*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3f6f83b4b6
commit
4343246a41
|
@ -12,4 +12,8 @@ class AuthentikProviderProxyConfig(AppConfig):
|
|||
verbose_name = "authentik Providers.Proxy"
|
||||
|
||||
def ready(self) -> None:
|
||||
from authentik.providers.proxy.tasks import proxy_set_defaults
|
||||
|
||||
import_module("authentik.providers.proxy.managed")
|
||||
|
||||
proxy_set_defaults.delay()
|
||||
|
|
|
@ -28,12 +28,12 @@ class ProxyDockerController(DockerController):
|
|||
labels["traefik.enable"] = "true"
|
||||
labels[
|
||||
f"traefik.http.routers.{traefik_name}-router.rule"
|
||||
] = f"Host({','.join(hosts)}) && PathPrefix(`/akprox`)"
|
||||
] = f"Host({','.join(hosts)}) && PathPrefix(`/outpost.goauthentik.io`)"
|
||||
labels[f"traefik.http.routers.{traefik_name}-router.tls"] = "true"
|
||||
labels[f"traefik.http.routers.{traefik_name}-router.service"] = f"{traefik_name}-service"
|
||||
labels[
|
||||
f"traefik.http.services.{traefik_name}-service.loadbalancer.healthcheck.path"
|
||||
] = "/akprox/ping"
|
||||
] = "/outpost.goauthentik.io/ping"
|
||||
labels[
|
||||
f"traefik.http.services.{traefik_name}-service.loadbalancer.healthcheck.port"
|
||||
] = "9300"
|
||||
|
|
|
@ -126,7 +126,7 @@ class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
|
|||
port=V1ServiceBackendPort(name="http"),
|
||||
),
|
||||
),
|
||||
path="/akprox",
|
||||
path="/outpost.goauthentik.io",
|
||||
path_type="ImplementationSpecific",
|
||||
)
|
||||
]
|
||||
|
|
|
@ -119,7 +119,10 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
|||
),
|
||||
spec=TraefikMiddlewareSpec(
|
||||
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
||||
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
||||
address=(
|
||||
f"http://{self.name}.{self.namespace}:9000/"
|
||||
"outpost.goauthentik.io/auth/traefik"
|
||||
),
|
||||
authResponseHeaders=[
|
||||
"X-authentik-username",
|
||||
"X-authentik-groups",
|
||||
|
|
|
@ -27,7 +27,7 @@ def get_cookie_secret():
|
|||
|
||||
|
||||
def _get_callback_url(uri: str) -> str:
|
||||
return urljoin(uri, "/akprox/callback")
|
||||
return urljoin(uri, "/outpost.goauthentik.io/callback")
|
||||
|
||||
|
||||
class ProxyMode(models.TextChoices):
|
||||
|
|
11
authentik/providers/proxy/tasks.py
Normal file
11
authentik/providers/proxy/tasks.py
Normal file
|
@ -0,0 +1,11 @@
|
|||
"""proxy provider tasks"""
|
||||
from authentik.providers.proxy.models import ProxyProvider
|
||||
from authentik.root.celery import CELERY_APP
|
||||
|
||||
|
||||
@CELERY_APP.task()
|
||||
def proxy_set_defaults():
|
||||
"""Ensure correct defaults are set for all providers"""
|
||||
for provider in ProxyProvider.objects.all():
|
||||
provider.set_oauth_defaults()
|
||||
provider.save()
|
|
@ -25,7 +25,7 @@ var (
|
|||
func RunServer() {
|
||||
m := mux.NewRouter()
|
||||
l := log.WithField("logger", "authentik.outpost.metrics")
|
||||
m.HandleFunc("/akprox/ping", func(rw http.ResponseWriter, r *http.Request) {
|
||||
m.HandleFunc("/outpost.goauthentik.io/ping", func(rw http.ResponseWriter, r *http.Request) {
|
||||
rw.WriteHeader(204)
|
||||
})
|
||||
m.Path("/metrics").Handler(promhttp.Handler())
|
||||
|
|
|
@ -78,7 +78,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
|||
oauth2Config := oauth2.Config{
|
||||
ClientID: *p.ClientId,
|
||||
ClientSecret: *p.ClientSecret,
|
||||
RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"),
|
||||
RedirectURL: urlJoin(p.ExternalHost, "/outpost.goauthentik.io/callback"),
|
||||
Endpoint: endpoint.Endpoint,
|
||||
Scopes: p.ScopesToRequest,
|
||||
}
|
||||
|
@ -145,10 +145,10 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
|||
mux.Use(sentryhttp.New(sentryhttp.Options{}).Handle)
|
||||
|
||||
// Support /start and /sign_in for backwards compatibility
|
||||
mux.HandleFunc("/akprox/start", a.handleRedirect)
|
||||
mux.HandleFunc("/akprox/sign_in", a.handleRedirect)
|
||||
mux.HandleFunc("/akprox/callback", a.handleCallback)
|
||||
mux.HandleFunc("/akprox/sign_out", a.handleSignOut)
|
||||
mux.HandleFunc("/outpost.goauthentik.io/start", a.handleRedirect)
|
||||
mux.HandleFunc("/outpost.goauthentik.io/sign_in", a.handleRedirect)
|
||||
mux.HandleFunc("/outpost.goauthentik.io/callback", a.handleCallback)
|
||||
mux.HandleFunc("/outpost.goauthentik.io/sign_out", a.handleSignOut)
|
||||
switch *p.Mode {
|
||||
case api.PROXYMODE_PROXY:
|
||||
err = a.configureProxy()
|
||||
|
|
|
@ -18,7 +18,7 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str
|
|||
data := ErrorPageData{
|
||||
Title: "Bad Gateway",
|
||||
Message: "Error proxying to upstream server",
|
||||
ProxyPrefix: "/akprox",
|
||||
ProxyPrefix: "/outpost.goauthentik.io",
|
||||
}
|
||||
if claims != nil && len(err) > 0 {
|
||||
data.Message = err
|
||||
|
|
|
@ -12,15 +12,15 @@ import (
|
|||
)
|
||||
|
||||
func (a *Application) configureForward() error {
|
||||
a.mux.HandleFunc("/akprox/auth", func(rw http.ResponseWriter, r *http.Request) {
|
||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
|
||||
if _, ok := r.URL.Query()["traefik"]; ok {
|
||||
a.forwardHandleTraefik(rw, r)
|
||||
return
|
||||
}
|
||||
a.forwardHandleNginx(rw, r)
|
||||
})
|
||||
a.mux.HandleFunc("/akprox/auth/traefik", a.forwardHandleTraefik)
|
||||
a.mux.HandleFunc("/akprox/auth/nginx", a.forwardHandleNginx)
|
||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
|
||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -49,8 +49,8 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
|
|||
a.log.Trace("path can be accessed without authentication")
|
||||
return
|
||||
}
|
||||
if strings.HasPrefix(r.Header.Get("X-Forwarded-Uri"), "/akprox") {
|
||||
a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access")
|
||||
if strings.HasPrefix(r.Header.Get("X-Forwarded-Uri"), "/outpost.goauthentik.io") {
|
||||
a.log.WithField("url", r.URL.String()).Trace("path begins with /outpost.goauthentik.io, allowing access")
|
||||
return
|
||||
}
|
||||
host := ""
|
||||
|
@ -80,7 +80,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
|
|||
if proto != "" {
|
||||
proto = proto + ":"
|
||||
}
|
||||
rdFinal := fmt.Sprintf("%s//%s%s", proto, host, "/akprox/start")
|
||||
rdFinal := fmt.Sprintf("%s//%s%s", proto, host, "/outpost.goauthentik.io/start")
|
||||
a.log.WithField("url", rdFinal).Debug("Redirecting to login")
|
||||
http.Redirect(rw, r, rdFinal, http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
@ -119,8 +119,8 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
|
|||
}
|
||||
|
||||
if fwd.String() != r.URL.String() {
|
||||
if strings.HasPrefix(fwd.Path, "/akprox") {
|
||||
a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access")
|
||||
if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
|
||||
a.log.WithField("url", r.URL.String()).Trace("path begins with /outpost.goauthentik.io, allowing access")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
func TestForwardHandleNginx_Single_Blank(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
a.forwardHandleNginx(rr, req)
|
||||
|
@ -22,7 +22,7 @@ func TestForwardHandleNginx_Single_Blank(t *testing.T) {
|
|||
|
||||
func TestForwardHandleNginx_Single_Skip(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/skip")
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
|
@ -33,7 +33,7 @@ func TestForwardHandleNginx_Single_Skip(t *testing.T) {
|
|||
|
||||
func TestForwardHandleNginx_Single_Headers(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
|
@ -47,7 +47,7 @@ func TestForwardHandleNginx_Single_Headers(t *testing.T) {
|
|||
|
||||
func TestForwardHandleNginx_Single_URI(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "https://foo.bar/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "https://foo.bar/outpost.goauthentik.io/auth/nginx", nil)
|
||||
req.Header.Set("X-Original-URI", "/app")
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
