Jens Langhammer
|
c19afa4f16
|
outposts/proxy: fix duplicate protocol in domain auth mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-29 10:02:01 +02:00 |
|
Jens Langhammer
|
75ef4ce596
|
tests/e2e: add new ldap object classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 14:57:42 +02:00 |
|
Jens Langhammer
|
c2f3ce11b0
|
outposts/ldap: fix potential panic when converting attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 14:52:25 +02:00 |
|
Jens Langhammer
|
3c256fecc6
|
outposts/ldap: add groupofuniquenames
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 14:49:11 +02:00 |
|
Jens Langhammer
|
0285b84133
|
outposts/ldap: add query support for all supported object classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 14:42:26 +02:00 |
|
Jens Langhammer
|
c7e6eb8896
|
outposts/ldap: add support for base scope and domain info
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 14:01:22 +02:00 |
|
Jens Langhammer
|
b248f450dd
|
outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
closes #1471
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 12:00:51 +02:00 |
|
Jens Langhammer
|
234a5e2b66
|
outposts: fix outposts not correctly updating central state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-26 11:40:21 +02:00 |
|
Jens Langhammer
|
9f4a4449f5
|
outposts/proxy: ensure cookies only last as long as tokens
closes #1462
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 16:12:59 +02:00 |
|
Jens Langhammer
|
27e04589c1
|
outposts/proxyv2: fix routing not working correctly for domain auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-24 23:32:16 +02:00 |
|
Jens Langhammer
|
ebc06f1abe
|
outposts/ldap: fix logic error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-22 13:19:50 +02:00 |
|
Jens Langhammer
|
0f8880ab0a
|
outposts: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-22 13:14:28 +02:00 |
|
Jens Langhammer
|
1f97420207
|
outposts/ldap: allow custom attributes to shadow built-in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-21 21:59:39 +02:00 |
|
Jens Langhammer
|
a92a0fb60a
|
web: migrate to lit 2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-21 11:19:26 +02:00 |
|
Jens Langhammer
|
f771383c4b
|
cmd: fix outpost metrics not being set in embedded mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 12:09:12 +02:00 |
|
Jens Langhammer
|
471f7d9c62
|
outposts: add consistent name and type to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 10:14:51 +02:00 |
|
Jens Langhammer
|
a6a6b3bd06
|
outposts: add outpost_name label to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 10:04:17 +02:00 |
|
Jens Langhammer
|
48ad3dccda
|
outposts/proxy: remove deprecated rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 09:57:47 +02:00 |
|
Jens Langhammer
|
95efd47f65
|
root: remove asgi error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-15 12:23:14 +02:00 |
|
Jens Langhammer
|
198e5ce642
|
outpost: fix crash when common keys are not defined in config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-14 17:40:48 +02:00 |
|
Jens Langhammer
|
223d9ad414
|
outposts/proxy: fix upstream ssl certificate not being ignored if configured to do so
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-11 19:30:21 +02:00 |
|
Jens Langhammer
|
9a79bab43d
|
outposts/proxy: fix redirect URL error due to callback url not being joined correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 16:19:29 +02:00 |
|
Jens Langhammer
|
3d042e708a
|
outposts/proxy: always redirect on forward_auth for traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 12:43:57 +02:00 |
|
Jens Langhammer
|
2428d5f1c2
|
outpost: update global outpost config on refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 12:18:19 +02:00 |
|
Jens L
|
7158c9d2ea
|
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 15:52:24 +02:00 |
|
Jens Langhammer
|
e5944567e8
|
outposts/proxy: fix url not being substituted for sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 11:00:58 +02:00 |
|
Jens Langhammer
|
d296c12d01
|
outposts/proxy: fix redirect when using forward_auth mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 10:56:20 +02:00 |
|
Jens Langhammer
|
4c3a9e69f2
|
outposts/proxy: fix securecookie: no codecs provided error with redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 10:23:46 +02:00 |
|
Jens Langhammer
|
8ca29f6d49
|
Revert "outpost/proxy: set samesite none"
This reverts commit f7afb60c1f .
|
2021-09-08 22:56:24 +02:00 |
|
Jens Langhammer
|
0a33d38adf
|
outpost/proxy: fix prometheus errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 22:41:41 +02:00 |
|
Jens Langhammer
|
f7afb60c1f
|
outpost/proxy: set samesite none
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 22:06:44 +02:00 |
|
Jens Langhammer
|
b9c605bf1a
|
outpost/proxy: fix double slash when trailing slash in authentik_host
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 22:03:41 +02:00 |
|
Jens Langhammer
|
2983adc719
|
outpost/proxyv2: fix redirect to localhost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 21:07:16 +02:00 |
|
Jens Langhammer
|
502393ee56
|
outpost/proxyv2: allow port offset via yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 21:07:06 +02:00 |
|
Jens L
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
Jens Langhammer
|
631b0a1819
|
outpost/proxy: improve error logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-07 23:33:48 +02:00 |
|
Jens Langhammer
|
bc7d5042df
|
outpost/proxy: use common template for proxy error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-07 16:44:15 +02:00 |
|
Jens Langhammer
|
70d0dd51a5
|
sources/oauth: cancel currently active flows before redirecting out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-07 11:03:45 +02:00 |
|
Jens Langhammer
|
9ad4cf1db9
|
outposts/ldap: improve logging of client IPs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-05 19:47:30 +02:00 |
|
Jens Langhammer
|
70d1e3a0cb
|
outpost: fix spans being sent without parent context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-03 18:17:08 +02:00 |
|
Jens Langhammer
|
a15571bd3e
|
outposts/proxy: detect empty authentik_host
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-01 22:09:07 +02:00 |
|
Jens Langhammer
|
b1eec5a7d2
|
outposts/proxy: add more logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-30 17:18:52 +02:00 |
|
Jens Langhammer
|
048467e97d
|
outpost/ldap: delay user information removal upon closing of connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-29 21:13:46 +02:00 |
|
Jens Langhammer
|
cc2cd6919f
|
outpost/embedded: only send requests for non-akprox paths when we're doing proxy mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-29 21:13:28 +02:00 |
|
Jens Langhammer
|
8acb15a7fd
|
outpost: fix flow executor not sending password for identification stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-27 09:43:07 +02:00 |
|
Jens Langhammer
|
ffbab2cd68
|
outpost/ldap: set request_id in sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-25 22:36:08 +02:00 |
|
Jens Langhammer
|
294d70ae4d
|
outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 17:53:09 +02:00 |
|
Jens Langhammer
|
23fd257624
|
outposts/ldap: fix nil pointer dereference when search self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 16:51:47 +02:00 |
|
Jens Langhammer
|
3e909ae6bb
|
core: allow filtering users by the groups they are in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 16:27:48 +02:00 |
|
Jens Langhammer
|
ff24bc8cb8
|
outpost/ldap: regularly pre-heat flow executor cache to increase bind performance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-21 16:17:30 +02:00 |
|