From 285a9b8b1d21033f3e05aaa478244e6f04735a5d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 22 Jul 2021 10:48:10 +0200 Subject: [PATCH] website/docs: remove duplicate proxy docs Signed-off-by: Jens Langhammer --- .../docs/{outposts/ldap => providers}/ldap.md | 4 +-- website/docs/providers/proxy.md | 27 ----------------- .../proxy/forward_auth.mdx | 6 ++-- .../{outposts => providers}/proxy/proxy.md | 3 +- website/docs/releases/v0.10.md | 2 +- website/docs/releases/v2021.5.md | 2 +- website/sidebars.js | 29 +++++++++---------- 7 files changed, 23 insertions(+), 50 deletions(-) rename website/docs/{outposts/ldap => providers}/ldap.md (98%) delete mode 100644 website/docs/providers/proxy.md rename website/docs/{outposts => providers}/proxy/forward_auth.mdx (97%) rename website/docs/{outposts => providers}/proxy/proxy.md (92%) diff --git a/website/docs/outposts/ldap/ldap.md b/website/docs/providers/ldap.md similarity index 98% rename from website/docs/outposts/ldap/ldap.md rename to website/docs/providers/ldap.md index d3bf8c138..2aead1e10 100644 --- a/website/docs/outposts/ldap/ldap.md +++ b/website/docs/providers/ldap.md @@ -1,5 +1,5 @@ --- -title: LDAP Outpost +title: LDAP Provider --- :::info @@ -55,7 +55,7 @@ The following fields are current set for groups: - "group" - "goauthentik.io/ldap/group" -A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`. +A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`. The virtual groups gidNumber is equal to the uidNumber of the user. **Additionally**, for both users and (non-virtual) groups, any attributes you set are also present as LDAP Attributes. diff --git a/website/docs/providers/proxy.md b/website/docs/providers/proxy.md deleted file mode 100644 index 0503f2d25..000000000 --- a/website/docs/providers/proxy.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Proxy Provider ---- - -:::info -This provider is to be used in conjunction with [Outposts](../outposts/outposts.md) -::: - -This provider protects applications, which have no built-in support for OAuth2 or SAML. This is done by running a lightweight Reverse Proxy in front of the application, which authenticates the requests. - -authentik Proxy is based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), but has been integrated more tightly with authentik. - -The Proxy these extra headers to the application: - -| Header Name | Value | -| ------------------------------ | --------------------------------------------------- | -| X-Forwarded-User | The user's unique identifier (**not the username**) | -| X-Forwarded-Email | The user's email address | -| X-Forwarded-Preferred-Username | The user's username | -| X-Auth-Username | The user's username | - -Additionally, you can add more custom headers using `additionalHeaders` in the User or Group Properties, for example - -```yaml -additionalHeaders: - X-additional-header: bar -``` diff --git a/website/docs/outposts/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx similarity index 97% rename from website/docs/outposts/proxy/forward_auth.mdx rename to website/docs/providers/proxy/forward_auth.mdx index 0f5258875..4553518b6 100644 --- a/website/docs/outposts/proxy/forward_auth.mdx +++ b/website/docs/providers/proxy/forward_auth.mdx @@ -117,7 +117,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri - nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User + nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User,X-Auth-Groups nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; ``` @@ -145,6 +145,7 @@ http: authResponseHeaders: - Set-Cookie - X-Auth-Username + - X-Auth-Groups - X-Forwarded-Email - X-Forwarded-Preferred-Username - X-Forwarded-User @@ -211,7 +212,7 @@ services: traefik.http.routers.authentik.tls: true traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:4180/akprox/auth?traefik traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User + traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Auth-Groups,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User restart: unless-stopped whoami: @@ -241,6 +242,7 @@ spec: authResponseHeaders: - Set-Cookie - X-Auth-Username + - X-Auth-Groups - X-Forwarded-Email - X-Forwarded-Preferred-Username - X-Forwarded-User diff --git a/website/docs/outposts/proxy/proxy.md b/website/docs/providers/proxy/proxy.md similarity index 92% rename from website/docs/outposts/proxy/proxy.md rename to website/docs/providers/proxy/proxy.md index 481bc4beb..21ad1a96f 100644 --- a/website/docs/outposts/proxy/proxy.md +++ b/website/docs/providers/proxy/proxy.md @@ -1,11 +1,12 @@ --- -title: Proxy Outpost +title: Proxy provider --- The proxy outpost sets the following headers: ``` X-Auth-Username: akadmin # The username of the currently logged in user +X-Auth-Groups: foo|bar|baz # The groups the user is member of, separated by a pipe X-Forwarded-Email: root@localhost # The email address of the currently logged in user X-Forwarded-Preferred-Username: akadmin # The username of the currently logged in user X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user. diff --git a/website/docs/releases/v0.10.md b/website/docs/releases/v0.10.md index e83261fba..f69e13938 100644 --- a/website/docs/releases/v0.10.md +++ b/website/docs/releases/v0.10.md @@ -13,7 +13,7 @@ This update brings a lot of big features, such as: Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more. - See [Proxy](../providers/proxy.md) + See [Proxy](../providers/proxy/proxy.md) - Outpost System diff --git a/website/docs/releases/v2021.5.md b/website/docs/releases/v2021.5.md index 203d4e0f7..24eaaec7a 100644 --- a/website/docs/releases/v2021.5.md +++ b/website/docs/releases/v2021.5.md @@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in - Compatibility with forwardAuth/auth_request The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost, - and the correct config from [here](../outposts/proxy/forward_auth.mdx). + and the correct config from [here](../providers/proxy/forward_auth.mdx). - Docker images for ARM diff --git a/website/sidebars.js b/website/sidebars.js index 77eb7b53e..89f56c07f 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -23,7 +23,19 @@ module.exports = { { type: "category", label: "Providers", - items: ["providers/oauth2", "providers/saml", "providers/proxy"], + items: [ + "providers/oauth2", + "providers/saml", + { + type: "category", + label: "Proxy", + items: [ + "providers/proxy/proxy", + "providers/proxy/forward_auth", + ], + }, + "providers/ldap", + ], }, { type: "category", @@ -39,21 +51,6 @@ module.exports = { "outposts/manual-deploy-kubernetes", ], }, - { - type: "category", - label: "Proxy", - items: [ - "outposts/proxy/proxy", - "outposts/proxy/forward_auth", - ], - }, - { - type: "category", - label: "LDAP", - items: [ - "outposts/ldap/ldap", - ], - }, ], }, {