Merge branch 'main' into application-wizard-2

* main:
  blueprints: prevent duplicate password stage in default flow when using combined identification stage (#6432)
  website/integrations: cite better (#6431)
  root: add generated Source docs (#5323)
  website/docs: add architecture and persistence (#6250)
  core: bump paramiko from 3.2.0 to 3.3.1 (#6428)
  website: fix sidebar sizing (#6430)
  ci: update dependabot labels (#6423)
  website: fix sidebar layout (#6421)
This commit is contained in:
Ken Sternberg 2023-08-03 08:53:00 -07:00
commit 7808b7b48a
83 changed files with 501 additions and 419 deletions

2
.github/cherry-pick-bot.yml vendored Normal file
View file

@ -0,0 +1,2 @@
enabled: true
preservePullRequestTitle: true

View file

@ -8,6 +8,8 @@ updates:
open-pull-requests-limit: 10
commit-message:
prefix: "ci:"
labels:
- dependencies
- package-ecosystem: gomod
directory: "/"
schedule:
@ -16,11 +18,15 @@ updates:
open-pull-requests-limit: 10
commit-message:
prefix: "core:"
labels:
- dependencies
- package-ecosystem: npm
directory: "/web"
schedule:
interval: daily
time: "04:00"
labels:
- dependencies
open-pull-requests-limit: 10
commit-message:
prefix: "web:"
@ -44,6 +50,8 @@ updates:
open-pull-requests-limit: 10
commit-message:
prefix: "website:"
labels:
- dependencies
groups:
docusaurus:
patterns:
@ -56,6 +64,8 @@ updates:
open-pull-requests-limit: 10
commit-message:
prefix: "core:"
labels:
- dependencies
- package-ecosystem: docker
directory: "/"
schedule:
@ -64,3 +74,5 @@ updates:
open-pull-requests-limit: 10
commit-message:
prefix: "core:"
labels:
- dependencies

View file

@ -1,23 +1,19 @@
<!--
👋 Hello there! Welcome.
👋 Hi there! Welcome.
Please check the [Contributing guidelines](https://goauthentik.io/developer-docs/#how-can-i-contribute).
Please check the Contributing guidelines: https://goauthentik.io/developer-docs/#how-can-i-contribute
-->
## Details
- **Does this resolve an issue?**
Resolves #
<!--
Explain what this PR changes, what the rationale behind the change is, if any new requirements are introduced or any breaking changes caused by this PR.
## Changes
Ideally also link an Issue for context that this PR will close using `closes #`
-->
REPLACE ME
### New Features
- Adds feature which does x, y, and z.
### Breaking Changes
- Adds breaking change which causes \<issue\>.
---
## Checklist

View file

@ -0,0 +1,25 @@
name: authentik-publish-source-docs
on:
push:
branches:
- main
jobs:
publish-source-docs:
runs-on: ubuntu-latest
timeout-minutes: 120
steps:
- uses: actions/checkout@v3
- name: Setup authentik env
uses: ./.github/actions/setup
- name: generate docs
run: |
poetry run ak build_source_docs
- name: Publish
uses: netlify/actions/cli@master
with:
args: deploy --dir=source_docs --prod
env:
NETLIFY_SITE_ID: eb246b7b-1d83-4f69-89f7-01a936b4ca59
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}

1
.gitignore vendored
View file

@ -205,3 +205,4 @@ data/
# Local Netlify folder
.netlify
.ruff_cache
source_docs/

View file

@ -1,4 +1,4 @@
"""authentik"""
"""authentik root module"""
from os import environ
from typing import Optional

View file

@ -0,0 +1,21 @@
"""Build source docs"""
from pathlib import Path
from django.core.management.base import BaseCommand
from pdoc import pdoc
from pdoc.render import configure
class Command(BaseCommand):
"""Build source docs"""
def handle(self, **options):
configure(
docformat="markdown",
mermaid=True,
logo="https://goauthentik.io/img/icon_top_brand_colour.svg",
)
pdoc(
"authentik",
output_directory=Path("./source_docs"),
)

View file

@ -79,7 +79,7 @@ class UserTypes(models.TextChoices):
class Group(SerializerModel):
"""Custom Group model which supports a basic hierarchy"""
"""Group model which supports a basic hierarchy and has attributes"""
group_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@ -148,15 +148,15 @@ class Group(SerializerModel):
class UserManager(DjangoUserManager):
"""Custom user manager that doesn't assign is_superuser and is_staff"""
"""User manager that doesn't assign is_superuser and is_staff"""
def create_user(self, username, email=None, password=None, **extra_fields):
"""Custom user manager that doesn't assign is_superuser and is_staff"""
"""User manager that doesn't assign is_superuser and is_staff"""
return self._create_user(username, email, password, **extra_fields)
class User(SerializerModel, GuardianUserMixin, AbstractUser):
"""Custom User model to allow easier adding of user-based settings"""
"""authentik User model, based on django's contrib auth user model."""
uuid = models.UUIDField(default=uuid4, editable=False, unique=True)
name = models.TextField(help_text=_("User's display name."))

