trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: add initial header token auth (#4421) 

* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-01-13 16:22:03 +01:00 committed by GitHub
parent 31c6ea9fda
commit cd12e177ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 830 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authentik/providers/oauth2/tests/test_introspect.py
View File

@ -8,6 +8,7 @@ from django.urls import reverse
from authentik.core.models import Application
from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
from authentik.lib.generators import generate_id, generate_key
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
from authentik.providers.oauth2.models import IDToken, OAuth2Provider, RefreshToken
from authentik.providers.oauth2.tests.utils import OAuthTestCase
@ -57,6 +58,8 @@ class TesOAuth2Introspection(OAuthTestCase):
self.assertJSONEqual(
res.content.decode(),
{
"acr": ACR_AUTHENTIK_DEFAULT,
"auth_time": None,
"aud": None,
"sub": "bar",
"exp": None,
@ -64,6 +67,7 @@ class TesOAuth2Introspection(OAuthTestCase):
"iss": "foo",
"active": True,
"client_id": self.provider.client_id,
"scope": " ".join(self.token.scope),
},
)

20
authentik/providers/oauth2/views/introspection.py
View File

@ -52,9 +52,8 @@ class TokenIntrospectionParams:
if not provider:
raise TokenIntrospectionError
try:
token: RefreshToken = RefreshToken.objects.get(provider=provider, **token_filter)
except RefreshToken.DoesNotExist:
token: RefreshToken = RefreshToken.objects.filter(provider=provider, **token_filter).first()
if not token:
LOGGER.debug("Token does not exist", token=raw_token)
raise TokenIntrospectionError()
@ -74,15 +73,12 @@ class TokenIntrospectionView(View):
"""Introspection handler"""
try:
self.params = TokenIntrospectionParams.from_request(request)
response_dic = {}
response = {}
if self.params.id_token:
token_dict = self.params.id_token.to_dict()
for k in ("aud", "sub", "exp", "iat", "iss"):
response_dic[k] = token_dict[k]
response_dic["active"] = True
response_dic["client_id"] = self.params.token.provider.client_id
return TokenResponse(response_dic)
response.update(self.params.id_token.to_dict())
response["active"] = True
response["scope"] = " ".join(self.params.token.scope)
response["client_id"] = self.params.token.provider.client_id
return TokenResponse(response)
except TokenIntrospectionError:
return TokenResponse({"active": False})

3
authentik/providers/proxy/api.py
View File

@ -37,6 +37,7 @@ class OpenIDConnectConfigurationSerializer(PassiveSerializer):
class ProxyProviderSerializer(ProviderSerializer):
"""ProxyProvider Serializer"""
client_id = CharField(read_only=True)
redirect_uris = CharField(read_only=True)
outpost_set = ListField(child=CharField(), read_only=True, source="outpost_set.all")
@ -77,6 +78,7 @@ class ProxyProviderSerializer(ProviderSerializer):
model = ProxyProvider
fields = ProviderSerializer.Meta.fields + [
"client_id",
"internal_host",
"external_host",
"internal_host_ssl_validation",
@ -88,6 +90,7 @@ class ProxyProviderSerializer(ProviderSerializer):
"mode",
"redirect_uris",
"cookie_domain",
"jwks_sources",
"token_validity",
"outpost_set",
]

1
authentik/providers/proxy/models.py
View File

@ -126,6 +126,7 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
"""Ensure all OAuth2-related settings are correct"""
self.client_type = ClientTypes.CONFIDENTIAL
self.signing_key = None
self.include_claims_in_id_token = True
scopes = ScopeMapping.objects.filter(
managed__in=[
"goauthentik.io/providers/oauth2/scope-openid",

30
authentik/sources/oauth/api/source.py
View File

@ -1,5 +1,7 @@
"""OAuth Source Serializer"""
from django.urls.base import reverse_lazy
from django_filters.filters import BooleanFilter
from django_filters.filterset import FilterSet
from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field
from requests import RequestException
@ -111,13 +113,20 @@ class OAuthSourceSerializer(SourceSerializer):
extra_kwargs = {"consumer_secret": {"write_only": True}}
class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
"""Source Viewset"""
class OAuthSourceFilter(FilterSet):
"""OAuth Source filter set"""
queryset = OAuthSource.objects.all()
serializer_class = OAuthSourceSerializer
lookup_field = "slug"
filterset_fields = [
has_jwks = BooleanFilter(label="Only return sources with JWKS data", method="filter_has_jwks")
# pylint: disable=unused-argument
def filter_has_jwks(self, queryset, name, value): # pragma: no cover
"""Only return sources with JWKS data"""
return queryset.exclude(oidc_jwks__iexact="{}")
class Meta:
model = OAuthSource
fields = [
"name",
"slug",
"enabled",
@ -133,6 +142,15 @@ class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
"consumer_key",
"additional_scopes",
]
class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
"""Source Viewset"""
queryset = OAuthSource.objects.all()
serializer_class = OAuthSourceSerializer
lookup_field = "slug"
filterset_class = OAuthSourceFilter
search_fields = ["name", "slug"]
ordering = ["name"]

2
internal/outpost/proxyv2/application/application.go
View File

@ -120,7 +120,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
}))
mux.Use(func(inner http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
c, _ := a.getClaims(r)
c, _ := a.checkAuth(rw, r)
user := ""
if c != nil {
user = c.PreferredUsername

78
internal/outpost/proxyv2/application/auth.go Normal file
View File

@ -0,0 +1,78 @@
package application
import (
"fmt"
"net/http"
"goauthentik.io/internal/outpost/proxyv2/constants"
)
const HeaderAuthorization = "Authorization"
const AuthBearer = "Bearer "
// checkAuth Get claims which are currently in session
// Returns an error if the session can't be loaded or the claims can't be parsed/type-cast
func (a *Application) checkAuth(rw http.ResponseWriter, r *http.Request) (*Claims, error) {
s, _ := a.sessions.Get(r, constants.SessionName)
c := a.getClaimsFromSession(r)
if c != nil {
return c, nil
}
if rw == nil {
return nil, fmt.Errorf("no response writer")
}
// Check bearer token if set
bearer := a.checkAuthHeaderBearer(r)
if bearer != "" {
a.log.Trace("checking bearer token")
tc := a.attemptBearerAuth(r, bearer)
if tc != nil {
s.Values[constants.SessionClaims] = tc.Claims
err := s.Save(r, rw)
if err != nil {
return nil, err
}
r.Header.Del(HeaderAuthorization)
return &tc.Claims, nil
}
a.log.Trace("no/invalid bearer token")
}
// Check basic auth if set
username, password, basicSet := r.BasicAuth()
if basicSet {
a.log.Trace("checking basic auth")
tc := a.attemptBasicAuth(username, password)
if tc != nil {
s.Values[constants.SessionClaims] = *tc
err := s.Save(r, rw)
if err != nil {
return nil, err
}
r.Header.Del(HeaderAuthorization)
return tc, nil
}
a.log.Trace("no/invalid basic auth")
}
return nil, fmt.Errorf("failed to get claims from session")
}
func (a *Application) getClaimsFromSession(r *http.Request) *Claims {
s, err := a.sessions.Get(r, constants.SessionName)
if err != nil {
// err == user has no session/session is not valid, reject
return nil
}
claims, ok := s.Values[constants.SessionClaims]
if claims == nil || !ok {
// no claims saved, reject
return nil
}
c, ok := claims.(Claims)
if !ok {
return nil
}
return &c
}

