509b502d3c 
					 
					
						
						
							
							providers/oauth2: offline access ( #8026 )  
						
						... 
						
						
						
						* improve scope check (log when application requests non-configured scopes)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add offline_access special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure scope is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests for refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* special handling of scopes for github compat
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix spec
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to fix oidc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove hardcoded slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check scope from authorization code instead of request
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix injection for consent stage checking incorrectly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-01-04 19:57:11 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						240cf6dd94 
					 
					
						
						
							
							enterprise/providers: Add RAC [AUTH-15] ( #7291 )  
						
						... 
						
						
						
						* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport https://github.com/goauthentik/authentik/pull/7831  to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-12-30 21:33:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						49df3cb3c4 
					 
					
						
						
							
							Documentation: Added note for necessary unigue base DNs ( #7717 )  
						
						... 
						
						
						
						* Added note for necessary unigue base DNs
Added information, that every LDAP provider needs to have a unique base DN. Related to #7714 
Signed-off-by: tedstriker <github@meins.org >
* Update website/docs/providers/ldap/index.md
Thank's for fixing the grammar ;)
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: tedstriker <github@meins.org >
---------
Signed-off-by: tedstriker <github@meins.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-11-28 14:56:56 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						41bb1ca707 
					 
					
						
						
							
							providers/scim: remove preview ( #7166 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-13 19:03:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9860ac983c 
					 
					
						
						
							
							website/docs: fix typo in providers/scim ( #7076 )  
						
						... 
						
						
						
						chore(docs): typo in providers/scim
Signed-off-by: jon r <jon@allmende.io > 
						
						
					 
					
						2023-10-06 17:43:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e40a0b1f8b 
					 
					
						
						
							
							website/docs: add notice for nginx ingress configuration requirement ( #7027 )  
						
						... 
						
						
						
						* website/docs: add notice for nginx ingress configuration requirement
https://github.com/goauthentik/infrastructure/pull/574 
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/providers/proxy/_nginx_ingress.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-10-02 16:04:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c7537f9f32 
					 
					
						
						
							
							web, website: compress images ( #6121 )  
						
						... 
						
						
						
						Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-02 12:06:03 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f2293c0f5b 
					 
					
						
						
							
							website/docs: Update syntax in traefik standalone example ( #6303 )  
						
						... 
						
						
						
						* Update syntax in traefik standalone example
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de >
* One more syntax update
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de >
---------
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de > 
						
						
					 
					
						2023-07-26 10:56:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						01311929d1 
					 
					
						
						
							
							providers/ldap: improve password totp detection ( #6006 )  
						
						... 
						
						
						
						* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-20 12:09:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a2de6194e4 
					 
					
						
						
							
							website/docs: correct LDAP StartTLS documentation ( #5886 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-08 11:00:20 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0ce41a1b2d 
					 
					
						
						
							
							providers/ldap: add StartTLS support ( #5861 )  
						
						... 
						
						
						
						* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-06 21:40:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c68a42f63b 
					 
					
						
						
							
							website/docs: improve docs for OAuth2 device code flow ( #5570 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-05-10 20:58:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bb92c4a967 
					 
					
						
						
							
							providers/ldap: remove deprecated fields ( #5154 )  
						
						... 
						
						
						
						* providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-04-21 14:10:24 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						34e9af57fe 
					 
					
						
						
							
							website/integrations: switch default gitlab name identifier ( #5321 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#5312  
						
						
					 
					
						2023-04-20 19:47:41 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1893626e04 
					 
					
						
						
							
							website/docs: clear up radius provider ( #5263 )  
						
						... 
						
						
						
						* website/docs: clear up radius provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/providers/radius/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-04-18 10:42:42 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						67644ace87 
					 
					
						
						
							
							website/docs: prepare 2023.4 release notes ( #5223 )  
						
						... 
						
						
						
						* website/docs: prepare 2023.4 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add prompt preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update website/docs/releases/2023/v2023.4.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* add new release to sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-04-13 14:11:46 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3f5effb1bc 
					 
					
						
						
							
							providers/radius: simple radius outpost ( #1796 )  
						
						... 
						
						
						
						* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-20 16:54:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						eaf56f4f3f 
					 
					
						
						
							
							stages/user_login: stay logged in ( #4958 )  
						
						... 
						