|
@ -61,7 +61,7 @@ func TestForwardHandleNginx_Single_URI(t *testing.T) {
|
|||
|
||||
func TestForwardHandleNginx_Single_Claims(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
req.Header.Set("X-Original-URI", "/")
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
|
@ -108,7 +108,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
|
|||
a := newTestApplication()
|
||||
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
||||
a.proxyConfig.CookieDomain = api.PtrString("foo")
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
a.forwardHandleNginx(rr, req)
|
||||
|
@ -121,7 +121,7 @@ func TestForwardHandleNginx_Domain_Header(t *testing.T) {
|
|||
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
||||
a.proxyConfig.CookieDomain = api.PtrString("foo")
|
||||
a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
|
||||
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
func TestForwardHandleTraefik_Single_Blank(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
a.forwardHandleTraefik(rr, req)
|
||||
|
@ -22,7 +22,7 @@ func TestForwardHandleTraefik_Single_Blank(t *testing.T) {
|
|||
|
||||
func TestForwardHandleTraefik_Single_Skip(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
req.Header.Set("X-Forwarded-Proto", "http")
|
||||
req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
|
||||
req.Header.Set("X-Forwarded-Uri", "/skip")
|
||||
|
@ -35,7 +35,7 @@ func TestForwardHandleTraefik_Single_Skip(t *testing.T) {
|
|||
|
||||
func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
req.Header.Set("X-Forwarded-Proto", "http")
|
||||
req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
|
||||
req.Header.Set("X-Forwarded-Uri", "/app")
|
||||
|
@ -45,7 +45,7 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
|
|||
|
||||
assert.Equal(t, rr.Code, http.StatusTemporaryRedirect)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, loc.String(), "http://test.goauthentik.io/akprox/start")
|
||||
assert.Equal(t, loc.String(), "http://test.goauthentik.io/outpost.goauthentik.io/start")
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
|
||||
|
@ -53,7 +53,7 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
|
|||
|
||||
func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
|
||||
a := newTestApplication()
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
req.Header.Set("X-Forwarded-Proto", "http")
|
||||
req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
|
||||
req.Header.Set("X-Forwarded-Uri", "/app")
|
||||
|
@ -102,7 +102,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
|
|||
a := newTestApplication()
|
||||
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
||||
a.proxyConfig.CookieDomain = api.PtrString("foo")
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
a.forwardHandleTraefik(rr, req)
|
||||
|
@ -115,7 +115,7 @@ func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
|
|||
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
||||
a.proxyConfig.CookieDomain = api.PtrString("foo")
|
||||
a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
|
||||
req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
|
||||
req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
|
||||
req.Header.Set("X-Forwarded-Proto", "http")
|
||||
req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
|
||||
req.Header.Set("X-Forwarded-Uri", "/app")
|
||||
|
@ -125,7 +125,7 @@ func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
|
|||
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, "http://auth.test.goauthentik.io/akprox/start", loc.String())
|
||||
assert.Equal(t, "http://auth.test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
|
||||
|
|
|
@ -42,7 +42,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
|
|||
a.log.WithError(err).Warning("failed to save session before redirect")
|
||||
}
|
||||
|
||||
authUrl := urlJoin(a.proxyConfig.ExternalHost, "/akprox/start")
|
||||
authUrl := urlJoin(a.proxyConfig.ExternalHost, "/outpost.goauthentik.io/start")
|
||||
http.Redirect(rw, r, authUrl, http.StatusFound)
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ func TestRedirectToStart_Proxy(t *testing.T) {
|
|||
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
|
||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
||||
|
@ -38,7 +38,7 @@ func TestRedirectToStart_Forward(t *testing.T) {
|
|||
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
|
||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
||||
|
@ -56,7 +56,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
|
|||
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
|
||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
||||
|
@ -74,7 +74,7 @@ func TestRedirectToStart_Forward_Domain(t *testing.T) {
|
|||
|
||||
assert.Equal(t, http.StatusFound, rr.Code)
|
||||
loc, _ := rr.Result().Location()
|
||||
assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
|
||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
||||
|
||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
||||
|
|
|
@ -32,7 +32,7 @@ func (ps *ProxyServer) HandlePing(rw http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
|
||||
before := time.Now()
|
||||
web.DisableIndex(http.StripPrefix("/akprox/static/dist", staticWeb.StaticHandler)).ServeHTTP(rw, r)
|
||||
web.DisableIndex(http.StripPrefix("/outpost.goauthentik.io/static/dist", staticWeb.StaticHandler)).ServeHTTP(rw, r)
|
||||
after := time.Since(before)
|
||||
metrics.Requests.With(prometheus.Labels{
|
||||
"outpost_name": ps.akAPI.Outpost.Name,
|
||||
|
@ -90,11 +90,11 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
|
|||
}
|
||||
|
||||
func (ps *ProxyServer) Handle(rw http.ResponseWriter, r *http.Request) {
|
||||
if strings.HasPrefix(r.URL.Path, "/akprox/static") {
|
||||
if strings.HasPrefix(r.URL.Path, "/outpost.goauthentik.io/static") {
|
||||
ps.HandleStatic(rw, r)
|
||||
return
|
||||
}
|
||||
if strings.HasPrefix(r.URL.Path, "/akprox/ping") {
|
||||
if strings.HasPrefix(r.URL.Path, "/outpost.goauthentik.io/ping") {
|
||||
ps.HandlePing(rw, r)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ var (
|
|||
func RunServer() {
|
||||
m := mux.NewRouter()
|
||||
l := log.WithField("logger", "authentik.outpost.metrics")
|
||||
m.HandleFunc("/akprox/ping", func(rw http.ResponseWriter, r *http.Request) {
|
||||
m.HandleFunc("/outpost.goauthentik.io/ping", func(rw http.ResponseWriter, r *http.Request) {
|
||||
rw.WriteHeader(204)
|
||||
})
|
||||
m.Path("/metrics").Handler(promhttp.Handler())
|
||||
|
|
|
@ -64,8 +64,8 @@ func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
|
|||
akAPI: ac,
|
||||
defaultCert: defaultCert,
|
||||
}
|
||||
globalMux.PathPrefix("/akprox/static").HandlerFunc(s.HandleStatic)
|
||||
globalMux.Path("/akprox/ping").HandlerFunc(s.HandlePing)
|
||||
globalMux.PathPrefix("/outpost.goauthentik.io/static").HandlerFunc(s.HandleStatic)
|
||||
globalMux.Path("/outpost.goauthentik.io/ping").HandlerFunc(s.HandlePing)
|
||||
rootMux.PathPrefix("/").HandlerFunc(s.Handle)
|
||||
return s
|
||||
}
|
||||
|
|
|
@ -5,12 +5,12 @@
|
|||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
|
||||
<title>{{.Title}}</title>
|
||||
<link rel="shortcut icon" type="image/png" href="/akprox/static/dist/assets/icons/icon.png">
|
||||
<link rel="stylesheet" type="text/css" href="/akprox/static/dist/patternfly.min.css">
|
||||
<link rel="stylesheet" type="text/css" href="/akprox/static/dist/authentik.css">
|
||||
<link rel="shortcut icon" type="image/png" href="/outpost.goauthentik.io/static/dist/assets/icons/icon.png">
|
||||
<link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/patternfly.min.css">
|
||||
<link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/authentik.css">
|
||||
<style>
|
||||
.pf-c-background-image::before {
|
||||
--ak-flow-background: url("/akprox/static/dist/assets/images/flow_background.jpg");