59
internal/outpost/proxyv2/application/auth_basic.go Normal file
View File

@ -0,0 +1,59 @@
package application
import (
"context"
"encoding/json"
"net/http"
"net/url"
"strings"
)
type TokenResponse struct {
AccessToken string `json:"access_token"`
IDToken string `json:"id_token"`
}
func (a *Application) attemptBasicAuth(username, password string) *Claims {
values := url.Values{
"grant_type": []string{"client_credentials"},
"client_id": []string{a.oauthConfig.ClientID},
"username": []string{username},
"password": []string{password},
"scope": []string{strings.Join(a.oauthConfig.Scopes, " ")},
}
req, err := http.NewRequest("POST", a.endpoint.TokenURL, strings.NewReader(values.Encode()))
if err != nil {
a.log.WithError(err).Warning("failed to create token request")
return nil
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
res, err := a.httpClient.Do(req)
if err != nil || res.StatusCode > 200 {
a.log.WithError(err).Warning("failed to send token request")
return nil
}
var token TokenResponse
err = json.NewDecoder(res.Body).Decode(&token)
if err != nil {
a.log.WithError(err).Warning("failed to parse token response")
return nil
}
// Parse and verify ID Token payload.
idToken, err := a.tokenVerifier.Verify(context.Background(), token.IDToken)
if err != nil {
a.log.WithError(err).Warning("failed to verify token")
return nil
}
// Extract custom claims
var claims *Claims
if err := idToken.Claims(&claims); err != nil {
a.log.WithError(err).Warning("failed to convert token to claims")
return nil
}
if claims.Proxy == nil {
claims.Proxy = &ProxyClaims{}
}
claims.RawToken = token.IDToken
return claims
}

62
internal/outpost/proxyv2/application/auth_bearer.go Normal file
View File

@ -0,0 +1,62 @@
package application
import (
"encoding/json"
"net/http"
"net/url"
"strings"
)
func (a *Application) checkAuthHeaderBearer(r *http.Request) string {
auth := r.Header.Get(HeaderAuthorization)
if auth == "" {
return ""
}
if len(auth) < len(AuthBearer) || !strings.EqualFold(auth[:len(AuthBearer)], AuthBearer) {
return ""
}
return auth[len(AuthBearer):]
}
type TokenIntrospectionResponse struct {
Claims
Scope string `json:"scope"`
Active bool `json:"active"`
ClientID string `json:"client_id"`
}
func (a *Application) attemptBearerAuth(r *http.Request, token string) *TokenIntrospectionResponse {
values := url.Values{
"client_id": []string{a.oauthConfig.ClientID},
"client_secret": []string{a.oauthConfig.ClientSecret},
"token": []string{token},
}
req, err := http.NewRequest("POST", a.endpoint.TokenIntrospection, strings.NewReader(values.Encode()))
if err != nil {
a.log.WithError(err).Warning("failed to create introspection request")
return nil
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
res, err := a.httpClient.Do(req)
if err != nil || res.StatusCode > 200 {
a.log.WithError(err).Warning("failed to send introspection request")
return nil
}
intro := TokenIntrospectionResponse{}
err = json.NewDecoder(res.Body).Decode(&intro)
if err != nil {
a.log.WithError(err).Warning("failed to parse introspection response")
return nil
}
if !intro.Active {
a.log.Warning("token is not active")
return nil
}
if !strings.Contains(intro.Scope, "openid") || !strings.Contains(intro.Scope, "profile") {
a.log.Error("token missing openid or profile scope")
return nil
}
intro.RawToken = token
a.log.Trace("successfully introspected bearer token")
return &intro
}

2
internal/outpost/proxyv2/application/endpoint.go
View File

@ -12,6 +12,7 @@ import (
type OIDCEndpoint struct {
oauth2.Endpoint
TokenIntrospection string
EndSessionEndpoint string
JwksUri string
}
@ -67,5 +68,6 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoin
ep.AuthURL = authU.String()
ep.EndSessionEndpoint = endU.String()
ep.JwksUri = jwksU.String()
ep.TokenIntrospection = p.OidcConfiguration.IntrospectionEndpoint
return ep
}

2
internal/outpost/proxyv2/application/error.go
View File

@ -14,7 +14,7 @@ type ErrorPageData struct {
}
func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err string) {
claims, _ := a.getClaims(r)
claims, _ := a.checkAuth(rw, r)
data := ErrorPageData{
Title: "Bad Gateway",
Message: "Error proxying to upstream server",

1
internal/outpost/proxyv2/application/mode_common.go
View File

@ -15,7 +15,6 @@ import (
func (a *Application) addHeaders(headers http.Header, c *Claims) {
// https://goauthentik.io/docs/providers/proxy/proxy
headers.Set("X-authentik-username", c.PreferredUsername)
headers.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
headers.Set("X-authentik-email", c.Email)

8
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -49,7 +49,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
return
}
// Check if we're authenticated, or the request path is on the allowlist
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if claims != nil && err == nil {
a.addHeaders(rw.Header(), claims)
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
@ -100,7 +100,7 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
return
}
// Check if we're authenticated, or the request path is on the allowlist
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if claims != nil && err == nil {
a.addHeaders(rw.Header(), claims)
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
@ -139,7 +139,7 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
return
}
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if claims != nil && err == nil {
a.addHeaders(rw.Header(), claims)
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
@ -175,7 +175,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
r.URL.Host = r.Host
fwd := r.URL
// Check if we're authenticated, or the request path is on the allowlist
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if claims != nil && err == nil {
a.addHeaders(rw.Header(), claims)
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))