View file

@ -51,6 +51,7 @@ entries:
order: 20
stage: !KeyOf default-authentication-password
target: !KeyOf flow
id: default-authentication-flow-password-binding
model: authentik_flows.flowstagebinding
- identifiers:
order: 30
@ -62,3 +63,18 @@ entries:
stage: !KeyOf default-authentication-login
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- model: authentik_policies_expression.expressionpolicy
id: default-authentication-flow-password-optional
identifiers:
name: default-authentication-flow-password-stage
attrs:
expression: |
flow_plan = request.context["flow_plan"]
# If the user does not have a backend attached to it, they haven't
# been authenticated yet and we need the password stage
return not hasattr(flow_plan.context["pending_user"], "backend")
- model: authentik_policies.policybinding
identifiers:
order: 10
target: !KeyOf default-authentication-flow-password-binding
policy: !KeyOf default-authentication-flow-password-optional

103
poetry.lock generated
View file

@ -1809,6 +1809,23 @@ pipfile-deprecated-finder = ["pip-shims (>=0.5.2)", "pipreqs", "requirementslib"
plugins = ["setuptools"]
requirements-deprecated-finder = ["pip-api", "pipreqs"]
[[package]]
name = "jinja2"
version = "3.1.2"
description = "A very fast and expressive template engine."
optional = false
python-versions = ">=3.7"
files = [
{file = "Jinja2-3.1.2-py3-none-any.whl", hash = "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"},
{file = "Jinja2-3.1.2.tar.gz", hash = "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"},
]
[package.dependencies]
MarkupSafe = ">=2.0"
[package.extras]
i18n = ["Babel (>=2.7)"]
[[package]]
name = "jsonpatch"
version = "1.33"
@ -2101,6 +2118,65 @@ profiling = ["gprof2dot"]
rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]
[[package]]
name = "markupsafe"
version = "2.1.3"
description = "Safely add untrusted strings to HTML/XML markup."
optional = false
python-versions = ">=3.7"
files = [
{file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa"},
{file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57"},
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f"},
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52"},
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00"},
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6"},
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779"},
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7"},
{file = "MarkupSafe-2.1.3-cp310-cp310-win32.whl", hash = "sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431"},
{file = "MarkupSafe-2.1.3-cp310-cp310-win_amd64.whl", hash = "sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559"},
{file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c"},
{file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575"},
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee"},
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2"},
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9"},
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc"},
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9"},
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"},
{file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"},
{file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-win32.whl", hash = "sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0"},
{file = "MarkupSafe-2.1.3-cp37-cp37m-win_amd64.whl", hash = "sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24"},
{file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4"},
{file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0"},
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee"},
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be"},
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e"},
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8"},
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3"},
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d"},
{file = "MarkupSafe-2.1.3-cp38-cp38-win32.whl", hash = "sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5"},
{file = "MarkupSafe-2.1.3-cp38-cp38-win_amd64.whl", hash = "sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc"},
{file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198"},
{file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b"},
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58"},
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e"},
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c"},
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636"},
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea"},
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e"},
{file = "MarkupSafe-2.1.3-cp39-cp39-win32.whl", hash = "sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2"},
{file = "MarkupSafe-2.1.3-cp39-cp39-win_amd64.whl", hash = "sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba"},
{file = "MarkupSafe-2.1.3.tar.gz", hash = "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"},
]
[[package]]
name = "maxminddb"
version = "2.4.0"
@ -2363,13 +2439,13 @@ files = [
[[package]]
name = "paramiko"
version = "3.2.0"
version = "3.3.1"
description = "SSH2 protocol library"
optional = false
python-versions = ">=3.6"
files = [
{file = "paramiko-3.2.0-py3-none-any.whl", hash = "sha256:df0f9dd8903bc50f2e10580af687f3015bf592a377cd438d2ec9546467a14eb8"},
{file = "paramiko-3.2.0.tar.gz", hash = "sha256:93cdce625a8a1dc12204439d45033f3261bdb2c201648cfcdc06f9fd0f94ec29"},
{file = "paramiko-3.3.1-py3-none-any.whl", hash = "sha256:b7bc5340a43de4287bbe22fe6de728aa2c22468b2a849615498dd944c2f275eb"},
{file = "paramiko-3.3.1.tar.gz", hash = "sha256:6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77"},
]
[package.dependencies]
@ -2404,6 +2480,25 @@ files = [
{file = "pbr-5.11.1.tar.gz", hash = "sha256:aefc51675b0b533d56bb5fd1c8c6c0522fe31896679882e1c4c63d5e4a0fccb3"},
]
[[package]]
name = "pdoc"
version = "14.0.0"
description = "API Documentation for Python Projects"
optional = false
python-versions = ">=3.8"
files = [
{file = "pdoc-14.0.0-py3-none-any.whl", hash = "sha256:4514041ff5da33f1adbc700002a661600fc13a9adadef317bc6ae8be9e61154b"},
{file = "pdoc-14.0.0.tar.gz", hash = "sha256:ad6c16c949e5dd8b30effc5398aedb5779ffe8ab94be91ce2cddc320e8127900"},
]
[package.dependencies]
Jinja2 = ">=2.11.0"
MarkupSafe = "*"
pygments = ">=2.12.0"
[package.extras]
dev = ["black", "hypothesis", "mypy", "pygments (>=2.14.0)", "pytest", "pytest-cov", "pytest-timeout", "ruff", "tox", "types-pygments"]
[[package]]
name = "platformdirs"
version = "3.8.0"
@ -4211,4 +4306,4 @@ files = [
[metadata]
lock-version = "2.0"
python-versions = "^3.11"
content-hash = "ab00edcd235c1c92dad9a91ace11d50df4564297193683cca7aa2b207ca27be6"
content-hash = "79778342afa2970f75dec18fc3916c7569426bf7735ff554bf2e55e057931132"

