authentik

Author	SHA1	Message	Date
Jens L.	65517f3b7f	enterprise/stages: Add MTLS stage (#14296 ) * prepare client auth with inbuilt server Signed-off-by: Jens Langhammer <jens@goauthentik.io> * introduce better IPC auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only allow trusted proxies to set MTLS headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more stage progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont fail if ipc_key doesn't exist Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually install app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unquote Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix int serial number not jsonable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix git pull in makefile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix parse helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests and improvements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve labels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs on brand Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs to MTLS stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log ipcuser secret views Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go mod Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-19 22:48:17 +02:00
Tim Northover	4f40b1e27c	crypto: update fingerprint at same time as certificate (#10036 ) Previously the fingerprint was only set when initially adding a key, if it changed for any reason (like a renewed certificate) then every execution of `Get` would lead to a full update. The certificate itself got cached, but the fingerprint remained stale for next time. This increased the chance of a fatal race during the cache update. closes #9907	2024-06-10 20:16:35 +09:00
Jens L	25e72558eb	core: optimise user list endpoint (#8353 ) * unrelated changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimization pass 1: reduce N tenant lookups by taking tenant from request, reduce get_anonymous calls Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it easier to exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix? Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-01-30 01:55:26 +01:00
Jens L	44e4f2e561	crypto: make certificate parsing optional for crypto api (#3711 )	2022-10-01 00:06:00 +02:00
Jens Langhammer	62a939b91d	internal: bump api client to v3 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-03 10:40:07 +01:00
Jens Langhammer	253f345fc4	outposts: save certificate fingerprint and check before re-fetching to cleanup logs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 23:53:43 +02:00

6 Commits