5
internal/outpost/proxyv2/application/mode_proxy.go
View File

@ -33,10 +33,11 @@ func (a *Application) configureProxy() error {
rp.ErrorHandler = a.newProxyErrorHandler()
rp.ModifyResponse = a.proxyModifyResponse
a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if claims == nil && a.IsAllowlisted(r.URL) {
a.log.Trace("path can be accessed without authentication")
} else if claims == nil && err != nil {
a.log.WithError(err).Trace("no claims")
a.redirectToStart(rw, r)
return
} else {
@ -67,7 +68,7 @@ func (a *Application) configureProxy() error {
func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
return func(r *http.Request) {
r.Header.Set("X-Forwarded-Host", r.Host)
claims, _ := a.getClaims(r)
claims, _ := a.checkAuth(nil, r)
r.URL.Scheme = ou.Scheme
r.URL.Host = ou.Host
if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {

2
internal/outpost/proxyv2/application/oauth.go
View File

@ -50,7 +50,7 @@ func (a *Application) handleAuthStart(rw http.ResponseWriter, r *http.Request) {
// and if we do we don't do anything here
currentState, ok := s.Values[constants.SessionOAuthState].(string)
if ok {
claims, err := a.getClaims(r)
claims, err := a.checkAuth(rw, r)
if err != nil && claims != nil {
a.log.Trace("auth start request with existing authenticated session")
a.redirect(rw, r)

3
internal/outpost/proxyv2/application/oauth_callback.go
View File

@ -50,6 +50,9 @@ func (a *Application) redeemCallback(savedState string, u *url.URL, c context.Co
if err := idToken.Claims(&claims); err != nil {
return nil, err
}
if claims.Proxy == nil {
claims.Proxy = &ProxyClaims{}
}
claims.RawToken = rawIDToken
return claims, nil
}

21
internal/outpost/proxyv2/application/utils.go
View File

@ -1,7 +1,6 @@
package application
import (
"fmt"
"net/http"
"net/url"
"path"
@ -77,26 +76,6 @@ func (a *Application) redirect(rw http.ResponseWriter, r *http.Request) {
http.Redirect(rw, r, redirect, http.StatusFound)
}
// getClaims Get claims which are currently in session
// Returns an error if the session can't be loaded or the claims can't be parsed/type-cast
func (a *Application) getClaims(r *http.Request) (*Claims, error) {
s, err := a.sessions.Get(r, constants.SessionName)
if err != nil {
// err == user has no session/session is not valid, reject
return nil, fmt.Errorf("invalid session")
}
claims, ok := s.Values[constants.SessionClaims]
if claims == nil || !ok {
// no claims saved, reject
return nil, fmt.Errorf("invalid session")
}
c, ok := claims.(Claims)
if !ok {
return nil, fmt.Errorf("invalid session")
}
return &c, nil
}
// toString Generic to string function, currently supports actual strings and integers
func toString(in interface{}) string {
switch v := in.(type) {

12
locale/en/LC_MESSAGES/django.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-01-11 13:08+0000\n"
"POT-Creation-Date: 2023-01-13 14:37+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -18,7 +18,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: authentik/admin/api/tasks.py:115
#: authentik/admin/api/tasks.py:126
#, python-format
msgid "Successfully re-scheduled Task %(name)s!"
msgstr ""
@ -952,11 +952,11 @@ msgstr ""
msgid "authentik API Access on behalf of your user"
msgstr ""
#: authentik/providers/proxy/api.py:51
#: authentik/providers/proxy/api.py:52
msgid "User and password attributes must be set when basic auth is enabled."
msgstr ""
#: authentik/providers/proxy/api.py:61
#: authentik/providers/proxy/api.py:62
msgid "Internal host cannot be empty when forward auth is disabled."
msgstr ""
@ -991,11 +991,11 @@ msgstr ""
msgid "HTTP-Basic Password Key"
msgstr ""
#: authentik/providers/proxy/models.py:151
#: authentik/providers/proxy/models.py:152
msgid "Proxy Provider"
msgstr ""
#: authentik/providers/proxy/models.py:152
#: authentik/providers/proxy/models.py:153
msgid "Proxy Providers"
msgstr ""

33
schema.yml
View File

@ -16202,6 +16202,11 @@ paths:
schema:
type: string
format: uuid
- in: query
name: has_jwks
schema:
type: boolean
description: Only return sources with JWKS data
- in: query
name: name
schema:
@ -34360,6 +34365,14 @@ components:
Exclusive with internal_host.
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
token_validity:
type: string
minLength: 1
@ -35729,6 +35742,9 @@ components:
meta_model_name:
type: string
readOnly: true
client_id:
type: string
readOnly: true
internal_host:
type: string
format: uri
@ -35771,6 +35787,14 @@ components:
readOnly: true
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
@ -35784,6 +35808,7 @@ components:
- assigned_application_name
- assigned_application_slug
- authorization_flow
- client_id
- component
- external_host
- meta_model_name
@ -35849,6 +35874,14 @@ components:
Exclusive with internal_host.
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
token_validity:
type: string
minLength: 1

1
web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
View File

@ -400,6 +400,7 @@ ${this.instance?.redirectUris}</textarea
new SourcesApi(DEFAULT_CONFIG)
.sourcesOauthList({
ordering: "name",
hasJwks: true,
})
.then((sources) => {
return sources.results.map((source) => {

49
web/src/admin/providers/proxy/ProxyProviderForm.ts
View File

@ -31,6 +31,7 @@ import {
ProvidersApi,
ProxyMode,
ProxyProvider,
SourcesApi,
} from "@goauthentik/api";
@customElement("ak-provider-proxy-form")
@ -385,7 +386,10 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
>
</ak-search-select>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Scopes`} name="propertyMappings">
<ak-form-element-horizontal
label=${t`Additional scopes`}
name="propertyMappings"
>
<select class="pf-c-form-control" multiple>
${until(
new PropertymappingsApi(DEFAULT_CONFIG)
@ -440,7 +444,11 @@ ${this.instance?.skipPathRegex}</textarea
${t`When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions.`}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header">${t`Authentication settings`}</span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal name="basicAuthEnabled">
<label class="pf-c-switch">
<input
@ -458,14 +466,47 @@ ${this.instance?.skipPathRegex}</textarea
</span>
</span>
<span class="pf-c-switch__label"
>${t`Set HTTP-Basic Authentication`}</span
>${t`Send HTTP-Basic Authentication`}</span
>
</label>
<p class="pf-c-form__helper-text">
${t`Set a custom HTTP-Basic Authentication header based on values from authentik.`}
${t`Send a custom HTTP-Basic Authentication header based on values from authentik.`}
</p>
</ak-form-element-horizontal>
${this.showHttpBasic ? this.renderHttpBasic() : html``}
<ak-form-element-horizontal label=${t`Trusted OIDC Sources`} name="jwksSources">
<select class="pf-c-form-control" multiple>
${until(
new SourcesApi(DEFAULT_CONFIG)
.sourcesOauthList({
ordering: "name",
hasJwks: true,
})
.then((sources) => {
return sources.results.map((source) => {
const selected = (
this.instance?.jwksSources || []
).some((su) => {
return su == source.pk;
});
return html`<option
value=${source.pk}
?selected=${selected}
>
${source.name} (${source.slug})
</option>`;
});
}),
html`<option>${t`Loading...`}</option>`,
)}
</select>
<p class="pf-c-form__helper-text">
${t`JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.`}
</p>
<p class="pf-c-form__helper-text">
${t`Hold control/command to select multiple items.`}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
</form>`;

