: add versioned user agent to sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-20 11:54:10 +02:00
Jens L
f9a419107a outposts/proxyv2: add basic envoy support (#3026) 
* outposts/proxyv2: add basic envoy support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't crash when backend is not available

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add envoy tests and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 00:06:09 +02:00
Jens L
3eb466ff4b lifecycle: cleanup prometheus (#2972) 
* remove high cardinality labels

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* retry worker number for prometheus multiprocess id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert to pid, use subdirectories

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing app label

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: remove static names

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-29 21:45:25 +02:00
Jens Langhammer
4915e980c5 providers/proxy: revert Host header behaviour 
closes #2284

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 12:39:16 +01:00
Jens Langhammer
1f838bb2aa outposts/proxy: add X-Forwarded-Host since Host now gets changed by the proxy 
closes #2284

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-10 23:09:55 +01:00
Jens Langhammer
7088a6b0e6 providers/proxy: fix Host/:Authority not being modified 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 16:30:26 +01:00
Jens Langhammer
e758995458 providers/proxy: improve error handling for invalid backend_override 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-07 19:59:06 +01:00
Jens Langhammer
654e0d6245 providers/proxy: fix nil error in claims 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-03 17:58:38 +01:00
Jens Langhammer
6021fc0f52 providers/proxy: fix backend override persisting for other users 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-30 22:29:34 +01:00
Jens Langhammer
7fd6be5abb providers/proxy: add backend_override 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-30 21:35:08 +01:00
Jens Langhammer
1c2b452406 outposts/proxy: fix potential empty redirect, add tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2141
 2022-01-25 10:57:53 +01:00
Jens Langhammer
07b09df3fe internal: add more outpost tests, add support for X-Original-URL 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 20:50:13 +01:00
Jens Langhammer
cac5c7b3ea outposts/proxy: make templates more re-usable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 22:20:23 +01:00
Jens Langhammer
68637cf7cf outposts: handle/ignore http Abort handler 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 19:42:45 +01:00
Jens Langhammer
deebdf2bcc outposts: fix unlabeled transaction 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-12 13:46:31 +01:00
Jens Langhammer
3b068610b9 outposts/proxy: clean up header setting (don't copy all headers) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-01 20:05:56 +01:00
Jens Langhammer
f6e8dbfb5e outposts/proxy: show full error message when user is authenticated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-02 22:00:37 +02:00
Jens Langhammer
52bbf454e3 outpost/proxy: fix missing negation for internal host ssl verification 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-02 21:17:15 +02:00
Jens Langhammer
a6a6b3bd06 outposts: add outpost_name label to metrics 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 10:04:17 +02:00
Jens Langhammer
223d9ad414 outposts/proxy: fix upstream ssl certificate not being ignored if configured to do so 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-11 19:30:21 +02:00
Jens L
3c1b70c355 outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00