|
||||
--ak-flow-background: url("/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg");
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
@ -32,7 +32,7 @@
|
|||
<div class="ak-login-container">
|
||||
<header class="pf-c-login__header">
|
||||
<div class="pf-c-brand ak-brand">
|
||||
<img src="/akprox/static/dist/assets/icons/icon_left_brand.svg" alt="authentik icon" />
|
||||
<img src="/outpost.goauthentik.io/static/dist/assets/icons/icon_left_brand.svg" alt="authentik icon" />
|
||||
</div>
|
||||
</header>
|
||||
<main class="pf-c-login__main">
|
||||
|
|
|
@ -28,7 +28,7 @@ func (ws *WebServer) configureProxy() {
|
|||
rp := &httputil.ReverseProxy{Director: director}
|
||||
rp.ErrorHandler = ws.proxyErrorHandler
|
||||
rp.ModifyResponse = ws.proxyModifyResponse
|
||||
ws.m.PathPrefix("/akprox").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
ws.m.PathPrefix("/outpost.goauthentik.io").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
if ws.ProxyServer != nil {
|
||||
before := time.Now()
|
||||
ws.ProxyServer.Handle(rw, r)
|
||||
|
|
|
@ -19,7 +19,7 @@ ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
|
|||
|
||||
COPY --from=builder /go/ldap /
|
||||
|
||||
HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/akprox/ping" ]
|
||||
HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/outpost.goauthentik.io/ping" ]
|
||||
|
||||
EXPOSE 3389 6636 9300
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ COPY --from=web-builder /static/security.txt /web/security.txt
|
|||
COPY --from=web-builder /static/dist/ /web/dist/
|
||||
COPY --from=web-builder /static/authentik/ /web/authentik/
|
||||
|
||||
HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/akprox/ping" ]
|
||||
HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/outpost.goauthentik.io/ping" ]
|
||||
|
||||
EXPOSE 9000 9300 9443
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ class TestProviderProxy(SeleniumTestCase):
|
|||
self.assertIn(f"X-Authentik-Username: {self.user.username}", full_body_text)
|
||||
self.assertIn("X-Foo: bar", full_body_text)
|
||||
|
||||
self.driver.get("http://localhost:9000/akprox/sign_out")
|
||||
self.driver.get("http://localhost:9000/outpost.goauthentik.io/sign_out")
|
||||
sleep(2)
|
||||
full_body_text = self.driver.find_element(By.CSS_SELECTOR, ".pf-c-title.pf-m-3xl").text
|
||||
self.assertIn("You've logged out of proxy.", full_body_text)
|
||||
|
|
|
@ -13,7 +13,7 @@ msgstr ""
|
|||
"Language-Team: \n"
|
||||
"Plural-Forms: \n"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "#/identity/users/{0}"
|
||||
#~ msgstr "#/identity/users/{0}"
|
||||
|
||||
|
@ -141,7 +141,7 @@ msgstr "About applications"
|
|||
msgid "Access Key"
|
||||
msgstr "Access Key"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Access code validity"
|
||||
#~ msgstr "Access code validity"
|
||||
|
||||
|
@ -461,7 +461,7 @@ msgstr "Attributes"
|
|||
msgid "Audience"
|
||||
msgstr "Audience"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Auth Type"
|
||||
#~ msgstr "Auth Type"
|
||||
|
||||
|
@ -504,7 +504,7 @@ msgstr "Authenticator Attachment"
|
|||
msgid "Authorization"
|
||||
msgstr "Authorization"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Authorization Code"
|
||||
#~ msgstr "Authorization Code"
|
||||
|
||||
|
@ -656,7 +656,7 @@ msgstr "Browser"
|
|||
msgid "Build hash:"
|
||||
msgstr "Build hash:"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Build hash: {0}"
|
||||
#~ msgstr "Build hash: {0}"
|
||||
|
||||
|
@ -733,7 +733,7 @@ msgstr "Certificate Subject"
|
|||
msgid "Certificate used to sign outgoing Responses going to the Service Provider."
|
||||
msgstr "Certificate used to sign outgoing Responses going to the Service Provider."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Certificate-Key Pair"
|
||||
#~ msgstr "Certificate-Key Pair"
|
||||
|
||||
|
@ -816,7 +816,7 @@ msgstr "Check the IP of the Kubernetes service, or"
|
|||
msgid "Check the logs"
|
||||
msgstr "Check the logs"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Check your Emails for a password reset link."
|
||||
#~ msgstr "Check your Emails for a password reset link."
|
||||
|
||||
|
@ -951,11 +951,11 @@ msgstr "Configuration flow"
|
|||
msgid "Configuration stage"
|
||||
msgstr "Configuration stage"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure WebAuthn"
|
||||
#~ msgstr "Configure WebAuthn"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure how long access codes are valid for."
|
||||
#~ msgstr "Configure how long access codes are valid for."
|
||||
|
||||
|
@ -987,8 +987,8 @@ msgstr "Configure how the issuer field of the ID Token should be filled."
|
|||
msgid "Configure how the outpost queries the core authentik server's users."
|
||||
msgstr "Configure how the outpost queries the core authentik server's users."
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure settings relevant to your user profile."
|
||||
#~ msgstr "Configure settings relevant to your user profile."
|
||||
|
||||
|
@ -1110,7 +1110,7 @@ msgstr "Cookie domain"
|
|||
msgid "Copy"
|
||||
msgstr "Copy"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Copy Key"
|
||||
#~ msgstr "Copy Key"
|
||||
|
||||
|
@ -1293,7 +1293,7 @@ msgstr "Create {0}"
|
|||
msgid "Created by"
|
||||
msgstr "Created by"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Created {0}"
|
||||
#~ msgstr "Created {0}"
|
||||
|
||||
|
@ -1303,7 +1303,7 @@ msgstr "Created by"
|
|||
msgid "Creation Date"
|
||||
msgstr "Creation Date"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Current plan cntext"
|
||||
#~ msgstr "Current plan cntext"
|
||||
|
||||
|
@ -1398,24 +1398,24 @@ msgstr "Define how notifications are sent to users, like Email or Webhook."
|
|||
msgid "Delete"
|
||||
msgstr "Delete"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Authorization Code"
|
||||
#~ msgstr "Delete Authorization Code"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Binding"
|
||||
#~ msgstr "Delete Binding"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Consent"
|
||||
#~ msgstr "Delete Consent"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Refresh Code"
|
||||
#~ msgstr "Delete Refresh Code"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Session"
|
||||
#~ msgstr "Delete Session"
|
||||
|
||||
|
@ -1496,7 +1496,7 @@ msgstr "Device classes"
|
|||
msgid "Device classes which can be used to authenticate."
|
||||
msgstr "Device classes which can be used to authenticate."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Device name"
|
||||
#~ msgstr "Device name"
|
||||
|
||||
|
@ -1525,24 +1525,24 @@ msgstr "Direct querying, always returns the latest data, but slower than cached
|
|||
msgid "Directory"
|
||||
msgstr "Directory"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable"
|
||||
#~ msgstr "Disable"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Duo authenticator"
|
||||
#~ msgstr "Disable Duo authenticator"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable SMS authenticator"
|
||||
#~ msgstr "Disable SMS authenticator"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Static Tokens"
|
||||
#~ msgstr "Disable Static Tokens"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Time-based OTP"
|
||||
#~ msgstr "Disable Time-based OTP"
|
||||
|
||||
|
@ -1592,7 +1592,7 @@ msgstr "Due to protocol limitations, this certificate is only used when the outp
|
|||
msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
|
||||
msgstr "Dummy stage used for testing. Shows a simple continue button and always passes."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Duo"
|
||||
#~ msgstr "Duo"
|
||||
|
||||
|
@ -1702,16 +1702,16 @@ msgstr "Email: Text field with Email type."
|
|||
msgid "Embedded outpost is not configured correctly."
|
||||
msgstr "Embedded outpost is not configured correctly."