65
web/src/admin/providers/proxy/ProxyProviderViewPage.ts
View File

@ -10,10 +10,12 @@ import MDNginxStandalone from "@goauthentik/docs/providers/proxy/_nginx_standalo
import MDTraefikCompose from "@goauthentik/docs/providers/proxy/_traefik_compose.md";
import MDTraefikIngress from "@goauthentik/docs/providers/proxy/_traefik_ingress.md";
import MDTraefikStandalone from "@goauthentik/docs/providers/proxy/_traefik_standalone.md";
import MDHeaderAuthentication from "@goauthentik/docs/providers/proxy/header_authentication.md";
import { AKElement } from "@goauthentik/elements/Base";
import "@goauthentik/elements/CodeMirror";
import { PFColor } from "@goauthentik/elements/Label";
import "@goauthentik/elements/Markdown";
import "@goauthentik/elements/Markdown";
import "@goauthentik/elements/Tabs";
import "@goauthentik/elements/buttons/ModalButton";
import "@goauthentik/elements/buttons/SpinnerButton";
@ -32,6 +34,7 @@ import PFContent from "@patternfly/patternfly/components/Content/content.css";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import PFForm from "@patternfly/patternfly/components/Form/form.css";
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
import PFList from "@patternfly/patternfly/components/List/list.css";
import PFPage from "@patternfly/patternfly/components/Page/page.css";
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css";
@ -90,6 +93,7 @@ export class ProxyProviderViewPage extends AKElement {
PFPage,
PFGrid,
PFContent,
PFList,
PFForm,
PFFormControl,
PFCard,
@ -182,6 +186,9 @@ export class ProxyProviderViewPage extends AKElement {
<section slot="page-overview" data-tab-title="${t`Overview`}">
${this.renderTabOverview()}
</section>
<section slot="page-authentication" data-tab-title="${t`Authentication`}">
${this.renderTabAuthentication()}
</section>
<section
slot="page-changelog"
data-tab-title="${t`Changelog`}"
@ -200,6 +207,37 @@ export class ProxyProviderViewPage extends AKElement {
</ak-tabs>`;
}
renderTabAuthentication(): TemplateResult {
if (!this.provider) {
return html``;
}
return html`<div
class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter"
>
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__body">
<dl class="pf-c-description-list pf-m-3-col-on-lg">
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text">${t`Client ID`}</span>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
<pre>${this.provider.clientId}</pre>
</div>
</dd>
</div>
</dl>
</div>
</div>
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__body">
<ak-markdown .md=${MDHeaderAuthentication}></ak-markdown>
</div>
</div>
</div>`;
}
renderTabOverview(): TemplateResult {
if (!this.provider) {
return html``;
@ -316,21 +354,24 @@ export class ProxyProviderViewPage extends AKElement {
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${t`Protocol Settings`}</div>
<div class="pf-c-card__body">
<form class="pf-c-form">
<div class="pf-c-form__group">
<label class="pf-c-form__label">
<span class="pf-c-form__label-text"
<dl class="pf-c-description-list pf-m-3-col-on-lg">
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${t`Allowed Redirect URIs`}</span
>
</label>
<input
class="pf-c-form-control"
readonly
type="text"
value=${this.provider.redirectUris}
/>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
<ul class="pf-c-list">
${this.provider.redirectUris.split("\n").map((url) => {
return html`<li><pre>${url}</pre></li>`;
})}
</ul>
</div>
</form>
</dd>
</div>
</dl>
</div>
</div>
<div class="pf-c-card pf-l-grid__item pf-m-12-col">

4
web/src/elements/Alert.ts
View File

@ -27,9 +27,7 @@ export class Alert extends AKElement {
}
render(): TemplateResult {
return html`<div
class="pf-c-alert ${this.inline ? html`pf-m-inline` : html``} ${this.level}"
>
return html`<div class="pf-c-alert ${this.inline ? "pf-m-inline" : ""} ${this.level}">
<div class="pf-c-alert__icon">
<i class="fas fa-exclamation-circle"></i>
</div>

11
web/src/elements/Markdown.ts
View File

@ -1,5 +1,6 @@
import { docLink } from "@goauthentik/common/global";
import "@goauthentik/elements/Alert";
import { Level } from "@goauthentik/elements/Alert";
import { AKElement } from "@goauthentik/elements/Base";
import { CSSResult, TemplateResult, html } from "lit";
@ -40,9 +41,13 @@ export class Markdown extends AKElement {
replaceAdmonitions(input: string): string {
const admonitionStart = /:::(\w+)<br\s\/>/gm;
const admonitionEnd = /:::/gm;
return input
.replaceAll(admonitionStart, "<ak-alert level='$1'>")
.replaceAll(admonitionEnd, "</ak-alert>");
return (
input
.replaceAll(admonitionStart, "<ak-alert level='pf-m-$1'>")
.replaceAll(admonitionEnd, "</ak-alert>")
// Workaround for admonitions using caution instead of warning
.replaceAll("pf-m-caution", Level.Warning)
);
}
replaceList(input: string): string {

