authentik

Author	SHA1	Message	Date
Jens Langhammer	fad18db70b	more mschap v2, start peap extension type 33 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	e0c837257c	fix decode not called in inner protocol Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	2a567ccc85	peap: fix encode Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	e36373ceab	cleanup parsing Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	d8a625be03	fix a bunch of stuff ig Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	4d944f7444	eap/tls: trunc data to size we read Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:02 +02:00
Jens Langhammer	c49274042b	slightly better decoding Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:01 +02:00
Jens Langhammer	10fc15ffe0	more debug tools Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:01 +02:00
Jens Langhammer	7c996d9d9d	start handling inner Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:01 +02:00
Jens Langhammer	5d25f68b71	start inner STM Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:01 +02:00
Jens Langhammer	8da54d5811	more refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	4571f5e644	working PEAP decode Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	ee234ea3aa	simplify Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	82c177b7eb	try to make this work Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	1155ccb3e8	support SSLKEYLOGFILE Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	1575b96262	separate eap logic into protocol Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	19bb77638a	folder structure to prepare eap in eap Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	d6cf129eaa	attempt peap Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	b6686cff14	refactor v1, start support for more protocols and implement nak Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	8cf8f1e199	keep eap state when refreshing Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	50c50c4109	remove panic Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	3ada3a7e0e	make certificate configurable Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	fa06c9fe4e	start tying it into the flow Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	2a024238fe	slightly better logging Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	91c87b7c3c	ok this works kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	318443f270	hmmm idk Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	ac88784089	maybe? Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	855afa7b9f	slight read refactor (seems to fix flaky issues?) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	240abfef41	use tighter retry that cancels and backs off Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	03075f1890	slight refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	5bc0ed6e11	apparently it works now Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	8f4cfc28c7	fix outgoing buffer not cleared when sending unchunked Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	6d77eaaab7	deduplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	9cee59537c	prep ctx Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	fc5c0e2789	generate MPPE key Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	573446689f	fix remaning tls data not sent Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	fd4bfe604d	more fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	06e76a5b37	it's almost working Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	3c228bf5c3	try to make the finish work Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	8a80f07db2	this might actually be cooking Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	ae59a3e576	we're getting somewhere Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	df21e678d6	fix a bunch more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	a71532b3e3	refactor more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	d7cb0b3ea1	fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	ba8f137885	keep track of total payload size Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	958ff66070	fix parsing when lengincluded is not set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	ad57c66a32	better log Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	2bba0ddd74	might actually happen? Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Dominic R	5af2378738	outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000 ) Closes https://github.com/goauthentik/authentik/issues/13539 When LDAP clients like Jira submit search requests with comma-separated attributes (e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return an "Operations Error". Ths fix adds attribute normalization to properly handle both formats by splitting comma separated attributes into individual entries. Tests pass: ``` === RUN TestNormalizeAttributes === RUN TestNormalizeAttributes/Empty_input === RUN TestNormalizeAttributes/No_commas === RUN TestNormalizeAttributes/Single_comma-separated_string === RUN TestNormalizeAttributes/Mixed_input === RUN TestNormalizeAttributes/With_spaces === RUN TestNormalizeAttributes/Empty_parts === RUN TestNormalizeAttributes/Single_element === RUN TestNormalizeAttributes/Only_commas === RUN TestNormalizeAttributes/Multiple_comma-separated_attributes === RUN TestNormalizeAttributes/Case_preservation === RUN TestNormalizeAttributes/Leading_and_trailing_spaces === RUN TestNormalizeAttributes/Real-world_LDAP_attribute_examples === RUN TestNormalizeAttributes/Jira-style_attribute_format === RUN TestNormalizeAttributes/Single_string_with_single_attribute === RUN TestNormalizeAttributes/Mix_of_standard_and_operational_attributes --- PASS: TestNormalizeAttributes (0.00s) --- PASS: TestNormalizeAttributes/Empty_input (0.00s) --- PASS: TestNormalizeAttributes/No_commas (0.00s) --- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s) --- PASS: TestNormalizeAttributes/Mixed_input (0.00s) --- PASS: TestNormalizeAttributes/With_spaces (0.00s) --- PASS: TestNormalizeAttributes/Empty_parts (0.00s) --- PASS: TestNormalizeAttributes/Single_element (0.00s) --- PASS: TestNormalizeAttributes/Only_commas (0.00s) --- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s) --- PASS: TestNormalizeAttributes/Case_preservation (0.00s) --- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s) --- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s) --- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s) --- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s) --- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s) PASS ok goauthentik.io/internal/outpost/ldap/search 0.194s ```	2025-06-11 18:16:40 +02:00
Jens L.	88fa7e37dc	outposts: Refactor session end signal and add LDAP support (#14539 ) * outpost: promote session end signal to non-provider specific Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement server-side logout in ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix previous import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use better retry logic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * log Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make more generic if we switch from ws to something else Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it possible to e2e test WS Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ldap session id Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok I actually need to go to bed this took me an hour to fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format; add ldap test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix leftover state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove thread Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use ws base for radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate test utils Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing super calls Signed-off-by: Jens Langhammer <jens@goauthentik.io> * websocket tests with browser 🎉 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add proxy test for sign out Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix install_id issue with channels tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy basic auth test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * big code dedupe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow passing go build args Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve waiting for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite ldap tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok actually fix the tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * undo a couple things that need more time to cook Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix session id for ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing createTimestamp and modifyTimestamp ldap attributes closes #10474 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-10 12:11:21 +02:00

1 2 3 4 5 ...

457 Commits