View file

@ -184,6 +184,7 @@ debugpy = "*"
django-silk = "*"
drf-jsonschema-serializer = "*"
importlib-metadata = "*"
pdoc = "*"
pylint = "*"
pylint-django = "*"
pyrad = "*"

View file

@ -0,0 +1,61 @@
---
title: Architecture
---
authentik consists of a handful of components, most of which are required for a functioning setup.
```mermaid
graph LR
user(User) --> ak_server(authentik Server)
ak_server --> ak_server_core(authentik Server Core)
ak_server --> ak_outpost(Embedded outpost)
ak_server_core --> db(PostgreSQL)
ak_server_core --> cache(Redis)
ak_worker(Background Worker) --> db(PostgreSQL)
ak_worker(Background Worker) --> cache(Redis)
```
### Server
The server container consists of two sub-components, the actual server itself and the embedded outpost. Incoming requests to the server container(s) are routed by a lightweight router to either the _Core_ server or the embedded outpost. This router also handles requests for any static assets such as JavaScript and CSS files.
#### Core
The core sub-component handles most of authentik's logic, such as API requests, flow executions, any kind of SSO requests, etc.
#### Embedded outpost
Similar to [other outposts](../outposts/index.mdx), this outposts allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost.
#### Persistence
- `/media` is used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload
### Background Worker
This container executes background tasks, such as sending emails, the event notification system, and everything you can see on the _System Tasks_ page in the frontend.
#### Persistence
- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt)
- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
### PostgreSQL
authentik uses PostgreSQL to store all of its configuration and other data (excluding uploaded files).
#### Persistence
- `/var/lib/postgresql/data` is used to store the PostgreSQL database
On Kubernetes, with the default Helm chart and using the packaged PostgreSQL sub-chart, persistent data is stored in a PVC.
### Redis
authentik uses Redis as a message-queue and a cache. Data in Redis is not required to be persistent, however you should be aware that restarting Redis will cause the loss of all sessions.
#### Persistence
- `/data` is used to store the Redis data
On Kubernetes, with the default Helm chart and using the packaged Redis sub-chart, persistent data is stored in a PVC.