39
web/src/locales/de.po
View File

@ -352,6 +352,10 @@ msgstr "Zusätzlicher Gruppen-DN, dem Basis-DN vorangestellt."
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Zusätzliche Bereichszuordnungen, die an den Proxy übergeben werden."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "Zusätzliche Anwendungsbereiche (Scopes), die an den OAuth-Provider übergeben werden, getrennt durch ein Leerzeichen."
@ -687,6 +691,7 @@ msgstr "Authentifizierung mit Plex..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Authentifizierung"
@ -709,6 +714,10 @@ msgstr "Authentifizierungsablauf"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1218,6 +1227,7 @@ msgstr "Token kopieren"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "Client-ID"
@ -2108,6 +2118,10 @@ msgstr "Duo-Authentifikator"
msgid "Duo push-notifications"
msgstr "Duo Push-Benachrichtigungen"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Dauer, nach der ein Ereignis aus der Datenbank gelöscht wird."
@ -2909,6 +2923,7 @@ msgstr "Interne Konten ausblenden"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3261,6 +3276,7 @@ msgstr ""
#~ msgstr "JWTs, welche mit den hier konfigurierten Zertifikaten signiert werden, können zur Authentifizierung beim Provider benutzt werden."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3451,6 +3467,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5160,7 +5177,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "Gültigkeitsbereich, den der Client angeben kann, um auf diese Eigenschaften zuzugreifen."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5314,6 +5330,14 @@ msgstr "Auswahl der Backends, mit denen das Kennwort getestet werden soll."
msgid "Send Email again."
msgstr "E-Mail erneut senden."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5402,12 +5426,12 @@ msgid "Sessions"
msgstr "Sitzungen"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "HTTP-Basisauthentifizierung einstellen"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "HTTP-Basisauthentifizierung einstellen"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Legen Sie einen benutzerdefinierten HTTP-Basic Authentication-Header fest, der auf den Werten von authentik basiert."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "Legen Sie einen benutzerdefinierten HTTP-Basic Authentication-Header fest, der auf den Werten von authentik basiert."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6540,6 +6564,7 @@ msgid "Transports"
msgstr "Zustellungsarten"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7623,6 +7648,10 @@ msgstr "{0} - {1} von {2}"
msgid "{0} is available!"
msgstr "{0} ist verfügbar!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} ungelesen"

39
web/src/locales/en.po
View File

@ -334,6 +334,10 @@ msgstr "Additional group DN, prepended to the Base DN."
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Additional scope mappings, which are passed to the proxy."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr "Additional scopes"
#: src/admin/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "Additional scopes to be passed to the OAuth Provider, separated by space."
@ -673,6 +677,7 @@ msgstr "Authenticating with Plex..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Authentication"
@ -695,6 +700,10 @@ msgstr "Authentication flow"
msgid "Authentication method"
msgstr "Authentication method"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr "Authentication settings"
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr "Authentication without user interaction, or machine-to-machine authentication."
@ -1214,6 +1223,7 @@ msgstr "Click to copy token"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "Client ID"
@ -2130,6 +2140,10 @@ msgstr "Duo authenticator"
msgid "Duo push-notifications"
msgstr "Duo push-notifications"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr "Duration"
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Duration after which events will be deleted from the database."
@ -2951,6 +2965,7 @@ msgstr "Hide service-accounts"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3313,6 +3328,7 @@ msgstr "JWKS URL"
#~ msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
@ -3506,6 +3522,7 @@ msgstr "Loading options..."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5264,7 +5281,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "Scope which the client can specify to access these properties."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5421,6 +5437,14 @@ msgstr "Selection of backends to test the password against."
msgid "Send Email again."
msgstr "Send Email again."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr "Send HTTP-Basic Authentication"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Send a custom HTTP-Basic Authentication header based on values from authentik."
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5515,12 +5539,12 @@ msgid "Sessions"
msgstr "Sessions"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "Set HTTP-Basic Authentication"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "Set HTTP-Basic Authentication"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6688,6 +6712,7 @@ msgid "Transports"
msgstr "Transports"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr "Trusted OIDC Sources"
@ -7786,6 +7811,10 @@ msgstr "{0} - {1} of {2}"
msgid "{0} is available!"
msgstr "{0} is available!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr "{0} seconds"
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} unread"

39
web/src/locales/es.po
View File

@ -330,6 +330,10 @@ msgstr "DN de grupo adicional, antepuesto al DN base."
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Mapeos de ámbito adicional, que se pasan al proxy."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "Ámbitos adicionales que se pasarán al proveedor de OAuth, separados por espacios."
@ -665,6 +669,7 @@ msgstr "Autenticando con Plex..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Autenticación"
@ -687,6 +692,10 @@ msgstr "Flujo de autenticación"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1194,6 +1203,7 @@ msgstr "Haga clic para copiar el token"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "ID de cliente"
@ -2084,6 +2094,10 @@ msgstr "Autenticador Duo"
msgid "Duo push-notifications"
msgstr "Notificaciones push Duo"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Duración tras la cual los eventos se eliminarán de la base de datos."
@ -2885,6 +2899,7 @@ msgstr "Ocultar cuentas de servicio"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3237,6 +3252,7 @@ msgstr ""
#~ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3427,6 +3443,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5136,7 +5153,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "Ámbito que el cliente puede especificar para acceder a estas propiedades."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5290,6 +5306,14 @@ msgstr "Selección de backends para probar la contraseña."
msgid "Send Email again."
msgstr "Vuelve a enviar el correo electrónico."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5378,12 +5402,12 @@ msgid "Sessions"
msgstr "Sesiones"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "Establecer la autenticación básica de HTTP"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "Establecer la autenticación básica de HTTP"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Establezca un encabezado de autenticación básica HTTP personalizado en función de los valores de authentik."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "Establezca un encabezado de autenticación básica HTTP personalizado en función de los valores de authentik."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6516,6 +6540,7 @@ msgid "Transports"
msgstr "Transportes"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7599,6 +7624,10 @@ msgstr "{0} - {1} de {2}"
msgid "{0} is available!"
msgstr "{0} está disponible."
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} sin leer"

39
web/src/locales/fr_FR.po
View File

@ -335,6 +335,10 @@ msgstr "DN à préfixer au DN de base pour les groupes"
msgid "Additional scope mappings, which are passed to the proxy."
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr ""
@ -670,6 +674,7 @@ msgstr "Authentification avec Plex..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Authentification"
@ -692,6 +697,10 @@ msgstr "Flux d'authentification"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1199,6 +1208,7 @@ msgstr "Cliquer pour copier le jeton"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "ID client"
@ -2087,6 +2097,10 @@ msgstr "Authentificateur Duo"
msgid "Duo push-notifications"
msgstr "Notification push Duo"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Expiration des évènements à l'issue de laquelle ils seront supprimés de la base de donnée."
@ -2888,6 +2902,7 @@ msgstr "Cacher les comptes de service"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3238,6 +3253,7 @@ msgstr ""
#~ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3428,6 +3444,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5137,7 +5154,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "Portée que le client peut spécifier pour accéder à ces propriétés."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5291,6 +5307,14 @@ msgstr "Sélection de backends pour tester le mot de passe."
msgid "Send Email again."
msgstr "Renvoyer lemail."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5379,12 +5403,12 @@ msgid "Sessions"
msgstr "Sessions"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "Définir l'authentification HTTP-Basic"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "Définir l'authentification HTTP-Basic"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Définir un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "Définir un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6507,6 +6531,7 @@ msgid "Transports"
msgstr "Transports"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7588,6 +7613,10 @@ msgstr "{0} - {1} sur {2}"
msgid "{0} is available!"
msgstr "{0} est disponible !"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} non lu"