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable"
|
||||
#~ msgstr "Enable"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Duo authenticator"
|
||||
#~ msgstr "Enable Duo authenticator"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable SMS authenticator"
|
||||
#~ msgstr "Enable SMS authenticator"
|
||||
|
||||
|
@ -1719,11 +1719,11 @@ msgstr "Embedded outpost is not configured correctly."
|
|||
msgid "Enable StartTLS"
|
||||
msgstr "Enable StartTLS"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Static Tokens"
|
||||
#~ msgstr "Enable Static Tokens"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable TOTP"
|
||||
#~ msgstr "Enable TOTP"
|
||||
|
||||
|
@ -1787,7 +1787,7 @@ msgstr "Error when validating assertion on server: {err}"
|
|||
msgid "Error: unsupported source settings: {0}"
|
||||
msgstr "Error: unsupported source settings: {0}"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Error: unsupported stage settings: {0}"
|
||||
#~ msgstr "Error: unsupported stage settings: {0}"
|
||||
|
||||
|
@ -1833,7 +1833,7 @@ msgstr "Everything is ok."
|
|||
msgid "Exception"
|
||||
msgstr "Exception"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute"
|
||||
#~ msgstr "Execute"
|
||||
|
||||
|
@ -1841,7 +1841,7 @@ msgstr "Exception"
|
|||
msgid "Execute flow"
|
||||
msgstr "Execute flow"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute with inspector"
|
||||
#~ msgstr "Execute with inspector"
|
||||
|
||||
|
@ -2013,7 +2013,7 @@ msgstr "Field of the user object this value is written to."
|
|||
msgid "Field which contains a unique Identifier."
|
||||
msgstr "Field which contains a unique Identifier."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Field which contains members of a group."
|
||||
#~ msgstr "Field which contains members of a group."
|
||||
|
||||
|
@ -2210,7 +2210,7 @@ msgstr "Generic OpenID Connect"
|
|||
msgid "Get this value from https://console.twilio.com"
|
||||
msgstr "Get this value from https://console.twilio.com"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Go to admin interface"
|
||||
#~ msgstr "Go to admin interface"
|
||||
|
||||
|
@ -2222,7 +2222,7 @@ msgstr "Go to next page"
|
|||
msgid "Go to previous page"
|
||||
msgstr "Go to previous page"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Go to user interface"
|
||||
#~ msgstr "Go to user interface"
|
||||
|
||||
|
@ -2526,7 +2526,7 @@ msgstr "Invalidation"
|
|||
msgid "Invalidation flow"
|
||||
msgstr "Invalidation flow"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Invitation"
|
||||
#~ msgstr "Invitation"
|
||||
|
||||
|
@ -2648,7 +2648,7 @@ msgstr "Launch URL"
|
|||
msgid "Let the user identify themselves with their username or Email address."
|
||||
msgstr "Let the user identify themselves with their username or Email address."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Library"
|
||||
#~ msgstr "Library"
|
||||
|
||||
|
@ -2952,7 +2952,7 @@ msgstr "Model deleted"
|
|||
msgid "Model updated"
|
||||
msgstr "Model updated"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Monitor"
|
||||
#~ msgstr "Monitor"
|
||||
|
||||
|
@ -3241,7 +3241,7 @@ msgstr "Notification Rules"
|
|||
msgid "Notification Transports"
|
||||
msgstr "Notification Transports"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Notification rule"
|
||||
#~ msgstr "Notification rule"
|
||||
|
||||
|
@ -3261,7 +3261,7 @@ msgstr "Notification transport(s)"
|
|||
msgid "Notifications"
|
||||
msgstr "Notifications"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Notifications Transport"
|
||||
#~ msgstr "Notifications Transport"
|
||||
|
||||
|
@ -3324,7 +3324,7 @@ msgstr "Only send notification once, for example when sending a webhook into a c
|
|||
msgid "Open API Browser"
|
||||
msgstr "Open API Browser"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Open application"
|
||||
#~ msgstr "Open application"
|
||||
|
||||
|
@ -3398,7 +3398,7 @@ msgstr "Other global settings"
|
|||
msgid "Outdated outposts"
|
||||
msgstr "Outdated outposts"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost"
|
||||
#~ msgstr "Outpost"
|
||||
|
||||
|
@ -3410,11 +3410,11 @@ msgstr "Outpost Deployment Info"
|
|||
msgid "Outpost Integrations"
|
||||
msgstr "Outpost Integrations"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost Service-connection"
|
||||
#~ msgstr "Outpost Service-connection"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost integration"
|
||||
#~ msgstr "Outpost integration"
|
||||
|
||||
|
@ -3494,7 +3494,7 @@ msgstr "Password set"
|
|||
msgid "Password stage"
|
||||
msgstr "Password stage"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Password, 2FA, etc"
|
||||
#~ msgstr "Password, 2FA, etc"
|
||||
|
||||
|
@ -3571,7 +3571,7 @@ msgstr "Policy / User / Group"
|
|||
msgid "Policy Bindings"
|
||||
msgstr "Policy Bindings"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Policy binding"
|
||||
#~ msgstr "Policy binding"
|
||||
|
||||
|
@ -3649,7 +3649,7 @@ msgstr "Private key, acquired from https://www.google.com/recaptcha/intro/v3.htm
|
|||
msgid "Profile URL"
|
||||
msgstr "Profile URL"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Prompt"
|
||||
#~ msgstr "Prompt"
|
||||
|
||||
|
@ -3666,7 +3666,7 @@ msgstr "Prompt(s)"
|
|||
msgid "Prompts"
|
||||
msgstr "Prompts"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Property Mapping"
|
||||
#~ msgstr "Property Mapping"
|
||||
|
||||
|
@ -3726,7 +3726,7 @@ msgstr "Provider"
|
|||
msgid "Provider Type"
|
||||
msgstr "Provider Type"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Provider type"
|
||||
#~ msgstr "Provider type"
|
||||
|
||||
|
@ -3863,7 +3863,7 @@ msgstr "Redirect binding"
|
|||
msgid "Refresh"
|
||||
msgstr "Refresh"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Refresh Code"
|
||||
#~ msgstr "Refresh Code"
|
||||
|
||||
|
@ -3977,7 +3977,7 @@ msgstr "Result"
|
|||
msgid "Retry"
|
||||
msgstr "Retry"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Retry Task"
|
||||
#~ msgstr "Retry Task"
|
||||
|
||||
|
@ -4125,7 +4125,7 @@ msgstr "Secret key"
|
|||
msgid "Secret was rotated"
|
||||
msgstr "Secret was rotated"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Secret was rotation"
|
||||
#~ msgstr "Secret was rotation"
|
||||
|
||||
|
@ -4165,7 +4165,7 @@ msgstr "Select an authentication method."
|
|||
msgid "Select an enrollment flow"
|
||||
msgstr "Select an enrollment flow"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Select an identification method."
|
||||
#~ msgstr "Select an identification method."
|
||||
|
||||
|
@ -4201,7 +4201,7 @@ msgstr "Select which transports should be used to notify the user. If none are s
|
|||
msgid "Selected policies are executed when the stage is submitted to validate the data."
|
||||
msgstr "Selected policies are executed when the stage is submitted to validate the data."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Selecting a service-connection enables the management of the outpost by authentik."
|
||||
#~ msgstr "Selecting a service-connection enables the management of the outpost by authentik."
|
||||
|
||||
|
@ -4250,7 +4250,7 @@ msgstr "Server URI"
|
|||
msgid "Server and client are further than 5 seconds apart."
|
||||
msgstr "Server and client are further than 5 seconds apart."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Server name for which this provider's certificate is valid for."
|
||||
#~ msgstr "Server name for which this provider's certificate is valid for."
|
||||
|
||||
|
@ -4258,7 +4258,7 @@ msgstr "Server and client are further than 5 seconds apart."
|
|||
msgid "Server validation of credential failed: {err}"
|
||||
msgstr "Server validation of credential failed: {err}"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Service Connections"
|
||||
#~ msgstr "Service Connections"
|
||||
|
||||
|
@ -4266,12 +4266,12 @@ msgstr "Server validation of credential failed: {err}"
|
|||
msgid "Service Provider Binding"
|
||||
msgstr "Service Provider Binding"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Service connection"
|
||||
#~ msgstr "Service connection"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Session"
|
||||
#~ msgstr "Session"
|
||||
|
||||
|
@ -4404,7 +4404,7 @@ msgstr "Slug"
|
|||
msgid "Something went wrong! Please try again later."
|
||||
msgstr "Something went wrong! Please try again later."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Source"
|
||||
#~ msgstr "Source"
|
||||
|
||||
|
@ -4412,7 +4412,7 @@ msgstr "Something went wrong! Please try again later."
|
|||
msgid "Source linked"
|
||||
msgstr "Source linked"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Source name"
|
||||
#~ msgstr "Source name"
|
||||
|
||||
|
@ -4429,7 +4429,7 @@ msgstr "Source(s)"
|
|||
msgid "Sources"
|
||||
msgstr "Sources"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
|
||||
#~ msgstr "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
|
||||
|
||||
|
@ -4458,7 +4458,7 @@ msgstr "Stage Bindings"
|
|||
msgid "Stage Configuration"
|
||||
msgstr "Stage Configuration"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Stage binding"
|
||||
#~ msgstr "Stage binding"
|
||||
|
||||
|
@ -4575,17 +4575,17 @@ msgstr "Statically deny the flow. To use this stage effectively, disable *Evalua
|
|||
msgid "Status"
|
||||
msgstr "Status"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Disabled"
|
||||
#~ msgstr "Status: Disabled"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Enabled"
|
||||
#~ msgstr "Status: Enabled"
|
||||
|
||||
|
@ -4697,8 +4697,8 @@ msgstr "Successfully created provider."
|
|||
msgid "Successfully created rule."
|
||||
msgstr "Successfully created rule."
