trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,387 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
Jens L 21e29744c2
providers/proxy: different cookie name based on hashed client id (#4666) 2023-02-12 16:34:57 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens L 47daaf969a
outposts: fix oauth state when using signature routing (#3616) 
* fix oauth state when using signature routing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more retires

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-19 21:38:34 +02:00
Jens Langhammer 8e7a456f74 providers/proxy: fix routing based on signature in traefik and caddy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-02 22:03:08 +02:00
Jens Langhammer 8ffae4505f internal: set Host on url in envoy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-18 23:20:12 +01:00
Jens L 393d7ec486
providers/proxy: no exposed urls (#3151) 
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-30 17:51:01 +02:00
Jens L b41acebf5b
providers/proxy: add caddy endpoint (#3330) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-29 10:58:53 +02:00
Jens Langhammer e30103aa9f providers/proxy: use same redirect-save code for all modes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-04 23:25:47 +02:00
Jens L 8447e9b9c2
providers/proxy: envoy v2 (#3029) 
* add path prefix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use prefix correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only set redirect if session doesn't have a redirect yet

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 10:32:52 +02:00
Jens L f9a419107a
outposts/proxyv2: add basic envoy support (#3026) 
* outposts/proxyv2: add basic envoy support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't crash when backend is not available

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add envoy tests and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 00:06:09 +02:00
Jens L a286f999e2
api: migrate to openapi generator v6 (#2968) 
* migrate to openapi generator v6

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 15:15:30 +02:00
Jens Langhammer a52638d898 internal: fix typo in session name constant 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-20 10:10:29 +02:00
Jens Langhammer 62a939b91d internal: bump api client to v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-03 10:40:07 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 20:25:38 +01:00
Jens Langhammer ebb5711c32 providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-27 18:14:02 +01:00
Jens Langhammer b32800ea71 outposts/proxy: trace full headers to debug 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 22:08:31 +01:00
Jens Langhammer ef335ec083 outposts/proxy: add more test cases for domain-level auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 21:41:15 +01:00
Jens Langhammer 07b09df3fe internal: add more outpost tests, add support for X-Original-URL 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 20:50:13 +01:00
Jens Langhammer 1dce408c72 internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 09:30:33 +01:00
Jens Langhammer 3bfb8b2cb2 outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-21 13:43:16 +01:00
Jens Langhammer ba55538a34 outposts/proxy: cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 19:16:06 +01:00
Jens Langhammer f10b57ba0b outposts/proxy: handle redirect loop in start handler, show error message 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 10:07:08 +01:00
Jens Langhammer eca2ef20d0 outposts/proxy: add initial redirect-loop prevention 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 22:21:53 +01:00
Jens Langhammer e42ad8db93 outposts/proxy: copy user-agent header from upstream request 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-02 10:01:54 +01:00
Jens Langhammer 3b068610b9 outposts/proxy: clean up header setting (don't copy all headers) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-01 20:05:56 +01:00
Jens Langhammer 2462d58135 outposts/proxy: fix duplicate protocol in domain auth mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-27 20:49:00 +02:00
Jens Langhammer 3d042e708a outposts/proxy: always redirect on forward_auth for traefik 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 12:43:57 +02:00
Jens Langhammer d296c12d01 outposts/proxy: fix redirect when using forward_auth mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 10:56:20 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00