39
web/src/locales/pl.po
View File

@ -334,6 +334,10 @@ msgstr "Dodatkowa DN grupy, poprzedzona podstawową DN."
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Dodatkowe mapowania zakresu, które są przekazywane do serwera proxy."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "Dodatkowe zakresy do przekazania do dostawcy OAuth, oddzielone spacją."
@ -669,6 +673,7 @@ msgstr "Uwierzytelnianie z Plex..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Uwierzytelnianie"
@ -691,6 +696,10 @@ msgstr "Przepływ uwierzytelniania"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1200,6 +1209,7 @@ msgstr "Kliknij, aby skopiować token"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "Client ID"
@ -2090,6 +2100,10 @@ msgstr "Uwierzytelniacz Duo"
msgid "Duo push-notifications"
msgstr "Powiadomienia push Duo"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Czas, po którym zdarzenia zostaną usunięte z bazy danych."
@ -2891,6 +2905,7 @@ msgstr "Ukryj konta serwisowe"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3245,6 +3260,7 @@ msgstr ""
#~ msgstr "JWTs podpisane przez certyfikaty skonfigurowane tutaj mogą służyć do uwierzytelniania u dostawcy."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3435,6 +3451,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5146,7 +5163,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "Zakres, który klient może określić, aby uzyskać dostęp do tych właściwości."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5300,6 +5316,14 @@ msgstr "Wybór backendów do testowania hasła."
msgid "Send Email again."
msgstr "Wyślij e-mail ponownie."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5388,12 +5412,12 @@ msgid "Sessions"
msgstr "Sesje"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "Ustaw HTTP-Basic Authentication"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "Ustaw HTTP-Basic Authentication"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Ustaw niestandardowy nagłówek HTTP-Basic Authentication na podstawie wartości z authentik."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "Ustaw niestandardowy nagłówek HTTP-Basic Authentication na podstawie wartości z authentik."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6526,6 +6550,7 @@ msgid "Transports"
msgstr "Transporty"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr "Zaufane źródła OIDC"
@ -7611,6 +7636,10 @@ msgstr "{0} - {1} z {2}"
msgid "{0} is available!"
msgstr "{0} jest dostępny!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} nieprzeczytane"

39
web/src/locales/pseudo-LOCALE.po
View File

@ -330,6 +330,10 @@ msgstr ""
msgid "Additional scope mappings, which are passed to the proxy."
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/admin/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr ""
@ -665,6 +669,7 @@ msgstr ""
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr ""
@ -687,6 +692,10 @@ msgstr ""
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1202,6 +1211,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr ""
@ -2116,6 +2126,10 @@ msgstr ""
msgid "Duo push-notifications"
msgstr ""
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr ""
@ -2937,6 +2951,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3295,6 +3310,7 @@ msgstr ""
#~ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3488,6 +3504,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5244,7 +5261,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5401,6 +5417,14 @@ msgstr ""
msgid "Send Email again."
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5495,12 +5519,12 @@ msgid "Sessions"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr ""
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr ""
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6658,6 +6682,7 @@ msgid "Transports"
msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7750,6 +7775,10 @@ msgstr ""
msgid "{0} is available!"
msgstr ""
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr ""

39
web/src/locales/tr.po
View File

@ -330,6 +330,10 @@ msgstr "Ek grup DN, Base DN için eklenmiş."
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "Proxy'ye iletilen ek kapsam eşlemeleri."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "OAuth Sağlayıcıya iletilecek ek kapsamlar, boşlukla ayrılmış."
@ -665,6 +669,7 @@ msgstr "Plex ile kimlik doğrulaması..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "Kimlik Doğrulama"
@ -687,6 +692,10 @@ msgstr "Kimlik doğrulama akışı"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1194,6 +1203,7 @@ msgstr "Belirteci kopyalamak için tıklayın"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "Müşteri Kimliği"
@ -2084,6 +2094,10 @@ msgstr "Duo kimlik doğrulayıcı"
msgid "Duo push-notifications"
msgstr "Duo push-bildirimleri"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "Olayların veritabanından silineceği süre."
@ -2885,6 +2899,7 @@ msgstr "Hizmet hesaplarını gizle"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3237,6 +3252,7 @@ msgstr ""
#~ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3427,6 +3443,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5136,7 +5153,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "İstemcinin bu özelliklere erişmek için belirtebileceği kapsam."
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5290,6 +5306,14 @@ msgstr "Parolayı test etmek için arka uçların seçimi."
msgid "Send Email again."
msgstr "E-postayı tekrar gönder."
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5378,12 +5402,12 @@ msgid "Sessions"
msgstr "Oturumlar"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "HTTP-Temel Kimlik Doğrulamasını Ayarla"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "HTTP-Temel Kimlik Doğrulamasını Ayarla"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "authentik değerlerine göre özel bir HTTP-Basic Kimlik Doğrulama başlığı ayarlayın."
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "authentik değerlerine göre özel bir HTTP-Basic Kimlik Doğrulama başlığı ayarlayın."
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6516,6 +6540,7 @@ msgid "Transports"
msgstr "Aktarıcılar"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7599,6 +7624,10 @@ msgstr "{2} içinden {0} - {1}"
msgid "{0} is available!"
msgstr "{0} kullanılabilir!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} okunmamış"

39
web/src/locales/zh-Hans.po
View File

@ -336,6 +336,10 @@ msgstr "额外的组 DN添加到 Base DN 起始处。"
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "传递给代理的额外作用域映射。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "要传递给 OAuth 提供商的额外作用域,用空格分隔。"
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "身份验证"
@ -693,6 +698,10 @@ msgstr "身份验证流程"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "客户端 ID"
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
msgid "Duo push-notifications"
msgstr "Duo 推送通知"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "事件从数据库中删除的时间,超过这个时间就会被删除。"
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3245,6 +3260,7 @@ msgstr ""
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3435,6 +3451,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "客户端可以指定的访问这些属性的范围。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
msgid "Send Email again."
msgstr "再次发送电子邮件。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5386,12 +5410,12 @@ msgid "Sessions"
msgstr "会话"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "设置 HTTP-Basic 身份验证"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "设置 HTTP-Basic 身份验证"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6524,6 +6548,7 @@ msgid "Transports"
msgstr "传输"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr "信任的 OIDC 来源"
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} / {2}"
msgid "{0} is available!"
msgstr "{0} 可用!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} 未读"