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Successfully created service-connection."
|
||||
#~ msgstr "Successfully created service-connection."
|
||||
|
||||
|
@ -4859,8 +4859,8 @@ msgstr "Successfully updated provider."
|
|||
msgid "Successfully updated rule."
|
||||
msgstr "Successfully updated rule."
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Successfully updated service-connection."
|
||||
#~ msgstr "Successfully updated service-connection."
|
||||
|
||||
|
@ -4940,7 +4940,7 @@ msgstr "Suspicious request"
|
|||
msgid "Symbol charset"
|
||||
msgstr "Symbol charset"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sync"
|
||||
#~ msgstr "Sync"
|
||||
|
||||
|
@ -4948,7 +4948,7 @@ msgstr "Symbol charset"
|
|||
msgid "Sync groups"
|
||||
msgstr "Sync groups"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sync parent group"
|
||||
#~ msgstr "Sync parent group"
|
||||
|
||||
|
@ -4993,7 +4993,7 @@ msgstr "System task execution"
|
|||
msgid "TLS Authentication Certificate/SSH Keypair"
|
||||
msgstr "TLS Authentication Certificate/SSH Keypair"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "TLS Server name"
|
||||
#~ msgstr "TLS Server name"
|
||||
|
||||
|
@ -5098,7 +5098,7 @@ msgstr "The external URL you'll access the application at. Include any non-stand
|
|||
msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
|
||||
msgstr "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "The following objects use {0}:"
|
||||
#~ msgstr "The following objects use {0}:"
|
||||
|
||||
|
@ -5212,7 +5212,7 @@ msgstr "Time in minutes the token sent is valid."
|
|||
msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
|
||||
msgstr "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Time-based One-Time Passwords"
|
||||
#~ msgstr "Time-based One-Time Passwords"
|
||||
|
||||
|
@ -5251,8 +5251,8 @@ msgstr "To let a user directly reset a their password, configure a recovery flow
|
|||
msgid "To use SSL instead, use 'ldaps://' and disable this option."
|
||||
msgstr "To use SSL instead, use 'ldaps://' and disable this option."
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Token"
|
||||
#~ msgstr "Token"
|
||||
|
||||
|
@ -5451,7 +5451,7 @@ msgstr "Unique identifier the token is referenced by."
|
|||
msgid "Unknown"
|
||||
msgstr "Unknown"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Unmanaged"
|
||||
#~ msgstr "Unmanaged"
|
||||
|
||||
|
@ -5673,8 +5673,8 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr "Use the username and password below to authenticate. The password can be retrieved later on the Tokens page."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
|
||||
|
@ -5714,8 +5714,8 @@ msgstr "User Property Mappings"
|
|||
#~ msgid "User Reputation"
|
||||
#~ msgstr "User Reputation"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "User Settings"
|
||||
#~ msgstr "User Settings"
|
||||
|
||||
|
@ -5984,7 +5984,7 @@ msgstr "Web Certificate"
|
|||
msgid "WebAuthn Authenticators"
|
||||
msgstr "WebAuthn Authenticators"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "WebAuthn Devices"
|
||||
#~ msgstr "WebAuthn Devices"
|
||||
|
||||
|
@ -6126,11 +6126,11 @@ msgstr "You're currently impersonating {0}. Click to stop."
|
|||
msgid "app1 running on app1.example.com"
|
||||
msgstr "app1 running on app1.example.com"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "authentik Builtin Database"
|
||||
#~ msgstr "authentik Builtin Database"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "authentik LDAP Backend"
|
||||
#~ msgstr "authentik LDAP Backend"
|
||||
|
||||
|
|
|
@ -5556,8 +5556,8 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr "Use el nombre de usuario y la contraseña a continuación para autenticarse. La contraseña se puede recuperar más adelante en la página Tokens."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Cada aplicación/dominio necesita su propio proveedor. Además, en cada dominio, /akprox debe enrutarse al puesto avanzado (cuando se usa un puesto avanzado administrado, esto se hace por usted)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Cada aplicación/dominio necesita su propio proveedor. Además, en cada dominio, /outpost.goauthentik.io debe enrutarse al puesto avanzado (cuando se usa un puesto avanzado administrado, esto se hace por usted)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
|
||||
|
|
|
@ -19,7 +19,7 @@ msgstr ""
|
|||
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
|
||||
"X-Generator: @lingui/cli\n"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "#/identity/users/{0}"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -466,7 +466,7 @@ msgstr "Attributs"
|
|||
msgid "Audience"
|
||||
msgstr "Audience"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Auth Type"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -818,7 +818,7 @@ msgstr ""
|
|||
msgid "Check the logs"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Check your Emails for a password reset link."
|
||||
#~ msgstr "Vérifiez vos courriels pour un lien de récupération de mot de passe."
|
||||
|
||||
|
@ -953,7 +953,7 @@ msgstr "Flux de configuration"
|
|||
msgid "Configuration stage"
|
||||
msgstr "Étape de configuration"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure WebAuthn"
|
||||
#~ msgstr "Configurer WebAuthn"
|
||||
|
||||
|
@ -1109,7 +1109,7 @@ msgstr "Domaine des cookies"
|
|||
msgid "Copy"
|
||||
msgstr "Copier"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Copy Key"
|
||||
#~ msgstr "Copier la clé"
|
||||
|
||||
|
@ -1292,7 +1292,7 @@ msgstr "Créer {0}"
|
|||
msgid "Created by"
|
||||
msgstr "Créé par"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Created {0}"
|
||||
#~ msgstr "Créé {0}"
|
||||
|
||||
|
@ -1302,7 +1302,7 @@ msgstr "Créé par"
|
|||
msgid "Creation Date"
|
||||
msgstr "Date de création"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Current plan cntext"
|
||||
#~ msgstr "Contexte du plan courant"
|
||||
|
||||
|
@ -1487,7 +1487,7 @@ msgstr "Classes d'équipement"
|
|||
msgid "Device classes which can be used to authenticate."
|
||||
msgstr "Classe d'équipement qui peut être utilisé pour s'authentifier"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Device name"
|
||||
#~ msgstr "Nom de l'équipement"
|
||||
|
||||
|
@ -1519,19 +1519,19 @@ msgstr ""
|
|||
#~ msgid "Disable"
|
||||
#~ msgstr "Désactiver"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Duo authenticator"
|
||||
#~ msgstr "Désactiver l'authentificateur Duo"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable SMS authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Static Tokens"
|
||||
#~ msgstr "Désactiver les jetons statiques"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Time-based OTP"
|
||||
#~ msgstr "Désactiver les OTP basés sur le temps"
|
||||
|
||||
|
@ -1581,7 +1581,7 @@ msgstr "En raison des limitations de protocole, ce certificat n'est utilisé que
|
|||
msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
|
||||
msgstr "Étape factice utilisée pour les tests. Montre un simple bouton continuer et réussit toujours."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Duo"
|
||||
#~ msgstr "Duo"
|
||||
|
||||
|
@ -1694,11 +1694,11 @@ msgstr "L'avant poste intégré n'est pas configuré correctement"
|
|||
#~ msgid "Enable"
|
||||
#~ msgstr "Activer"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Duo authenticator"
|
||||
#~ msgstr "Activer l'authentificateur Duo"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable SMS authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1706,11 +1706,11 @@ msgstr "L'avant poste intégré n'est pas configuré correctement"
|
|||
msgid "Enable StartTLS"
|
||||
msgstr "Activer StartTLS"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Static Tokens"
|
||||
#~ msgstr "Activer les jetons statiques"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable TOTP"
|
||||
#~ msgstr "Activer TOTP"
|
||||
|
||||
|
@ -1774,7 +1774,7 @@ msgstr "Erreur lors de la validation de l'assertion sur le serveur : {err}"
|
|||
msgid "Error: unsupported source settings: {0}"
|
||||
msgstr "Erreur : paramètres source non supportés : {0}"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Error: unsupported stage settings: {0}"
|
||||
#~ msgstr "Erreur : paramètres d'étape non supporté : {0}"
|
||||
|
||||
|
@ -1820,7 +1820,7 @@ msgstr "Tout va bien."
