trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: prepare 2023.4 release notes (#5223) 

* website/docs: prepare 2023.4 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update website/docs/releases/2023/v2023.4.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add new release to sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L 2023-04-13 14:11:46 +02:00 committed by GitHub
parent f84a10b59b
commit 67644ace87
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 76 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -65,6 +65,7 @@ gen-build:
gen-changelog: gen-changelog:
git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md
npx prettier --write changelog.md
gen-diff: gen-diff:
git show $(shell git describe --tags $(shell git rev-list --tags --max-count=1)):schema.yml > old_schema.yml git show $(shell git describe --tags $(shell git rev-list --tags --max-count=1)):schema.yml > old_schema.yml
@ -75,6 +76,7 @@ gen-diff:
--markdown /local/diff.md \ --markdown /local/diff.md \
/local/old_schema.yml /local/schema.yml /local/old_schema.yml /local/schema.yml
rm old_schema.yml rm old_schema.yml
npx prettier --write diff.md
gen-clean: gen-clean:
rm -rf web/api/src/ rm -rf web/api/src/

24
website/docs/providers/radius.md → website/docs/providers/radius/index.md
View File

@ -9,18 +9,20 @@ This feature is still in technical preview, so please report any Bugs you run in
You can configure a Radius Provider for applications that don't support any other protocols or require Radius. You can configure a Radius Provider for applications that don't support any other protocols or require Radius.
:::info :::info
Note: This provider requires the deployment of the [Radius Outpost](../outposts/) This provider requires the deployment of the [RADIUS Outpost](../../outposts/)
::: :::
Currently, only authentication requests are supported. Currently, only authentication requests are supported.
### Authentication flow
Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.
The following stages are supported: The following stages are supported:
- [Identification](../flow/stages/identification/index.md) - [Identification](../../flow/stages/identification/index.md)
- [Password](../flow/stages/password/index.md) - [Password](../../flow/stages/password/index.md)
- [Authenticator validation](../flow/stages/authenticator_validate/index.md) - [Authenticator validation](../../flow/stages/authenticator_validate/index.md)
Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
@ -28,6 +30,14 @@ The following stages are supported:
SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind. SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
- [User Logout](../flow/stages/user_logout.md) - [User Logout](../../flow/stages/user_logout.md)
- [User Login](../flow/stages/user_login/index.md) - [User Login](../../flow/stages/user_login/index.md)
- [Deny](../flow/stages/deny.md) - [Deny](../../flow/stages/deny.md)
### Limitations
The RADIUS provider only supports the clear-text protocol:
![](./protocols.png)
This does not mean that passwords are stored in cleartext, they are hashed and salted in authentik. However as all protocols besides Clear-text, EAP-MD5 and EAP-PWD require the password to be stored in the database in clear text, they are not supported.

BIN
website/docs/providers/radius/protocols.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

2
website/docs/providers/saml.md → website/docs/providers/saml/index.md
View File

@ -2,7 +2,7 @@
title: SAML Provider title: SAML Provider
--- ---
This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default". Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default".
| Endpoint | URL | | Endpoint | URL |

2
website/docs/releases/2023/v2023.3.md
View File

@ -13,7 +13,7 @@ slug: "/releases/2023.3"
authentik can now provision users into other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background. authentik can now provision users into other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background.
Documentation: https://goauthentik.io/docs/providers/scim/ Documentation: [SCIM Provider](../../../docs/providers/scim/)
- Theming improvements - Theming improvements

