88fa7e37dc
outposts: Refactor session end signal and add LDAP support ( #14539 )
...
* outpost: promote session end signal to non-provider specific
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement server-side logout in ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix previous import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use better retry logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make more generic if we switch from ws to something else
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it possible to e2e test WS
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap session id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok I actually need to go to bed this took me an hour to fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format; add ldap test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix leftover state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove thread
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use ws base for radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate test utils
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing super calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* websocket tests with browser 🎉
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proxy test for sign out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix install_id issue with channels tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy basic auth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* big code dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow passing go build args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve waiting for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite ldap tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually fix the tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* undo a couple things that need more time to cook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix session id for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing createTimestamp and modifyTimestamp ldap attributes
closes #10474
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-10 12:11:21 +02:00
1b285f85c0
outposts: implement general paginator for list API requests ( #10619 )
...
* outposts: implement general paginator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* change main outpost refresh logic to use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add comments to understand anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-29 22:14:18 +02:00
85fedec2f6
core: optionally don't return groups' users and users' groups by default ( #9179 )
...
* core: don't return groups' users and users' groups by default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* explicitly fetch users and groups in LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add indicies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-15 13:27:44 +02:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 22:07:59 +01:00
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 14:48:37 +01:00
a22bc5a261
lifecycle: fix install_id migration not running ( #7116 )
...
* lifecycle: fix install_id migration not running
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap test?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk if this works
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-09 19:52:06 +02:00
f11bb8bfd4
providers/ldap: add windows adsi support ( #7098 )
...
* fix(outpost/ldap): missing user object classes
* add "person" object class
* update user object classes
* update boolean strings to upper for being compliant
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): add subschema attributes
* add supported capability OIDs for Windows
* add relevant supported ldap control OIDs
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): update schema for windows Compatibility
* add relevant dITContentRules for authentik
* add all existing attribute types for Windows/Unix/Linux
* add missing object classes definitions
* update classes definitions for being compliant with LDAP schema
* update attributes orders
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): refine LDAP attribute types
* remove unsused attribute types
* order attribute types
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
2023-10-09 13:17:46 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com >
2023-07-27 18:51:08 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-07-17 17:57:08 +02:00
ae7ea4dd11
outposts/ldap: add more tests ( #6188 )
...
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-08 20:51:05 +02:00
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-08 15:16:40 +02:00
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-06 21:40:19 +02:00
b7b62ba089
providers/ldap: correctly use pagination in search results in both modes ( #5492 )
...
closes #4292
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-05-05 15:51:02 +03:00
146d54813c
providers/ldap: fix error not being checked correctly when fetching users
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-03 18:10:06 +01:00
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-29 21:45:25 +02:00
a286f999e2
api: migrate to openapi generator v6 ( #2968 )
...
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-26 15:15:30 +02:00
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-21 15:48:50 +02:00
b45a442447
outposts/ldap: fix contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-19 18:28:27 +01:00
75a720ead1
outposts/ldap: prevent operations error from nil dereference ( #2447 )
...
closes #2526
2022-03-19 18:26:26 +01:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-03 10:40:07 +01:00
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
819af78e2b
internal: make internal go version match python version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-14 10:45:37 +01:00
40404ff41d
outposts/ldap: Rework/improve LDAP search logic. ( #1687 )
...
* outposts/ldap: Refactor searching so we key primarily off base dn
* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-05 10:37:30 +01:00