Jens L
509b502d3c
providers/oauth2: offline access ( #8026 )
...
* improve scope check (log when application requests non-configured scopes)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add offline_access special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure scope is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update tests for refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* special handling of scopes for github compat
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix spec
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to fix oidc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove hardcoded slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check scope from authorization code instead of request
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix injection for consent stage checking incorrectly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 19:57:11 +01:00
Jens L
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
tedstriker
49df3cb3c4
Documentation: Added note for necessary unigue base DNs ( #7717 )
...
* Added note for necessary unigue base DNs
Added information, that every LDAP provider needs to have a unique base DN. Related to #7714
Signed-off-by: tedstriker <github@meins.org>
* Update website/docs/providers/ldap/index.md
Thank's for fixing the grammar ;)
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: tedstriker <github@meins.org>
---------
Signed-off-by: tedstriker <github@meins.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-11-28 14:56:56 -06:00
Jens L
41bb1ca707
providers/scim: remove preview ( #7166 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-13 19:03:13 +02:00
jon r
9860ac983c
website/docs: fix typo in providers/scim ( #7076 )
...
chore(docs): typo in providers/scim
Signed-off-by: jon r <jon@allmende.io>
2023-10-06 17:43:03 +02:00
Jens L
e40a0b1f8b
website/docs: add notice for nginx ingress configuration requirement ( #7027 )
...
* website/docs: add notice for nginx ingress configuration requirement
https://github.com/goauthentik/infrastructure/pull/574
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update website/docs/providers/proxy/_nginx_ingress.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-10-02 16:04:26 +02:00
risson
c7537f9f32
web, website: compress images ( #6121 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-08-02 12:06:03 +00:00
Thomas Moschny
f2293c0f5b
website/docs: Update syntax in traefik standalone example ( #6303 )
...
* Update syntax in traefik standalone example
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
* One more syntax update
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
---------
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
2023-07-26 10:56:31 +02:00
Jens L
01311929d1
providers/ldap: improve password totp detection ( #6006 )
...
* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-20 12:09:13 +02:00
Jens L
a2de6194e4
website/docs: correct LDAP StartTLS documentation ( #5886 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 11:00:20 +02:00
Jens L
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
Jens L
c68a42f63b
website/docs: improve docs for OAuth2 device code flow ( #5570 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:31 +02:00
Jens L
bb92c4a967
providers/ldap: remove deprecated fields ( #5154 )
...
* providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 14:10:24 +03:00
Jens L
34e9af57fe
website/integrations: switch default gitlab name identifier ( #5321 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#5312
2023-04-20 19:47:41 +03:00
Jens L
1893626e04
website/docs: clear up radius provider ( #5263 )
...
* website/docs: clear up radius provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update website/docs/providers/radius/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-18 10:42:42 +02:00
Jens L
67644ace87
website/docs: prepare 2023.4 release notes ( #5223 )
...
* website/docs: prepare 2023.4 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add prompt preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* Update website/docs/releases/2023/v2023.4.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* add new release to sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-13 14:11:46 +02:00
Jens L
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
Jens L
eaf56f4f3f
stages/user_login: stay logged in ( #4958 )
...
* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
Tana M Berry
8b7a92068b
website/docs: forward-auth page, add list of links ( #4937 )
...
* add list of links
* added commas
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana Berry <tanaberry@Tanas-MacBook-Pro-authentik.local>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-14 07:45:49 -05:00
Jens L
bf7dc5df78
website/docs: separate pages for each webserver ( #4911 )
...
* website/docs: separate pages for each webserver
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-03-13 17:29:51 +01:00
support-tt
7618c2e45f
website/docs: improve traefik standalone docs ( #4493 )
...
* Create _traefik_standalone_single_application.md
Example for Authentik Single Application Proxy with Service example because this was unclear for many users and if you dont create a middleware for every application you get the error "no app for hostname".
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com>
* Update _traefik_standalone_single_application.md
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com>
* rename to old file
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: support-tt <61587422+support-tt@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-10 13:45:41 -06:00
Jens L
6ae2fc9668
providers/SCIM: customizable externalId, document behavior ( #4868 )
...
* only set externalId if mapping hasn't set it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better document use of SCIM in conjunction with OAuth/SAML
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-08 00:15:16 +01:00
Jens L
9559bc2e1e
providers/scim: add option to filter out service accounts, parent group ( #4862 )
...
* add option to filter out service accounts, parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to filter group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework sync card to show scim sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 15:39:48 +01:00
Tana M Berry
f6a8b3d568
website/docs: Corrected typo and added Note about port number if using Istio/Kubern… ( #4851 )
...