View file

@ -71,6 +71,13 @@ See [Configuration](../installation/configuration) to change the internal ports.
## Startup
:::warning
The server assumes to have local timezone as UTC.
All internals are handled in UTC; whenever a time is displayed to the user in UI, the time shown is localized.
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
This will not give any advantages. It will cause problems with OAuth and SAML authentication, e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
:::
Afterwards, run these commands to finish:
```shell
@ -85,28 +92,3 @@ By default, authentik is reachable (by default) on port 9000 (HTTP) and port 944
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
There you are prompted to set a password for the akadmin user (the default user).
## Explanation
:::warning
The server assumes to have local timezone as UTC.
All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized.
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
This will not give any advantages.
On the contrary, it will cause problems with OAuth and SAML authentication,
e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
:::
The Docker-Compose project contains the following containers:
- server
This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc.
- worker
This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
- redis (for cache)
- postgresql (default database)

View file

@ -6,11 +6,9 @@ title: Service Name
## What is Service Name
From https://service.name
:::note
Insert a quick overview of what Service Name is and what it does
:::
> Insert a quick overview of what Service Name is and what it does
>
> -- https://service.name
## Preparation

View file

@ -6,11 +6,9 @@ title: Apache Guacamole™
## What is Apache Guacamole™
From https://guacamole.apache.org/
:::note
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
:::
> Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
>
> -- https://guacamole.apache.org/
## Preparation

View file

@ -6,11 +6,9 @@ title: ArgoCD
## What is ArgoCD
From https://argoproj.github.io/cd/
:::note
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
:::
> Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
>
> -- https://argoproj.github.io/cd/
## Preparation

View file

@ -6,9 +6,9 @@ title: Amazon Web Services
## What is AWS
:::note
Amazon Web Services (AWS) is the worlds most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.
:::
> Amazon Web Services (AWS) is the worlds most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster.
>
> -- https://www.aboutamazon.com/what-we-do/amazon-web-
## Select your method

View file

@ -1,28 +1,28 @@
---
title: Ansible Tower / AWX
title: Red Hat Ansible Automation Platform / AWX
---
<span class="badge badge--secondary"></span>
## What is Tower
From https://docs.ansible.com/ansible/2.5/reference_appendices/tower.html
From
> Red Hat Ansible Automation Platform (RHAAP) (formerly AWX) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. Its designed to be the hub for all of your automation tasks.
>
> Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.
>
> -- https://docs.ansible.com/ansible/latest/reference_appendices/tower.html
:::note
Ansible Tower (formerly AWX) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. Its designed to be the hub for all of your automation tasks.
Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.
:::
:::note
AWX is the open-source version of Tower. The term "AWX" will be used interchangeably throughout this document.
AWX is the open-source version of RHAAP. The term "AWX" will be used interchangeably throughout this document.
:::
## Preparation
The following placeholders will be used:
- `awx.company` is the FQDN of the AWX/Tower install.
- `awx.company` is the FQDN of the AWX/RHAAP install.
- `authentik.company` is the FQDN of the authentik install.
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:

View file

@ -6,11 +6,9 @@ title: Bookstack
## What is Bookstack
From https://en.wikipedia.org/wiki/BookStack
:::note
BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
:::
> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
>
> -- https://en.wikipedia.org/wiki/BookStack
:::note
This is based on authentik 2021.7.2 and BookStack V21.05.3. Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: Budibase
## What is Budibase
From https://github.com/Budibase/budibase
:::note
Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity.
:::
> Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity.
>
> -- https://github.com/Budibase/budibase
## Preparation

View file

@ -8,9 +8,7 @@ title: DokuWiki
From https://en.wikipedia.org/wiki/DokuWiki
:::note
DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki.
:::
> DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki.
## Preparation

View file

@ -6,12 +6,10 @@ title: Firezone
## What is Firezone
From https://www.firezone.dev
:::note
Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
Deploy on your infrastructure and start onboarding users in minutes.
:::
> Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
> Deploy on your infrastructure and start onboarding users in minutes.
>
> -- https://www.firezone.dev
## Preparation

View file

@ -6,13 +6,11 @@ title: FortiManager
## What is FortiManager
From https://www.fortinet.com/products/management/fortimanager
:::note
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
FortiManager is a paid enterprise product.
:::
> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
>
> FortiManager is a paid enterprise product.
>
> -- https://www.fortinet.com/products/management/fortimanager
## Preparation

View file