|
|||
msgid "Exception"
|
||||
msgstr "Exception"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute"
|
||||
#~ msgstr "Exécuter"
|
||||
|
||||
|
@ -1828,7 +1828,7 @@ msgstr "Exception"
|
|||
msgid "Execute flow"
|
||||
msgstr "Exécuter le flux"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute with inspector"
|
||||
#~ msgstr "Exécuter avec inspection"
|
||||
|
||||
|
@ -3467,7 +3467,7 @@ msgstr "Mot de passe défini"
|
|||
msgid "Password stage"
|
||||
msgstr "Étape de mot de passe"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Password, 2FA, etc"
|
||||
#~ msgstr "Mot de passe, 2FA, etc"
|
||||
|
||||
|
@ -4096,7 +4096,7 @@ msgstr "Clé secrète"
|
|||
msgid "Secret was rotated"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Secret was rotation"
|
||||
#~ msgstr "Rotation du secret effectuée"
|
||||
|
||||
|
@ -4375,7 +4375,7 @@ msgstr "Une erreur s'est produite ! Veuillez réessayer plus tard."
|
|||
msgid "Source linked"
|
||||
msgstr "Source liée"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Source name"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4536,17 +4536,17 @@ msgstr "Refuser statiquement le flux. Pour utiliser cette étape efficacement, d
|
|||
msgid "Status"
|
||||
msgstr "Statut"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Disabled"
|
||||
#~ msgstr "Statut : Désactivé"
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Enabled"
|
||||
#~ msgstr "Statut : Activé"
|
||||
|
||||
|
@ -4897,7 +4897,7 @@ msgstr "Requête suspecte"
|
|||
msgid "Symbol charset"
|
||||
msgstr "Set de symboles"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sync"
|
||||
#~ msgstr "Synchroniser"
|
||||
|
||||
|
@ -5156,7 +5156,7 @@ msgstr "Temps en minutes durant lequel le jeton envoyé est valide."
|
|||
msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
|
||||
msgstr "Délai de suppression des utilisateurs temporaires. Ceci s'applique uniquement si votre fournisseur d'identité utilise le format NameID transitoire ('transient') et que l'utilisateur ne se déconnecte pas manuellement. (Format : heures=1;minutes=2;secondes=3)."
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Time-based One-Time Passwords"
|
||||
#~ msgstr "Mots de passe unique basés sur le temps"
|
||||
|
||||
|
@ -5614,8 +5614,8 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr "Utilisez le nom d'utilisateur et le mot de passe ci-dessous pour vous authentifier. Le mot de passe peut être récupéré plus tard sur la page Jetons."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, /akprox doit être routé vers l'avant-poste (si vous utilisez un avant-poste géré, cela est fait pour vous)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, /outpost.goauthentik.io doit être routé vers l'avant-poste (si vous utilisez un avant-poste géré, cela est fait pour vous)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
|
||||
|
@ -5923,7 +5923,7 @@ msgstr ""
|
|||
msgid "WebAuthn Authenticators"
|
||||
msgstr "Authentificateurs WebAuthn"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "WebAuthn Devices"
|
||||
#~ msgstr "Équipements WebAuthn"
|
||||
|
||||
|
|
|
@ -5556,8 +5556,8 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr "Użyj poniższej nazwy użytkownika i hasła do uwierzytelnienia. Hasło można później odzyskać na stronie Tokeny."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie /akprox musi być przekierowany do placówki (w przypadku korzystania z zarządzanej placówki jest to zrobione za Ciebie)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie /outpost.goauthentik.io musi być przekierowany do placówki (w przypadku korzystania z zarządzanej placówki jest to zrobione za Ciebie)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
#
|
||||
# Translators:
|
||||
# Darek NeroPcStation <dareknowacki2001@gmail.com>, 2022
|
||||
#
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: \n"
|
||||
|
@ -6020,12 +6020,12 @@ msgstr ""
|
|||
msgid ""
|
||||
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
|
||||
"application/domain needs its own provider. Additionally, on each domain, "
|
||||
"/akprox must be routed to the outpost (when using a manged outpost, this is "
|
||||
"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
|
||||
"done for you)."
|
||||
msgstr ""
|
||||
"Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda "
|
||||
"aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie "
|
||||
"/akprox musi być przekierowany do placówki (w przypadku korzystania z "
|
||||
"/outpost.goauthentik.io musi być przekierowany do placówki (w przypadku korzystania z "
|
||||
"zarządzanej placówki jest to zrobione za Ciebie)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
|
|
@ -13,7 +13,7 @@ msgstr ""
|
|||
"Language-Team: \n"
|
||||
"Plural-Forms: \n"
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "#/identity/users/{0}"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -141,7 +141,7 @@ msgstr ""
|
|||
msgid "Access Key"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Access code validity"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -457,7 +457,7 @@ msgstr ""
|
|||
msgid "Audience"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Auth Type"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -500,7 +500,7 @@ msgstr ""
|
|||
msgid "Authorization"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Authorization Code"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -652,7 +652,7 @@ msgstr ""
|
|||
msgid "Build hash:"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Build hash: {0}"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -729,7 +729,7 @@ msgstr ""
|
|||
msgid "Certificate used to sign outgoing Responses going to the Service Provider."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Certificate-Key Pair"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -812,7 +812,7 @@ msgstr ""
|
|||
msgid "Check the logs"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Check your Emails for a password reset link."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -945,11 +945,11 @@ msgstr ""
|
|||
msgid "Configuration stage"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure WebAuthn"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure how long access codes are valid for."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -981,8 +981,8 @@ msgstr ""
|
|||
msgid "Configure how the outpost queries the core authentik server's users."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Configure settings relevant to your user profile."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1104,7 +1104,7 @@ msgstr ""
|
|||
msgid "Copy"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Copy Key"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1287,7 +1287,7 @@ msgstr ""
|
|||
msgid "Created by"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Created {0}"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1297,7 +1297,7 @@ msgstr ""
|
|||
msgid "Creation Date"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Current plan cntext"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1392,24 +1392,24 @@ msgstr ""
|
|||
msgid "Delete"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Authorization Code"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Binding"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Consent"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Refresh Code"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Delete Session"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1488,7 +1488,7 @@ msgstr ""
|
|||
msgid "Device classes which can be used to authenticate."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Device name"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1517,24 +1517,24 @@ msgstr ""
|
|||
msgid "Directory"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Duo authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable SMS authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Static Tokens"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Disable Time-based OTP"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1584,7 +1584,7 @@ msgstr ""
|
|||
msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Duo"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1694,16 +1694,16 @@ msgstr ""
|
|||
msgid "Embedded outpost is not configured correctly."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Duo authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable SMS authenticator"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1711,11 +1711,11 @@ msgstr ""
|
|||
msgid "Enable StartTLS"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable Static Tokens"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Enable TOTP"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1779,7 +1779,7 @@ msgstr ""
|
|||
msgid "Error: unsupported source settings: {0}"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Error: unsupported stage settings: {0}"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1825,7 +1825,7 @@ msgstr ""
|
|||
msgid "Exception"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -1833,7 +1833,7 @@ msgstr ""
|
|||
msgid "Execute flow"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Execute with inspector"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2005,7 +2005,7 @@ msgstr ""
|
|||
msgid "Field which contains a unique Identifier."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Field which contains members of a group."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2202,7 +2202,7 @@ msgstr ""
|
|||
msgid "Get this value from https://console.twilio.com"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Go to admin interface"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2214,7 +2214,7 @@ msgstr ""
|
|||
msgid "Go to previous page"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Go to user interface"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2516,7 +2516,7 @@ msgstr ""
|
|||
msgid "Invalidation flow"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Invitation"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2638,7 +2638,7 @@ msgstr ""
|
|||
msgid "Let the user identify themselves with their username or Email address."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Library"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -2942,7 +2942,7 @@ msgstr ""
|
|||
msgid "Model updated"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Monitor"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3231,7 +3231,7 @@ msgstr ""
|
|||
msgid "Notification Transports"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Notification rule"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3251,7 +3251,7 @@ msgstr ""
|
|||
msgid "Notifications"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Notifications Transport"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3314,7 +3314,7 @@ msgstr ""
|
|||
msgid "Open API Browser"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Open application"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3388,7 +3388,7 @@ msgstr ""
|
|||
msgid "Outdated outposts"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3400,11 +3400,11 @@ msgstr ""
|
|||
msgid "Outpost Integrations"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost Service-connection"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Outpost integration"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3484,7 +3484,7 @@ msgstr ""
|
|||