39
web/src/locales/zh-Hant.po
View File

@ -336,6 +336,10 @@ msgstr "额外的Group DN优先于Base DN。"
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "传递给代理的其他作用域映射。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "要传递给 OAuth 提供程序的其他作用域,用空格分隔。"
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "身份验证"
@ -693,6 +698,10 @@ msgstr "身份验证流程"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "客户端 ID"
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
msgid "Duo push-notifications"
msgstr "二重奏推送通知"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "事件将从数据库中删除的持续时间。"
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3245,6 +3260,7 @@ msgstr ""
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3435,6 +3451,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "客户端可以指定的访问这些属性的范围。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
msgid "Send Email again."
msgstr "再次发送电子邮件。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5386,12 +5410,12 @@ msgid "Sessions"
msgstr "会话"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "设置 HTTP 基本身份验证"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "设置 HTTP 基本身份验证"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6524,6 +6548,7 @@ msgid "Transports"
msgstr "传输"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} of {2}"
msgid "{0} is available!"
msgstr "{0} 可用!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} 未读"

39
web/src/locales/zh_TW.po
View File

@ -336,6 +336,10 @@ msgstr "额外的Group DN优先于Base DN。"
msgid "Additional scope mappings, which are passed to the proxy."
msgstr "传递给代理的其他作用域映射。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Additional scopes"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
#~ msgstr "要传递给 OAuth 提供程序的其他作用域,用空格分隔。"
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
#: src/admin/flows/FlowForm.ts
#: src/admin/flows/utils.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
msgid "Authentication"
msgstr "身份验证"
@ -693,6 +698,10 @@ msgstr "身份验证流程"
msgid "Authentication method"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Authentication settings"
msgstr ""
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
msgid "Authentication without user interaction, or machine-to-machine authentication."
msgstr ""
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
#: src/admin/sources/plex/PlexSourceForm.ts
msgid "Client ID"
msgstr "客户端 ID"
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
msgid "Duo push-notifications"
msgstr "二重奏推送通知"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "Duration"
msgstr ""
#: src/admin/tenants/TenantForm.ts
msgid "Duration after which events will be deleted from the database."
msgstr "事件将从数据库中删除的持续时间。"
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -3245,6 +3260,7 @@ msgstr ""
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
msgstr ""
@ -3435,6 +3451,7 @@ msgstr ""
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/providers/saml/SAMLProviderForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
#: src/admin/sources/ldap/LDAPSourceForm.ts
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
msgstr "客户端可以指定的访问这些属性的范围。"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
#: src/admin/sources/oauth/OAuthSourceForm.ts
#: src/elements/oauth/UserRefreshList.ts
msgid "Scopes"
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
msgid "Send Email again."
msgstr "再次发送电子邮件。"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send HTTP-Basic Authentication"
msgstr ""
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
msgstr ""
#: src/admin/users/RelatedUserList.ts
#: src/admin/users/UserListPage.ts
msgid "Send link"
@ -5386,12 +5410,12 @@ msgid "Sessions"
msgstr "会话"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication"
msgstr "设置 HTTP 基本身份验证"
#~ msgid "Set HTTP-Basic Authentication"
#~ msgstr "设置 HTTP 基本身份验证"
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
#: src/admin/groups/GroupForm.ts
#: src/admin/outposts/OutpostForm.ts
@ -6524,6 +6548,7 @@ msgid "Transports"
msgstr "传输"
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
#: src/admin/providers/proxy/ProxyProviderForm.ts
msgid "Trusted OIDC Sources"
msgstr ""
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} of {2}"
msgid "{0} is available!"
msgstr "{0} 可用!"
#: src/admin/system-tasks/SystemTaskListPage.ts
msgid "{0} seconds"
msgstr ""
#: src/elements/notifications/NotificationDrawer.ts
msgid "{0} unread"
msgstr "{0} 未读"

2
website/developer-docs/api/making-schema-changes.md
View File

@ -18,6 +18,6 @@ The web client is used by the web-interface and web-FlowExecutor to communicate
Since the client is normally distributed as an npm package, running `make gen-client-ts` will overwrite the locally installed client with the newly built one.
:::warning
:::caution
Running `npm i` in the `/web` folder after using `make gen-client-ts` will overwrite the custom client and revert to the upstream client.
:::

2
website/developer-docs/blueprints/v1/tags.md
View File

@ -199,7 +199,7 @@ example:
Full example:
:::warning
:::caution
Note that an `!Enumeration` tag's iterable can never be an `!Item` or `!Value` tag with a depth of `0`. Minimum depth allowed is `1`. This is because a depth of `0` refers to the `!Enumeration` tag the `!Item` or `!Value` tag is in, and an `!Enumeration` tag cannot iterate over itself.
:::

2
website/docs/installation/configuration.md
View File

@ -297,6 +297,6 @@ Defaults to 4.
To modify additional settings further than the options above allow, you can create a custom python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
:::warning
:::caution
Using these custom settings is not supported and can prevent your authentik instance from starting. Use with caution.
:::

2
website/docs/policies/expression.mdx
View File

@ -64,7 +64,7 @@ import Objects from "../expressions/_objects.md";
- `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes)
:::warning
:::caution
When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution.
If the user is not authenticated, this will be set to a user called _AnonymousUser_, which is an instance of [authentik.core.models.User](https://docs.djangoproject.com/en/4.1/ref/contrib/auth/#django.contrib.auth.models.User) (authentik uses django-guardian for per-object permissions, [see](https://django-guardian.readthedocs.io/en/stable/)).