54
website/docs/releases/2023/v2023.4.md
View File

@ -1,10 +1,38 @@
--- ---
title: Release 2023.4 title: Release 2023.4 - RADIUS support
slug: "/releases/2023.4" slug: "/releases/2023.4"
--- ---
## New features ## New features
- RADIUS support
:::info
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
authentik now supports the [RADIUS protocol](https://en.wikipedia.org/wiki/RADIUS) for authentication, allowing for the integration of a wider variety of systems such as VPN software, network switches/routers, and others.
The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../../docs/providers/ldap).
Documentation: [RADIUS Provider](../../../docs/providers/radius/)
- Decreased CPU usage for workers
Previously, authentik used a method to ensure that the worker containers are running correctly called "pinging", which would send a request to the worker and ensure it was processed correctly. This however used a lot of resources every time the health check ran. We've switched to a simpler method, one that will reduce CPU and memory usage (only affects Docker-Compose).
- Configurable authentication flow for providers
It is now possible to configure the authentication flow per provider. This configured flow will be used when an un-authenticated user tries to access the application the provider is used with. If no flow is set on a provider, the default authentication flow configured on the tenant will be used.
- "Stay logged in" prompt
In the [User login stage](../../../docs/flow/stages/user_login/), an admin can use the new "Stay Logged In" option to add additional minutes or hours to the defined `session duration` value. When this "Stay Logged In" offset time is configured, the user logging in is presented with a prompt asking if they want to extend their session.
- Prompt preview
When creating a single prompt for use with a [Prompt stage](../../../docs/flow/stages/prompt/), a live preview of the prompt is now shown. This makes it easier to test how a prompt will behave, and also shows what data it will send, and how it will be available in the flow context.
## Upgrading ## Upgrading
This release does not introduce any new requirements. This release does not introduce any new requirements.
@ -28,22 +56,42 @@ image:
- \*: load websocket paths similarly to URLs (#5018) - \*: load websocket paths similarly to URLs (#5018)
- blueprints: allow setting of token key in blueprint context (#4995) - blueprints: allow setting of token key in blueprint context (#4995)
- core: Add unique constraint to user UUID (#5004) - core: Add unique constraint to user UUID (#5004)
- providers: Add ability to choose a default authentication flow (#5070) - core: extend Postgres configuration (#5138)
- core: fix app launch URL flow selection (#5113)
- lifecycle: also migrate before starting worker, trap exit to cleanup mode (#5123)
- lifecycle: don't use celery ping for worker healthcheck (#5153)
- outposts: run containers as non root (#5212)
- outposts: set Kubernetes deployment security context (#5163)
- policies: provider raw result for better policy reusability (#5189)
- providers/ldap: fix duplicate attributes (#4972) - providers/ldap: fix duplicate attributes (#4972)
- providers/oauth2: fix response for response_type code and response_mode fragment (#4975) - providers/oauth2: fix response for response_type code and response_mode fragment (#4975)
- providers/proxy: rework endpoints logic (#4993) - providers/proxy: rework endpoints logic (#4993)
- providers/radius: simple radius outpost (#1796) - providers/radius: simple RADIUS outpost (#1796)
- providers/scim: add missing default fields (#5108)
- providers/scim: fix error when user-group m2m is updated forward (#5082)
- providers: Add ability to choose a default authentication flow (#5070)
- stages/authenticator_validate: fix stage not working without pending user (#5096)
- stages/identification: revert is_active check (#5183)
- stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822) - stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822)
- stages/prompt: Fix dropdown invalid choice (#5046)
- stages/user_login: stay logged in (#4958) - stages/user_login: stay logged in (#4958)
- stages/user_write: improve error handling (#5136)
- stages: Add ability to set user friendly names for MFA stages (#5005)
- web/admin: fix error adding users to groups (#5016) - web/admin: fix error adding users to groups (#5016)
- web/admin: fix error listing blueprints with missing metadata (#5041) - web/admin: fix error listing blueprints with missing metadata (#5041)
- web/admin: fix error when creating bindings due to hidden inputs (#5081) - web/admin: fix error when creating bindings due to hidden inputs (#5081)
- web/admin: fix inconsistent display of flows in selections (#4977) - web/admin: fix inconsistent display of flows in selections (#4977)
- web/admin: fix ldap form when editing scim provider from view page (#5164)
- web/admin: fix prompt field display (#4990) - web/admin: fix prompt field display (#4990)
- web/admin: fix sidebar avatar not loaded (#5184)
- web/admin: prompt preview (#5078) - web/admin: prompt preview (#5078)
- web/admin: show warning when adding user to superuser group (#5091)
- web/elements: fix search select inconsistency (#4989) - web/elements: fix search select inconsistency (#4989)
- web/elements: only render form once instance is loaded (#5049) - web/elements: only render form once instance is loaded (#5049)
- web/flows: fix authenticator selector in dark mode (#4974) - web/flows: fix authenticator selector in dark mode (#4974)
- web/user: rework search (#5107)
- web: only show debug locale if debug mode is enabled (#5111)
- web: remove more until (#5057)
## API Changes ## API Changes

7
website/sidebars.js
View File

@ -54,8 +54,8 @@ module.exports = {
"providers/oauth2/device_code", "providers/oauth2/device_code",
], ],
}, },
"providers/saml", "providers/saml/index",
"providers/radius", "providers/radius/index",
{ {
type: "category", type: "category",
label: "Proxy Provider", label: "Proxy Provider",
@ -240,13 +240,14 @@ module.exports = {
description: "Release notes for recent authentik versions", description: "Release notes for recent authentik versions",
}, },
items: [ items: [
"releases/2023/v2023.4",
"releases/2023/v2023.3", "releases/2023/v2023.3",
"releases/2023/v2023.2", "releases/2023/v2023.2",
"releases/2023/v2023.1",
{ {
type: "category", type: "category",
label: "Previous versions", label: "Previous versions",
items: [ items: [
"releases/2023/v2023.1",
"releases/2022/v2022.12", "releases/2022/v2022.12",
"releases/2022/v2022.11", "releases/2022/v2022.11",
"releases/2022/v2022.10", "releases/2022/v2022.10",