@ -6,11 +6,9 @@ title: Gitea
## What is Gitea
From https://gitea.io/
:::note
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
:::
> Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
>
> -- https://gitea.io/
:::note
This is based on authentik 2022.10.1 and Gitea 1.17.3 installed using the official docker image [https://docs.gitea.io/en-us/install-with-docker/](https://docs.gitea.io/en-us/install-with-docker/). Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: GitHub Enterprise Cloud
## What is GitHub Enterprise Cloud
From https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises
:::note
GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
:::
> GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
>
> -- https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises
:::note
GitHub Enterprise Cloud EMU (Enterprise Managed Users) are not compatible with authentik. GitHub currently only permits SAML/OIDC for EMU organizations with Okta and/or Azure AD.

View file

@ -6,11 +6,9 @@ title: GitHub Enterprise Server
## What is GitHub Enterprise Server
From https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server
:::note
GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows.
:::
> GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows.
>
> -- https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server
## Preparation

View file

@ -6,11 +6,9 @@ title: GitHub Organization
## What is GitHub Organizations
From https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
:::note
Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
:::
> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
>
> -- https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
## Preparation

View file

@ -6,11 +6,9 @@ title: GitLab
## What is GitLab
From https://about.gitlab.com/what-is-gitlab/
:::note
GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
:::
> GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
>
> -- https://about.gitlab.com/what-is-gitlab/
## Preparation

View file

@ -6,11 +6,9 @@ title: Google Workspace
## What is Google Workspace
From https://en.wikipedia.org/wiki/Google_Workspace
:::note
Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
:::
> Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
>
> -- https://en.wikipedia.org/wiki/Google_Workspace
## Preparation

View file

@ -6,11 +6,9 @@ title: Grafana
## What is Grafana
From https://en.wikipedia.org/wiki/Grafana
:::note
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
:::
> Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
>
> -- https://en.wikipedia.org/wiki/Grafana
## Preparation

View file

@ -6,13 +6,11 @@ title: Gravitee
## What is Gravitee
From https://github.com/gravitee-io/gravitee-api-management
:::note
Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.
:::
It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more.
> Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.
>
> It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more.
>
> -- https://github.com/gravitee-io/gravitee-api-management
## Preparation

View file

@ -6,11 +6,9 @@ title: Harbor
## What is Harbor
From https://goharbor.io
:::note
Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
:::
> Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
>
> -- https://goharbor.io
## Preparation

View file

@ -6,11 +6,9 @@ title: HashiCorp Cloud Platform
## What is HashiCorp Cloud
From https://cloud.hashicorp.com/
:::note
HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
:::
> HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
>
> -- https://cloud.hashicorp.com/
## Preparation

View file

@ -6,11 +6,9 @@ title: Hashicorp Vault
## What is Vault
From https://vaultproject.io
:::note
Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
:::
> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
>
> -- https://vaultproject.io
:::note
This is based on authentik 2022.2.1 and Vault 1.9.3. Instructions may differ between versions. This guide does not cover vault policies. See https://learn.hashicorp.com/tutorials/vault/oidc-auth?in=vault/auth-methods for a more in depth vault guide

View file

@ -6,11 +6,9 @@ title: HedgeDoc
## What is HedgeDoc
From https://github.com/hedgedoc/hedgedoc
:::note
HedgeDoc lets you create real-time collaborative markdown notes.
:::
> HedgeDoc lets you create real-time collaborative markdown notes.
>
> -- https://github.com/hedgedoc/hedgedoc
## Preparation

View file

@ -6,11 +6,9 @@ title: Home-Assistant
## What is Home-Assistant
From https://www.home-assistant.io/
:::note
Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
:::
> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
>
> -- https://www.home-assistant.io/
:::caution
You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).

View file

@ -6,11 +6,9 @@ title: Jellyfin
## What is Jellyfin
From https://jellyfin.org
:::note
Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music.
:::
> Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music.
>
> -- https://jellyfin.org
:::note
Jellyfin does not have any native external authentication support as of the writing of this page.

View file

@ -6,11 +6,9 @@ title: Kimai
## What is Kimai
From https://www.kimai.org/about/
:::note
Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
:::
> Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
>
> -- https://www.kimai.org/about/
## Preparation

View file

@ -6,10 +6,9 @@ title: Mastodon
## What is Mastodon
From https://joinmastodon.org/
:::note
Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
:::
> Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
>
