trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
10445 commits 95 branches 330 tags 336 MiB
Commit graph

437 commits

Author SHA1 Message Date
Jens L 1e01e9813d
providers/saml: add prefix to entity descriptor (#4355) 
add prefix to entity descriptor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 16:44:52 +01:00
Jens Langhammer e887a315be
providers/oauth2: correctly advertise supported response_modes_supported 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 10:21:34 +01:00
Jens Langhammer 4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token 
closes #4339

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:41:18 +01:00
Jens Langhammer 57400925a4
providers/saml: don't error if no request in API serializer context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:14:16 +01:00
Jens Langhammer 01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 12:04:31 +01:00
Jens L 609f95ac97
providers: add preview for mappings (#4254) 
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 12:13:11 +01:00
Jens Langhammer f8ef2b666f events: fix incorrect EventAction being used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:53:05 +01:00
Jens Langhammer a9909fcf6d providers/oauth2: set amr values based on login event 
closes #4070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:21:59 +01:00
Jens Langhammer 1fa9b3a996 providers/saml: set AuthnContextClassRef based on login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
 2022-11-25 11:21:45 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002) 
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-14 14:24:11 +01:00
Jens Langhammer 3306003f0e providers/oauth2: fix inconsistent expiry encoded in JWT 
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-10 20:23:24 +01:00
Jens L cfad472e1b
flows: optimise queries (#3818) 
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 22:53:07 +02:00
Jens Langhammer 3e1490dcac providers/saml: don't attempt verification of SAML request when no verification certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:26:04 +02:00
Jens L b85be12567
providers/oauth2: fix issues with es256 and add tests (#3808) 
fix issues with es256 and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:01:29 +02:00
Jens L 363872715d
sources/saml: revamp SAML Source (#3785) 
* update saml source to use user connections, add all attributes to flow context

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* check for SAML Status in response, add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* package apple icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add webui for connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 17:04:47 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780) 
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 11:53:01 +02:00
Jens Langhammer e5e6c33b2d providers/oauth2: fix expires_in not being an int 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 14:25:30 +03:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334) 
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 12:42:10 +02:00
Jens Langhammer 9bbe8e6c57 providers/oauth2: save full IDToken to database, only use to_dict for encoding final token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-08 15:06:17 +03:00
Jens Langhammer b2a658d091 providers/oauth2: remove c_hash and nonce claim if they're not set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 17:07:33 +03:00
Jens Langhammer ce085a029d providers/oauth2: exclude at_hash claim if not set instead of being null 
closes #3739

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 10:10:53 +03:00
Jens Langhammer 7c0754000c providers/oauth2: add all hardcoded claims to claims_supported list 
closes #3702

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-29 10:27:46 +02:00
Jens Langhammer a407334d3b providers/oauth2: use @method_decorator instead of decorating in urls 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-10 13:26:17 +02:00
Jens L 7517d612d0
providers/oauth2: add x5c (#3556) 
* add x5c, x5t and x5t#S256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* strip trailing = to fix encoding issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-08 23:30:05 +02:00
Jens L 62f93c83d4
ci: update pyright (#3546) 2022-09-07 00:23:25 +02:00
Jens L f2f22719f8
core: improve error template (#3521) 2022-09-03 19:46:37 +02:00
Jens L 54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486) 
* add meta model to apply blueprint within blueprint for dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use custom registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix again

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move ManagedAppConfig to apps.py

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rename manager to registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use full tag in comment

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-29 21:20:58 +02:00
Jens Langhammer 917c4ae835 ci: fix typos 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-23 18:49:23 +02:00
Jens Langhammer 0cc83c23c4 providers/proxy: fix duplicate proxy set default 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-18 21:13:45 +01:00
Jens Langhammer fdb8fb4b4c providers/oauth2: fix oauth2 requests being logged as unauthenticated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-18 20:26:12 +02:00
Jens Langhammer f4441c9fcf providers/proxy: trigger proxy set_defaults task on startup 
closes #3445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-18 17:42:27 +02:00
Jens Langhammer 846b63a17b *: remove some very verbose logging messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-17 13:36:56 +02:00
Jens Langhammer e9c1276634 blueprints: use relative path in @apply_blueprint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-16 14:20:45 +02:00
Jens Langhammer f01f10c5e5 providers/oauth2: don't separate scopes by comma-space 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-07 13:15:12 +02:00
Jens Langhammer e1249d3760 providers/oauth2: fix scopes without descriptions not being saved in consent 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-07 13:02:47 +02:00
Jens L ec42d378ab
blueprints/cleanup (#3369) 2022-08-05 08:39:00 +02:00
Jens L d1004e3798
blueprints: webui (#3356) 2022-08-03 00:05:49 +02:00
Jens Langhammer 2bd29e2fdd *: improve error handling for startup tasks 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-01 23:31:47 +02:00
Jens L a023eee9bf
blueprints: migrate from managed (#3338) 
* test all bundled blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix empty title

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix default blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add script to generate dev config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate managed to blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more to blueprint instance

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrated away from ObjectManager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix a bit more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* whops

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *sigh*

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* scheduled

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* run discovery on start

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* oops this test should stay

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-01 23:05:58 +02:00
Jens L 89c84f10d0
blueprints: v1 (#1573) 
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-31 17:11:44 +02:00
Jens Langhammer fcf4657833 providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser 
closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-30 20:29:23 +02:00
Jens L 393d7ec486
providers/proxy: no exposed urls (#3151) 
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-30 17:51:01 +02:00
Jens Langhammer 549f6f2077 providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-18 22:20:09 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-03 22:03:03 +02:00
Jens Langhammer 14a4047bdd flows: show messages from ak_message when flow is denied 
fallback to same generic message

closes #3197

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-03 21:36:13 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes 
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 19:45:26 +02:00
Jens Langhammer d11ce0a86e providers/proxy: set default scopes based on managed attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 18:26:49 +02:00
Jens Langhammer 56fd436e5d web: fix redirect when accessing authentik URLs authenticated 
closes #3174

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-30 23:04:39 +02:00
Jens Langhammer ea60c389be providers/saml: include SSO Binding URLs in Provider API 
closes #3179

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-30 22:18:21 +02:00
Jens Langhammer 983882f5a0 providers/oauth2: ensure refresh tokens are URL safe 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
 2022-06-30 12:43:08 +02:00