msgid "Password stage"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Password, 2FA, etc"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3561,7 +3561,7 @@ msgstr ""
|
|||
msgid "Policy Bindings"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Policy binding"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3639,7 +3639,7 @@ msgstr ""
|
|||
msgid "Profile URL"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Prompt"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3656,7 +3656,7 @@ msgstr ""
|
|||
msgid "Prompts"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Property Mapping"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3716,7 +3716,7 @@ msgstr ""
|
|||
msgid "Provider Type"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Provider type"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3853,7 +3853,7 @@ msgstr ""
|
|||
msgid "Refresh"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Refresh Code"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -3967,7 +3967,7 @@ msgstr ""
|
|||
msgid "Retry"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Retry Task"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4115,7 +4115,7 @@ msgstr ""
|
|||
msgid "Secret was rotated"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Secret was rotation"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4155,7 +4155,7 @@ msgstr ""
|
|||
msgid "Select an enrollment flow"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Select an identification method."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4191,7 +4191,7 @@ msgstr ""
|
|||
msgid "Selected policies are executed when the stage is submitted to validate the data."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Selecting a service-connection enables the management of the outpost by authentik."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4240,7 +4240,7 @@ msgstr ""
|
|||
msgid "Server and client are further than 5 seconds apart."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Server name for which this provider's certificate is valid for."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4248,7 +4248,7 @@ msgstr ""
|
|||
msgid "Server validation of credential failed: {err}"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Service Connections"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4256,12 +4256,12 @@ msgstr ""
|
|||
msgid "Service Provider Binding"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Service connection"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Session"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4394,7 +4394,7 @@ msgstr ""
|
|||
msgid "Something went wrong! Please try again later."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Source"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4402,7 +4402,7 @@ msgstr ""
|
|||
msgid "Source linked"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Source name"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4419,7 +4419,7 @@ msgstr ""
|
|||
msgid "Sources"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4448,7 +4448,7 @@ msgstr ""
|
|||
msgid "Stage Configuration"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Stage binding"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4565,17 +4565,17 @@ msgstr ""
|
|||
msgid "Status"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Disabled"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Status: Enabled"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4687,8 +4687,8 @@ msgstr ""
|
|||
msgid "Successfully created rule."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Successfully created service-connection."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4849,8 +4849,8 @@ msgstr ""
|
|||
msgid "Successfully updated rule."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Successfully updated service-connection."
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4930,7 +4930,7 @@ msgstr ""
|
|||
msgid "Symbol charset"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sync"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4938,7 +4938,7 @@ msgstr ""
|
|||
msgid "Sync groups"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Sync parent group"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -4983,7 +4983,7 @@ msgstr ""
|
|||
msgid "TLS Authentication Certificate/SSH Keypair"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "TLS Server name"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5088,7 +5088,7 @@ msgstr ""
|
|||
msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "The following objects use {0}:"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5192,7 +5192,7 @@ msgstr ""
|
|||
msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Time-based One-Time Passwords"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5231,8 +5231,8 @@ msgstr ""
|
|||
msgid "To use SSL instead, use 'ldaps://' and disable this option."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Token"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5431,7 +5431,7 @@ msgstr ""
|
|||
msgid "Unknown"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "Unmanaged"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5653,7 +5653,7 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr ""
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -5694,8 +5694,8 @@ msgstr ""
|
|||
#~ msgid "User Reputation"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
#~ msgid "User Settings"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -5964,7 +5964,7 @@ msgstr ""
|
|||
msgid "WebAuthn Authenticators"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "WebAuthn Devices"
|
||||
#~ msgstr ""
|
||||
|
||||
|
@ -6104,11 +6104,11 @@ msgstr ""
|
|||
msgid "app1 running on app1.example.com"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "authentik Builtin Database"
|
||||
#~ msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#~ msgid "authentik LDAP Backend"
|
||||
#~ msgstr ""
|
||||
|
||||
|
|
|
@ -5558,8 +5558,8 @@ msgid "Use the username and password below to authenticate. The password can be
|
|||
msgstr "Kimlik doğrulaması için aşağıdaki kullanıcı adı ve parolayı kullanın. Parola daha sonra Belirteçler sayfasından alınabilir."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Bu sağlayıcıyı nginx'in auth_request veya traefik's forwardAuth ile kullanın. Her uygulama/etki alanının kendi sağlayıcısına ihtiyacı vardır. Ayrıca, her etki alanında /akprox üsse yönlendirilmelidir (manged bir üs kullanırken, bu sizin için yapılır)."
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
|
||||
msgstr "Bu sağlayıcıyı nginx'in auth_request veya traefik's forwardAuth ile kullanın. Her uygulama/etki alanının kendi sağlayıcısına ihtiyacı vardır. Ayrıca, her etki alanında /outpost.goauthentik.io üsse yönlendirilmelidir (manged bir üs kullanırken, bu sizin için yapılır)."
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
#
|
||||
#
|
||||
# Translators:
|
||||
# Chen Zhikai, 2022
|
||||
# 刘松, 2022
|
||||
#
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: \n"
|
||||
|
@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
|
|||
msgid ""
|
||||
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
|
||||
"application/domain needs its own provider. Additionally, on each domain, "
|
||||
"/akprox must be routed to the outpost (when using a manged outpost, this is "
|
||||
"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
|
||||
"done for you)."
|
||||
msgstr ""
|
||||
"将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/akprox必须路由到 Outpost(使用托管 Outpost "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/outpost.goauthentik.io必须路由到 Outpost(使用托管 Outpost "
|
||||
"时,这是为您完成的)。"
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
#
|
||||
#
|
||||
# Translators:
|
||||
# Chen Zhikai, 2022
|
||||
# 刘松, 2022
|
||||
#
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: \n"
|
||||
|
@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
|
|||
msgid ""
|
||||
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
|
||||
"application/domain needs its own provider. Additionally, on each domain, "
|
||||
"/akprox must be routed to the outpost (when using a manged outpost, this is "
|
||||
"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
|
||||
"done for you)."
|
||||
msgstr ""
|
||||
"将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/akprox必须路由到 Outpost(使用托管 Outpost "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/outpost.goauthentik.io必须路由到 Outpost(使用托管 Outpost "
|
||||
"时,这是为您完成的)。"
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
#
|
||||
#
|
||||
# Translators:
|
||||
# Chen Zhikai, 2022
|
||||
# 刘松, 2022
|
||||
#
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: \n"
|
||||
|
@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
|
|||
msgid ""
|
||||
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
|
||||
"application/domain needs its own provider. Additionally, on each domain, "
|
||||
"/akprox must be routed to the outpost (when using a manged outpost, this is "
|
||||
"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
|
||||
"done for you)."
|
||||
msgstr ""
|
||||
"将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/akprox必须路由到 Outpost(使用托管 Outpost "
|
||||
"一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/outpost.goauthentik.io必须路由到 Outpost(使用托管 Outpost "
|
||||
"时,这是为您完成的)。"
|
||||
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
|
|
@ -214,7 +214,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
|
|||
</ak-form-element-horizontal>`;
|
||||
case ProxyMode.ForwardSingle:
|
||||
return html`<p class="pf-u-mb-xl">
|
||||
${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you).`}
|
||||
${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).`}
|
||||
</p>
|
||||
<ak-form-element-horizontal
|
||||
label=${t`External host`}
|
||||
|
|
|
@ -26,7 +26,7 @@ Make sure to set it to full URL, only configuring a hostname or FQDN will not wo
|
|||
Routing is handled like this:
|
||||
|
||||
1. Paths starting with `/static`, `/media` and `/help` return packaged CSS/JS files, and user-uploaded media files.
|
||||
2. Paths starting with `/akprox` are sent to the embedded outpost.
|
||||
2. Paths starting with `/outpost.goauthentik.io` are sent to the embedded outpost.
|
||||
3. Any hosts configured in the providers assigned to the embedded outpost are sent to the outpost.
|
||||
4. Everything remaining is sent to the authentik backend server.
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ The container is created with the following hardcoded properties:
|
|||
- `traefik.http.routers.ak-outpost-<outpost-name>-router.rule`: `Host(...)`
|
||||
- `traefik.http.routers.ak-outpost-<outpost-name>-router.service`: `ak-outpost-<outpost-name>-service`
|
||||
- `traefik.http.routers.ak-outpost-<outpost-name>-router.tls`: "true"
|
||||
- `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.path`: "/akprox/ping"
|
||||
- `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.path`: "/outpost.goauthentik.io/ping"
|
||||
- `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.port`: "9300"
|
||||
- `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.server.port`: "9000"
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ spec:
|
|||
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
|
||||
serviceName: ak-outpost-example-outpost
|
||||
servicePort: 9000
|
||||
path: /akprox
|
||||
path: /outpost.goauthentik.io
|
||||
```
|
||||
|
||||
This ingress handles authentication requests, and the sign-in flow.