> -- https://joinmastodon.org/
## Preparation

View file

@ -6,12 +6,9 @@ title: Matrix Synapse
## What is Matrix Synapse
From https://matrix.org/
:::note
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed
reference implementations.
:::
> Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.
>
> -- https://matrix.org/
## Preparation

View file

@ -6,11 +6,9 @@ title: MinIO
## What is MinIO
From https://en.wikipedia.org/wiki/MinIO
:::note
MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB.
:::
> MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB.
>
> -- https://en.wikipedia.org/wiki/MinIO
## Preparation

View file

@ -6,10 +6,9 @@ title: Mobilizon
## What is Mobilizon
From https://joinmobilizon.org/
:::note
Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org
:::
> Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org
>
> -- https://joinmobilizon.org/
## Preparation

View file

@ -6,11 +6,9 @@ title: NetBox
## What is NetBox
From https://github.com/netbox-community/netbox
:::note
NetBox is the leading solution for modeling and documenting modern networks.
:::
> NetBox is the leading solution for modeling and documenting modern networks.
>
> -- https://github.com/netbox-community/netbox
## Preparation

View file

@ -6,11 +6,9 @@ title: Nextcloud
## What is Nextcloud
From https://en.wikipedia.org/wiki/Nextcloud
:::note
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
:::
> Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
>
> -- https://en.wikipedia.org/wiki/Nextcloud
:::caution
This setup only works, when Nextcloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this.

View file

@ -6,13 +6,11 @@ title: Node-RED
## What is Node-RED
From https://nodered.org/
:::note
Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
:::
> Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
>
> It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
>
> -- https://nodered.org/
:::caution
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.

View file

@ -6,11 +6,9 @@ title: OnlyOffice
## What is OnlyOffice
From https://en.wikipedia.org/wiki/OnlyOffice
:::note
OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools
:::
> OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools
>
> -- https://en.wikipedia.org/wiki/OnlyOffice
:::note
This is based on authentik 2021.10.4 and OnlyOffice 11.5.4.1582. Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: OPNsense
## What is OPNsense
From https://opnsense.org/
:::note
OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
:::
> OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
>
> -- https://opnsense.org/
:::note
This is based on authentik 2022.4.1 and OPNsense 22.1.6-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: Oracle Cloud
## What is Oracle Cloud
From https://www.oracle.com/cloud/
:::note
Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications.
:::
> Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications.
>
> -- https://www.oracle.com/cloud/
## Preparation

View file

@ -6,11 +6,10 @@ title: organizr
## What is organizr
From https://github.com/causefx/Organizr
> Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
>
> -- https://github.com/causefx/Organizr
:::note
Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
:::
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider.
## Preparation

View file

@ -6,11 +6,9 @@ title: Paperless-ng
## What is Paperless-ng
Modified from https://github.com/jonaswinkler/paperless-ng
:::note
Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
:::
> Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
>
> -- https://github.com/jonaswinkler/paperless-ng
:::caution
This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.

View file

@ -6,11 +6,9 @@ title: pfSense
## What is pfSense
From https://www.pfsense.org/
:::note
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
:::
> The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
>
> -- https://www.pfsense.org/
:::note
This is based on authentik 2022.3.31 and pfSense 2.6.0-amd64

View file

@ -6,11 +6,9 @@ title: pgAdmin
## What is pgAdmin
From https://www.pgadmin.org/
:::note
pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.
:::
> pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.
>
> -- https://www.pgadmin.org/
:::note
This is based on authentik 2022.3.3 and pgAdmin4 6.19

View file

@ -6,11 +6,9 @@ title: phpIPAM
## What is phpIPAM
From https://phpipam.net/
:::note
phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
:::
> phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
>
> -- https://phpipam.net/
## Preparation

View file

@ -6,11 +6,9 @@ title: Portainer
## What is Portainer
From https://www.portainer.io/
:::note
Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.
:::
> Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.
>
> -- https://www.portainer.io/
:::note
This is based on authentik 2021.7.3 and Portainer 2.6.x-CE. Portainer 2.6 supports OAuth without additional licenses, 1.x Series requires a paid license for OAuth.

View file

@ -6,11 +6,9 @@ title: PowerDNS-Admin
## What is PowerDNS-Admin
From https://github.com/ngoduykhanh/PowerDNS-Admin
:::note
A PowerDNS web interface with advanced features.
:::
> A PowerDNS web interface with advanced features.
>
> -- https://github.com/ngoduykhanh/PowerDNS-Admin
## Preparation

View file

@ -6,9 +6,9 @@ title: ProFTPD
## What is ProFTPD
:::note
ProFTPD is a high-performance, open-source FTP server software designed for Unix and Linux systems. It supports various features, including IPv6, SSL/TLS encryption, virtual hosting, advanced logging, and supports various authentication methods, including LDAP and MySQL.