						
						
						* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-15 20:21:05 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8b7a92068b 
					 
					
						
						
							
							website/docs: forward-auth page, add list of links ( #4937 )  
						
						... 
						
						
						
						* add list of links
* added commas
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana Berry <tanaberry@Tanas-MacBook-Pro-authentik.local >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-14 07:45:49 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf7dc5df78 
					 
					
						
						
							
							website/docs: separate pages for each webserver ( #4911 )  
						
						... 
						
						
						
						* website/docs: separate pages for each webserver
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-03-13 17:29:51 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7618c2e45f 
					 
					
						
						
							
							website/docs: improve traefik standalone docs ( #4493 )  
						
						... 
						
						
						
						* Create _traefik_standalone_single_application.md 
Example for Authentik Single Application Proxy with Service example because this was unclear for many users and if you dont create a middleware for every application you get the error "no app for hostname". 
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com >
* Update _traefik_standalone_single_application.md
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com >
* rename to old file
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-10 13:45:41 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6ae2fc9668 
					 
					
						
						
							
							providers/SCIM: customizable externalId, document behavior  ( #4868 )  
						
						... 
						
						
						
						* only set externalId if mapping hasn't set it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better document use of SCIM in conjunction with OAuth/SAML
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-08 00:15:16 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9559bc2e1e 
					 
					
						
						
							
							providers/scim: add option to filter out service accounts, parent group ( #4862 )  
						
						... 
						
						
						
						* add option to filter out service accounts, parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to filter group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework sync card to show scim sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-07 15:39:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f6a8b3d568 
					 
					
						
						
							
							website/docs: Corrected typo and added Note about port number if using Istio/Kubern… ( #4851 )  
						
						... 
						
						
						
						* Corrected typo and added Note about port number if using Istio/Kubernetes
@BeryJu I was reading [this article](https://prevue.ch/news/2022-10-11-istio-authentik/ ) about a fellow setting up authentik, using Istio and Kubernetes. I wanted to somehow add a heads up about the port number, but I am not confident that I got it right. Is it only if there are custom decisions being made that the port number has to be for the cluster? 
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
* Update website/docs/providers/proxy/forward_auth.mdx
Signed-off-by: Jens L. <jens@beryju.org >
* fix lint error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L <jens.langhammer@beryju.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-06 19:28:40 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						28ddeb124f 
					 
					
						
						
							
							providers: SCIM ( #4835 )  
						
						... 
						
						
						
						* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-03-06 19:39:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cd99b6e48f 
					 
					
						
						
							
							providers/ldap: making ldap compatible with synology ( #4694 )  
						
						... 
						
						
						
						* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-22 15:26:41 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						51c6a14786 
					 
					
						
						
							
							providers/ldap: Improve compatibility with LDAP clients ( #4750 )  
						
						... 
						
						
						
						* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-22 14:18:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7d6b573f8b 
					 
					
						
						
							
							website: migrate to mermaid charts, rework proxy page  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-15 12:14:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3170b2f92c 
					 
					
						
						
							
							providers/proxy: add token support for basic auth  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-07 22:50:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						547c01f481 
					 
					
						
						
							
							website/docs: update Caddy docs to include HTTPS proxying ( #4316 )  
						
						... 
						
						
						
						Update Caddy documentation to include HTTPS proxying
Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl > 
						
						
					 
					
						2023-02-03 14:43:13 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7d4ce41e12 
					 
					
						
						
							
							providers/proxy: outpost wide logout implementation ( #4605 )  
						
						... 
						
						
						
						* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-02-02 21:18:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3a59b75f4a 
					 
					
						
						
							
							website/docs: update ldap provider docs  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-20 11:46:57 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						23c69c456a 
					 
					
						
						
							
							providers/proxy: add setting to intercept authorization header ( #4457 )  
						
						... 
						
						
						
						* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-17 18:56:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						19ee98b36d 
					 
					
						
						
							
							outposts/proxy: allow setting no-redirect via header or query param  
						
						... 
						
						
						
						closes  #4455 
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
					
						2023-01-17 10:56:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d31e566873 
					 
					
						
						
							
							outposts/proxy: add header to prevent redirects  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-14 22:18:25 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cd12e177ea 
					 
					
						
						
							
							providers/proxy: add initial header token auth ( #4421 )  
						
						... 
						
