root: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/lib/default.yml

@@ -56,6 +56,7 @@ outposts:
   # %(build_hash)s: Build hash if you're running a beta version
   container_image_base: env://AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE?goauthentik.io/%(type)s:%(version)s
 
+cookie_domain: null
 disable_update_check: false
 avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar
 geoip: "./GeoLite2-City.mmdb"

authentik/root/settings.py

@@ -72,6 +72,7 @@ _cookie_suffix = "_debug" if DEBUG else ""
 CSRF_COOKIE_NAME = "authentik_csrf"
 LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
 SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
+SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
 
 AUTHENTICATION_BACKENDS = [
     "django.contrib.auth.backends.ModelBackend",

website/docs/installation/configuration.md

@@ -62,6 +62,13 @@ Secret key used for cookie signing and unique user IDs, don't change this after
 Log level for the server and worker containers. Possible values: debug, info, warning, error
 Defaults to `info`.
 
+### AUTHENTIK_COOKIE_DOMAIN
+
+Which domain the session cookie should be set to. By default, the cookie is set to the domain authentik is accessed under.
+
+### AUTHENTIK_DISABLE_UPDATE_CHECK
+
+Disable the inbuilt update-checker. Defaults to `false`.
 
 ### AUTHENTIK_ERROR_REPORTING