:::
> ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance.
>
> -- From http://www.proftpd.org
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider.

View file

@ -6,11 +6,9 @@ title: Proxmox VE
## What is Proxmox VE
From https://pve.proxmox.com/wiki/Main_Page
:::note
Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
:::
> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
>
> -- https://pve.proxmox.com/wiki/Main_Page
:::caution
This requires Proxmox VE 7.0 or newer.

View file

@ -4,14 +4,11 @@ title: QNAP NAS
## What is QNAP NAS
From <https://en.wikipedia.org/wiki/QNAP_Systems>
> QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
>
> -- https://en.wikipedia.org/wiki/QNAP_Systems
:::note
QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
:::
Connecting a QNAP NAS to an LDAP Directory is a little bit special
as it is **not** (well) documented what really is done behind the scenes of QNAP.
Connecting a QNAP NAS to an LDAP Directory is a little bit special as it is **not** (well) documented what really is done behind the scenes of QNAP.
## Preparation

View file

@ -6,12 +6,10 @@ title: Rancher
## What is Rancher
From https://rancher.com/products/rancher
:::note
An enterprise platform for managing Kubernetes Everywhere
Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
:::
> An enterprise platform for managing Kubernetes Everywhere
> Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
>
> -- https://rancher.com/products/rancher
## Preparation

View file

@ -6,11 +6,9 @@ title: Rocket.chat
## What is Rocket.chat
From https://github.com/RocketChat/Rocket.Chat
:::note
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat Git Hub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
:::
> Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat GitHub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
>
> -- https://github.com/RocketChat/Rocket.Chat
:::note
This is based on authentik 2022.3.1 and Rocket.chat 4.5.1 using the [Docker-Compose install](https://docs.rocket.chat/quick-start/installing-and-updating/rapid-deployment-methods/docker-and-docker-compose/docker-containers). Instructions may differ between versions.

View file

@ -6,12 +6,10 @@ title: Roundcube
## What is Roundcube
From https://roundcube.net
:::note
**Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
:::
> **Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
> It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
>
> -- https://roundcube.net
This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account.
The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately.

View file

@ -6,15 +6,10 @@ title: Sentry
## What is Sentry
From https://sentry.io
:::note
Sentry provides self-hosted and cloud-based error monitoring that helps all software
teams discover, triage, and prioritize errors in real-time.
One million developers at over fifty thousand companies already ship
better software faster with Sentry. Wont you join them?
:::
> Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time.
> One million developers at over fifty thousand companies already ship better software faster with Sentry. Wont you join them?
>
> -- https://sentry.io
## Preparation

View file

@ -6,11 +6,9 @@ title: Skyhigh Security
## What is Skyhigh Security
:::note
Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider.
:::
From https://www.skyhighsecurity.com/en-us/about.html
> Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider.
>
> -- https://www.skyhighsecurity.com/en-us/about.html
:::note
We were among the first to recognize the clouds potential and knew that protecting data in this new hybrid world required an entirely new approach. We make managing your web and unifying your data policies easy to create and enforce, giving you a single console to provide visibility across all of your infrastructure.

View file

@ -6,10 +6,9 @@ title: Snipe-IT
## What is Snipe-IT
From https://snipeitapp.com
:::note
A free open source IT asset/license management system.
:::
> A free open source IT asset/license management system.
>
> -- https://snipeitapp.com
:::caution
This setup assumes you will be using HTTPS as Snipe-It dynamically generates the ACS and other settings based on the complete URL.

View file

@ -10,11 +10,9 @@ These instructions apply to all projects in the \*arr Family. If you use multipl
## What is Sonarr
From https://github.com/Sonarr/Sonarr
:::note
Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
:::
> Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
>
> -- https://github.com/Sonarr/Sonarr
## Preparation

View file

@ -6,11 +6,9 @@ title: sssd
## What is sssd
From https://sssd.io/
:::note
**SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
:::
> **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
>
> -- https://sssd.io/
Note that authentik supports _only_ user and group objects. As
a consequence, it cannot be used to provide automount or sudo

View file

@ -6,11 +6,9 @@ title: Tautulli
## What is Tautulli
From https://tautulli.com/
:::note
Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
:::
> Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
>
> -- https://tautulli.com/
## Preparation

View file

@ -6,13 +6,9 @@ title: TrueNAS TrueCommand
## What is TrueNAS TrueCommand
From https://www.truenas.com/truecommand/
:::note
What is TrueCommand?
TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage
e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti
me when resolving issues.
:::
> TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable time when resolving issues.