50
website/docs/providers/proxy/header_authentication.md Normal file
View File

@ -0,0 +1,50 @@
---
title: Header authentication
---
### Send HTTP Basic authentication
Proxy providers have the option to _Send HTTP-Basic Authentication_ to the upstream authentication. When the option in the provider is enabled, two attributes must be specified. These attributes are the keys of values which can be saved on a user or group level that contain the credentials.
For example, with _HTTP-Basic Username Key_ set to `app_username` and _HTTP-Basic Password Key_ set to `app_password`, these attributes would have to be set either on a user or a group the user is member of:
```yaml
app_username: admin
app_password: admin-password
```
These credentials are only retrieved when the user authenticates to the proxy.
If the user does not have a matching attribute, authentik falls back to using the user's email address as username, and the password will be empty if not found.
### Receiving HTTP Basic authentication
:::info
Requires authentik 2023.1
:::
Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md).
Access control is done with the policies bound to the application being accessed.
If the received credentials are invalid, a normal authentication flow is initiated. If the credentials are correct, the Authorization header is removed to prevent sending the credentials to the proxied application.
:::danger
It is **strongly** recommended that the client sending requests with HTTP-Basic authentication persists the cookies returned by the outpost. If this is not the case, every request must be authenticated independently, which will increase load on the authentik server and encounter a performance hit.
:::
### Receiving HTTP Bearer authentication
:::info
Requires authentik 2023.1
:::
Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported.
Access control is done with the policies bound to the application being accessed.
If the received credentials are invalid, a normal authentication flow is initiated. If the credentials are correct, the Authorization header is removed to prevent sending the credentials to the proxied application.
:::caution
It is recommended that the client sending requests with HTTP-Bearer authentication persists the cookies returned by the outpost. For bearer authentication this has a smaller impact than for Basic authentication, but each request is still verified with the authentik server.
:::

7
website/docs/providers/proxy/index.md
View File

@ -24,9 +24,12 @@ The proxy outpost sets the following user-specific headers:
The hashed identifier of the currently logged in user.
Additionally, you can set `additionalHeaders` on groups or users to set additional headers.
Additionally, you can set `additionalHeaders` attribute on groups or users to set additional headers:
If you enable _Set HTTP-Basic Authentication_ option, the HTTP Authorization header is being set.
```yaml
additionalHeaders:
X-test-header: test-value
```
Besides these user-specific headers, some application specific headers are also set:

2
website/integrations/services/home-assistant/index.md
View File

@ -12,7 +12,7 @@ From https://www.home-assistant.io/
Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
:::
:::warning
:::caution
You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).
:::

2
website/integrations/services/jellyfin/index.md
View File

@ -20,7 +20,7 @@ Jellyfin does not have any native external authentication support as of the writ
Currently there are two plugins for Jelyfin that provide external authenticaion, an OIDC plugin and an LDAP plugin. This guide focuses on the use of the LDAP plugin.
:::
:::warning
:::caution
An LDAP outpost must be deployed to use the Jellyfin LDAP plugin
:::

4
website/integrations/services/nextcloud/index.md
View File

@ -12,11 +12,11 @@ From https://en.wikipedia.org/wiki/Nextcloud
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
:::
:::warning
:::caution
This setup only works, when Nextcloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this.
:::
:::warning
:::info
In case something goes wrong with the configuration, you can use the URL `http://nextcloud.company/login?direct=1` to log in using the built-in authentication.
:::

2
website/integrations/services/node-red/index.md
View File

@ -14,7 +14,7 @@ Node-RED is a programming tool for wiring together hardware devices, APIs and on
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
:::
:::warning
:::caution
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.
:::

2
website/integrations/services/paperless-ng/index.md
View File

@ -12,7 +12,7 @@ Modified from https://github.com/jonaswinkler/paperless-ng
Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
:::
:::warning
:::caution
This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.
The author of Paperless-ng recommends you do not expose Paperless outside your network, as it was not designed for that. Instead, they "recommend that if you do want to use it, run it locally on a server in your own home."

2
website/integrations/services/pfsense/index.md
View File

@ -59,7 +59,7 @@ In authentik, create an outpost (under _Applications/Outposts_) of type `LDAP` t
## pfSense unsecure setup (without SSL)
:::warning
:::caution
This setup should only be used for testing purpose, because passwords will be sent in clear text to authentik.
:::

2
website/integrations/services/proxmox-ve/index.md
View File

@ -12,7 +12,7 @@ From https://pve.proxmox.com/wiki/Main_Page
Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
:::
:::warning
:::caution
This requires Proxmox VE 7.0 or newer.
:::

4
website/integrations/services/qnap-nas/index.md
View File

@ -38,7 +38,7 @@ Create a new service account for all of your hosts to use to connect
to LDAP and perform searches. Make sure this service account is added
to `ldap.searchGroup`.
:::warning
:::caution
It seems that QNAP LDAP client configuration has issues with too long password.
Max password length <= 66 characters.
:::
@ -111,7 +111,7 @@ Attributes:
Configure the following values and "Apply"
![qnap domain security](./qnap-ldap-configuration.png)
:::warning
:::caution
With each save (Apply) in the UI the `/etc/config/nss_ldap.conf` will be overwritten with default values.
:::

4
website/integrations/services/snipe-it/index.md
View File

@ -11,11 +11,11 @@ From https://snipeitapp.com
A free open source IT asset/license management system.
:::
:::warning
:::caution
This setup assumes you will be using HTTPS as Snipe-It dynamically generates the ACS and other settings based on the complete URL.
:::
:::warning
:::caution
In case something goes wrong with the configuration, you can use the URL `http://inventory.company/login?nosaml` to log in using the
built-in authentication.
:::

2
website/integrations/services/truecommand/index.md
View File

@ -14,7 +14,7 @@ e uptime and future planning. TrueCommand also identifies and pinpoints errors o
me when resolving issues.
:::
:::warning
:::caution
This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL.
:::

2
website/integrations/services/ubuntu-landscape/index.md
View File

@ -12,7 +12,7 @@ From https://en.wikipedia.org/wiki/Landscape_(software)
Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
:::
:::warning
:::caution
This requires authentik 0.10.3 or newer.
:::

6
website/integrations/services/vmware-vcenter/index.md
View File

@ -12,11 +12,11 @@ From https://en.wikipedia.org/wiki/VCenter
vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
:::
:::warning
:::caution
This requires authentik 0.10.3 or newer.
:::
:::warning
:::caution
This requires VMware vCenter 7.0.0 or newer.
:::
@ -68,7 +68,7 @@ Create an application which uses this provider. Optionally apply access restrict
Set the Launch URL to `https://vcenter.company/ui/login/oauth2`. This will skip vCenter's User Prompt and directly log you in.
:::warning
:::caution
This Launch URL only works for vCenter < 7.0u2. If you're running 7.0u2 or later, set the launch URL to `https://vcenter.company/ui/login`
:::

4
website/integrations/sources/apple/index.md
View File

@ -8,11 +8,11 @@ Allows users to authenticate using their Apple ID.
## Preparation
:::warning
:::caution
An Apple developer account is required.
:::
:::warning
:::caution
Apple mandates the use of a [registered TLD](https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains), as such this source will not work with .local and other non-public TLDs.
:::

1
website/sidebars.js
View File

@ -64,6 +64,7 @@ module.exports = {
},
items: [
"providers/proxy/custom_headers",
"providers/proxy/header_authentication",
"providers/proxy/forward_auth",
],
},