|
||||
|
@ -26,9 +26,9 @@ Add these annotations to the ingress you want to protect
|
|||
metadata:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: |
|
||||
https://outpost.company/akprox/auth/nginx
|
||||
https://outpost.company/outpost.goauthentik.io/auth/nginx
|
||||
nginx.ingress.kubernetes.io/auth-signin: |
|
||||
https://outpost.company/akprox/start?rd=$escaped_request_uri
|
||||
https://outpost.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: |
|
||||
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
|
||||
nginx.ingress.kubernetes.io/auth-snippet: |
|
||||
|
|
|
@ -12,8 +12,8 @@ location / {
|
|||
proxy_pass $forward_scheme://$server:$port;
|
||||
|
||||
# authentik-specific config
|
||||
auth_request /akprox/auth/nginx;
|
||||
error_page 401 = @akprox_signin;
|
||||
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||
error_page 401 = @goauthentik_proxy_signin;
|
||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
|
||||
|
@ -31,9 +31,9 @@ location / {
|
|||
proxy_set_header X-authentik-uid $authentik_uid;
|
||||
}
|
||||
|
||||
# all requests to /akprox must be accessible without authentication
|
||||
location /akprox {
|
||||
proxy_pass http://outpost.company:9000/akprox;
|
||||
# all requests to /outpost.goauthentik.io must be accessible without authentication
|
||||
location /outpost.goauthentik.io {
|
||||
proxy_pass http://outpost.company:9000/outpost.goauthentik.io;
|
||||
# ensure the host of this vserver matches your external URL you've configured
|
||||
# in authentik
|
||||
proxy_set_header Host $host;
|
||||
|
@ -44,9 +44,9 @@ location /akprox {
|
|||
|
||||
# Special location for when the /auth endpoint returns a 401,
|
||||
# redirect to the /start URL which initiates SSO
|
||||
location @akprox_signin {
|
||||
location @goauthentik_proxy_signin {
|
||||
internal;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
return 302 /akprox/start?rd=$request_uri;
|
||||
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
|
||||
}
|
||||
```
|
||||
|
|
|
@ -19,10 +19,10 @@ server {
|
|||
# proxy_pass http://localhost:5000;
|
||||
|
||||
# authentik-specific config
|
||||
auth_request /akprox/auth/nginx;
|
||||
error_page 401 = @akprox_signin;
|
||||
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||
error_page 401 = @goauthentik_proxy_signin;
|
||||
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
|
||||
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
|
||||
# error_page 401 =302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
|
||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
|
||||
|
@ -40,9 +40,9 @@ server {
|
|||
proxy_set_header X-authentik-uid $authentik_uid;
|
||||
}
|
||||
|
||||
# all requests to /akprox must be accessible without authentication
|
||||
location /akprox {
|
||||
proxy_pass http://outpost.company:9000/akprox;
|
||||
# all requests to /outpost.goauthentik.io must be accessible without authentication
|
||||
location /outpost.goauthentik.io {
|
||||
proxy_pass http://outpost.company:9000/outpost.goauthentik.io;
|
||||
# ensure the host of this vserver matches your external URL you've configured
|
||||
# in authentik
|
||||
proxy_set_header Host $host;
|
||||
|
@ -53,10 +53,10 @@ server {
|
|||
|
||||
# Special location for when the /auth endpoint returns a 401,
|
||||
# redirect to the /start URL which initiates SSO
|
||||
location @akprox_signin {
|
||||
location @goauthentik_proxy_signin {
|
||||
internal;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
return 302 /akprox/start?rd=$request_uri;
|
||||
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
|
|
@ -30,9 +30,9 @@ services:
|
|||
labels:
|
||||
traefik.enable: true
|
||||
traefik.port: 9000
|
||||
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/akprox/`)
|
||||
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||
# `authentik-proxy` refers to the service name in the compose file.
|
||||
traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/akprox/auth/traefik
|
||||
traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
|
||||
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
|
||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
|
||||
restart: unless-stopped
|
||||
|
|
|
@ -7,7 +7,7 @@ metadata:
|
|||
name: authentik
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: http://outpost.company:9000/akprox/auth/traefik
|
||||
address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
|
@ -41,7 +41,7 @@ spec:
|
|||
services: # Unchanged
|
||||
# This part is only required for single-app setups
|
||||
- kind: Rule
|
||||
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
|
||||
match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||
priority: 15
|
||||
services:
|
||||
- kind: Service
|
||||
|
|
|
@ -3,7 +3,7 @@ http:
|
|||
middlewares:
|
||||
authentik:
|
||||
forwardAuth:
|
||||
address: http://outpost.company:9000/akprox/auth/traefik
|
||||
address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
|
@ -25,7 +25,7 @@ http:
|
|||
priority: 10
|
||||
services: # Unchanged
|
||||
default-router-auth:
|
||||
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
|
||||
match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||
priority: 15
|
||||
services: http://outpost.company:9000/akprox
|
||||
services: http://outpost.company:9000/outpost.goauthentik.io
|
||||
```
|
||||
|
|
|
@ -27,7 +27,7 @@ applications to different users.
|
|||
|
||||
The only configuration difference between single application and domain level is the host you specify.
|
||||
|
||||
For single application, you'd use the domain which the application is running on, and only /akprox
|
||||
For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
|
||||
is redirected to the outpost.
|
||||
|
||||
For domain level, you'd use the same domain as authentik.
|
||||
|
|
|
@ -58,11 +58,11 @@ If your upstream host is HTTPS, and you're not using forward auth, you need to a
|
|||
|
||||
Login is done automatically when you visit the domain without a valid cookie.
|
||||
|
||||
When using single-application mode, navigate to `app.domain.tld/akprox/sign_out`.
|
||||
When using single-application mode, navigate to `app.domain.tld/outpost.goauthentik.io/sign_out`.
|
||||
|
||||
When using domain-level mode, navigate to `auth.domain.tld/akprox/sign_out`, where auth.domain.tld is the external host configured for the provider.
|
||||
When using domain-level mode, navigate to `auth.domain.tld/outpost.goauthentik.io/sign_out`, where auth.domain.tld is the external host configured for the provider.
|
||||
|
||||
To log out, navigate to `/akprox/sign_out`.
|
||||
To log out, navigate to `/outpost.goauthentik.io/sign_out`.
|
||||
|
||||
## Allowing unauthenticated requests
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ slug: "2021.8"
|
|||
To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup.
|
||||
|
||||
You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server.
|
||||
Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/akprox` is sent to the outpost too. The rest is sent to authentik itself.
|
||||
Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/outpost.goauthentik.io` is sent to the outpost too. The rest is sent to authentik itself.
|
||||
|
||||
- App passwords
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ This release mostly removes legacy fields and features that have been deprecated
|
|||
- internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
|
||||
- internal: use math.MaxInt for compatibility
|
||||
- lifecycle: add early check for missing/invalid secret key
|
||||
- outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
|
||||
- outposts/proxyv2: allow access to /outpost.goauthentik.io urls in forward auth mode to make routing in nginx/traefik easier
|
||||
- outposts/proxyv2: fix before-redirect url not being saved in proxy mode
|
||||
- outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
|
||||
- providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
|
||||
|
@ -60,7 +60,7 @@ This release mostly removes legacy fields and features that have been deprecated
|
|||
|
||||
## Fixed in 2022.1.2
|
||||
|
||||
- internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
|
||||
- internal/proxyv2: only allow access to /outpost.goauthentik.io in nginx mode when forward url could be extracted
|
||||
- lib: disable backup by default, add note to configuration
|
||||
- lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
|
||||
- outposts: allow custom label for docker containers
|
||||
|
|
Reference in a new issue