>
> -- https://www.truenas.com/truecommand/
:::caution
This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL.

View file

@ -6,11 +6,9 @@ title: Ubuntu Landscape
## What is Ubuntu Landscape
From https://en.wikipedia.org/wiki/Landscape_(software)
:::note
Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
:::
> Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
>
> -- https://en.wikipedia.org/wiki/Landscape_(software)
:::caution
This requires authentik 0.10.3 or newer.

View file

@ -6,11 +6,9 @@ title: Uptime Kuma
## What is Uptime Kuma
From https://github.com/louislam/uptime-kuma
:::note
It is a self-hosted monitoring tool like "Uptime Robot".
:::
> Uptime Kuma is an easy-to-use self-hosted monitoring tool.
>
> -- https://github.com/louislam/uptime-kuma
Uptime Kuma currently supports only a single user and no native SSO solution. To still use authentik, you can work with the Proxy Outpost and a Proxy Provider.

View file

@ -6,11 +6,9 @@ title: Veeam Enterprise Manager
## What is Veeam Enterprise Manager
From https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100
:::note
Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment.
:::
> Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment.
>
> -- https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100
## Preparation

View file

@ -6,11 +6,9 @@ title: Vikunja
## What is Vikunja
From https://vikunja.io/
:::note
Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
:::
> Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
>
> -- https://vikunja.io/
:::note
This is based on authentik 2021.7.3 and Vikunja V0.17.1 using the Docker-Compose install https://vikunja.io/docs/full-docker-example/. Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: VMware vCenter
## What is vCenter
From https://en.wikipedia.org/wiki/VCenter
:::note
vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
:::
> vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
>
> -- https://en.wikipedia.org/wiki/VCenter
:::caution
This requires authentik 0.10.3 or newer.

View file

@ -6,11 +6,9 @@ title: Weblate
## What is Weblate
From https://weblate.org/en/
:::note
Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries.
:::
> Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries.
>
> -- https://weblate.org/en/
## Preparation

View file

@ -6,11 +6,9 @@ title: Wekan
## What is Wekan
From https://github.com/wekan/wekan/wiki
:::note
Wekan is an open-source kanban board which allows a card-based task and to-do management.
:::
> Wekan is an open-source kanban board which allows a card-based task and to-do management.
>
> -- https://github.com/wekan/wekan/wiki
## Preparation

View file

@ -6,11 +6,9 @@ title: Wiki.js
## What is Wiki.js
From https://en.wikipedia.org/wiki/Wiki.js
:::note
Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace.
:::
> Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace.
>
> -- https://en.wikipedia.org/wiki/Wiki.js
:::note
This is based on authentik 2022.11 and Wiki.js 2.5. Instructions may differ between versions.

View file

@ -6,11 +6,9 @@ title: Wordpress
## What is Wordpress
From https://en.wikipedia.org/wiki/WordPress
:::note
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
:::
> WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
>
> -- https://en.wikipedia.org/wiki/WordPress
:::note
There are many different plugins for Wordpress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the Wordpress Plugin gallery.

View file

@ -6,10 +6,9 @@ title: Writefreely
## What is Writefreely
From https://writefreely.org/
:::note
An open source platform for building a writing space on the web.
:::
> An open source platform for building a writing space on the web.
>
> -- https://writefreely.org/
:::caution
Currently it is not possible to connect writefreely to authentik without making an adjustment in the database. See [here](https://github.com/writefreely/writefreely/issues/516) and [Writefreely Setup](https://goauthentik.io/integrations/services/writefreely/#writefreely-setup)

View file

@ -6,13 +6,11 @@ title: Zabbix
## What is Zabbix
From https://www.zabbix.com/features
:::note
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
Zabbix is Open Source and comes at no cost.
:::
> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
>
> Zabbix is Open Source and comes at no cost.
>
> -- https://www.zabbix.com/features
## Preparation

View file

@ -6,11 +6,10 @@ title: Zammad
## What is Zammad
From https://zammad.org/
:::note
Zammad is a web-based, open source user support/ticketing solution.
Download and install it on your own servers. For free.
:::
> Zammad is a web-based, open source user support/ticketing solution.
> Download and install it on your own servers. For free.
>
> -- https://zammad.org/
## Preparation

View file

@ -6,12 +6,10 @@ title: Zulip
## What is Zulip
From https://zulip.com
:::note
**Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
With Zulip, you can catch up on important conversations while ignoring irrelevant ones.
:::
> **Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
> With Zulip, you can catch up on important conversations while ignoring irrelevant ones.
>
> -- https://zulip.com
## Preparation

View file

@ -33,6 +33,7 @@ module.exports = {
"core/tenants",
"core/certificates",
"core/geoip",
"core/architecture",
],
},
{

View file

@ -84,8 +84,8 @@
no-repeat;
}
@media (min-width: 1416px) {
.docPage_node_modules-\@docusaurus-theme-classic-lib-theme-DocPage-Layout-styles-module {
@media (min-width: 1600px) {
#__docusaurus_skipToContent_fallback > div {
align-self: center;
max-width: 1600px;
width: 1600px;