						
						
						* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-01-13 16:22:03 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2604dc14fe 
					 
					
						
						
							
							providers/ldap: add code-MFA support for ldap provider ( #4354 )  
						
						... 
						
						
						
						* add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2023-01-05 18:32:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc1359a763 
					 
					
						
						
							
							providers/saml: initial SLO implementation ( #2346 )  
						
						... 
						
						
						
						* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2023-01-04 19:45:31 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4e04461820 
					 
					
						
						
							
							website/docs: Change Kubernetes ingress apiVersion out of beta ( #4099 )  
						
						... 
						
						
						
						* Change Kubernetes ingress apiVersion out of beta
* fix lint
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-11-28 16:42:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						501d63b3aa 
					 
					
						
						
							
							website/docs: add notice for unique Base DN ( #4073 )  
						
						... 
						
						
						
						* providers/ldap: updates documentation related to issue #4038 
Signed-off-by: John Arrandale <bootsie227@gmail.com >
* providers/ldap: adheres to the CI prettier-check
Signed-off-by: John Arrandale <bootsie227@gmail.com > 
						
						
					 
					
						2022-11-24 20:52:13 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ac2e85c003 
					 
					
						
						
							
							website/docs: fix 404s on ldap provider docs  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-11-06 00:01:38 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c157030905 
					 
					
						
						
							
							website/docs: remove old banner, fix nginx formatting  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-11-01 17:12:16 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						895658e7a3 
					 
					
						
						
							
							website/integrations: add Organizr integration ( #3802 )  
						
						... 
						
						
						
						* Add new integration application category for Dashboard and initialize organizr service template
* added images and additional info for organizr integration
* alphabetized application integration categories
* alphabetized integration federation and social login categories
* forgot to make website-lint-fix :/
* revert mention of organizr in generic setup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-10-19 10:28:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10cfccd999 
					 
					
						
						
							
							website/docs: add General Setup instructions for LDAP Provider ( #3680 )  
						
						... 
						
						
						
						* Added General Setup instructions for LDAP Provider
* Added General Setup instructions for LDAP Provider and updated relative links
* updated LDAP Outpost note verbiage
* Corrected the case for LDAP and renamed to Generic Setup
* removed ldapsearch example from index page
* updated verbiage around multifactor authentication
* removed note about local LDAP provider
* updated sidebar to reflect generic_setup
* updated logging info
* corrected typo
* updated stage creation instructions and screenshot
* corrected another typo
* corrected another typo
* reword some things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-10-16 14:57:57 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8ed2f7fe9e 
					 
					
						
						
							
							providers/oauth2: add device flow ( #3334 )  
						
						... 
						
						
						
						* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-10-11 12:42:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						19c36d20b5 
					 
					
						
						
							
							website/docs: improve nginx examples ( #3372 )  
						
						... 
						
						
						
						* website/docs: improve nginx examples
Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com >
* website/docs: improve nginx examples
Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com > 
						
						
					 
					
						2022-08-30 21:19:25 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c6bb41890e 
					 
					
						
						
							
							website/docs: add port_in_redirect in nginx config to prevent invalid port in redirect ( #3397 )  
						
						... 
						
						
						
						* Proposal and fix for issue #3359 
By adding `port_in_redirect off` in the configuration for the NginxProxyManager (NPM), will avoid a redirect to port 4443.
Credit to @adtwomey for the suggestions.
https://github.com/goauthentik/authentik/issues/3359 
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com >
* Adding a comment
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com >
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com > 
						
						
					 
					
						2022-08-29 17:57:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b41acebf5b 
					 
					
						
						
							
							providers/proxy: add caddy endpoint ( #3330 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
						
						
					 
					
						2022-07-29 10:58:53 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1c64616ebd 
					 
					
						
						
							
							sources/ldap: add configuration for LDAP Source ciphers  
						
						... 
						
						
						
						closes  #3110 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
					
						2022-07-01 19:53:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						23273f53cc 
					 
					
						
						
							
							providers/oauth2: if no scopes are sent in authorize request, select all configured scopes  
						
						... 
						
						
						
						closes  #3112 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org > 
					
						2022-07-01 19:45:26 +02:00