* Corrected typo and added Note about port number if using Istio/Kubernetes
@BeryJu I was reading [this article](https://prevue.ch/news/2022-10-11-istio-authentik/ ) about a fellow setting up authentik, using Istio and Kubernetes. I wanted to somehow add a heads up about the port number, but I am not confident that I got it right. Is it only if there are custom decisions being made that the port number has to be for the cluster?
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/providers/proxy/forward_auth.mdx
Signed-off-by: Jens L. <jens@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:28:40 +00:00
Jens L
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
roche-quentin
cd99b6e48f
providers/ldap: making ldap compatible with synology ( #4694 )
...
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
sdimovv
51c6a14786
providers/ldap: Improve compatibility with LDAP clients ( #4750 )
...
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:18:22 +01:00
Jens Langhammer
7d6b573f8b
website: migrate to mermaid charts, rework proxy page
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 12:14:17 +01:00
Jens Langhammer
3170b2f92c
providers/proxy: add token support for basic auth
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
Melvin Snijders
547c01f481
website/docs: update Caddy docs to include HTTPS proxying ( #4316 )
...
Update Caddy documentation to include HTTPS proxying
Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
2023-02-03 14:43:13 +01:00
Jens L
7d4ce41e12
providers/proxy: outpost wide logout implementation ( #4605 )
...
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens Langhammer
3a59b75f4a
website/docs: update ldap provider docs
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 11:46:57 +01:00
Jens L
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens Langhammer
19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
...
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer
d31e566873
outposts/proxy: add header to prevent redirects
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens L
2604dc14fe
providers/ldap: add code-MFA support for ldap provider ( #4354 )
...
* add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 18:32:06 +01:00
Jens L
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Alex Wigen
4e04461820
website/docs: Change Kubernetes ingress apiVersion out of beta ( #4099 )
...
* Change Kubernetes ingress apiVersion out of beta
* fix lint
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 16:42:59 +01:00
John Arrandale
501d63b3aa
website/docs: add notice for unique Base DN ( #4073 )
...
* providers/ldap: updates documentation related to issue #4038
Signed-off-by: John Arrandale <bootsie227@gmail.com>
* providers/ldap: adheres to the CI prettier-check
Signed-off-by: John Arrandale <bootsie227@gmail.com>
2022-11-24 20:52:13 +01:00
Jens Langhammer
ac2e85c003
website/docs: fix 404s on ldap provider docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-06 00:01:38 +01:00
Jens Langhammer
c157030905
website/docs: remove old banner, fix nginx formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-01 17:12:16 +01:00
Rob
895658e7a3
website/integrations: add Organizr integration ( #3802 )
...
* Add new integration application category for Dashboard and initialize organizr service template
* added images and additional info for organizr integration
* alphabetized application integration categories
* alphabetized integration federation and social login categories
* forgot to make website-lint-fix :/
* revert mention of organizr in generic setup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:28:48 +02:00
Rob
10cfccd999
website/docs: add General Setup instructions for LDAP Provider ( #3680 )
...
* Added General Setup instructions for LDAP Provider
* Added General Setup instructions for LDAP Provider and updated relative links
* updated LDAP Outpost note verbiage
* Corrected the case for LDAP and renamed to Generic Setup
* removed ldapsearch example from index page
* updated verbiage around multifactor authentication
* removed note about local LDAP provider
* updated sidebar to reflect generic_setup
* updated logging info
* corrected typo
* updated stage creation instructions and screenshot
* corrected another typo
* corrected another typo
* reword some things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 14:57:57 +00:00
Jens L
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
itsmesid
19c36d20b5
website/docs: improve nginx examples ( #3372 )
...
* website/docs: improve nginx examples
Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com>
* website/docs: improve nginx examples
Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com>
2022-08-30 21:19:25 +02:00
Zolo
c6bb41890e
website/docs: add port_in_redirect in nginx config to prevent invalid port in redirect ( #3397 )
...
* Proposal and fix for issue #3359
By adding `port_in_redirect off` in the configuration for the NginxProxyManager (NPM), will avoid a redirect to port 4443.
Credit to @adtwomey for the suggestions.
https://github.com/goauthentik/authentik/issues/3359
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>
* Adding a comment
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>
Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>
2022-08-29 17:57:18 +02:00
Jens L
b41acebf5b
providers/proxy: add caddy endpoint ( #3330 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 10:58:53 +02:00
Jens Langhammer
1c64616ebd
sources/ldap: add configuration for LDAP Source ciphers
...
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer
23273f53cc
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
...
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00