9559bc2e1e
providers/scim: add option to filter out service accounts, parent group ( #4862 )
...
* add option to filter out service accounts, parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to filter group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework sync card to show scim sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 15:39:48 +01:00
f6a8b3d568
website/docs: Corrected typo and added Note about port number if using Istio/Kubern… ( #4851 )
...
* Corrected typo and added Note about port number if using Istio/Kubernetes
@BeryJu I was reading [this article](https://prevue.ch/news/2022-10-11-istio-authentik/ ) about a fellow setting up authentik, using Istio and Kubernetes. I wanted to somehow add a heads up about the port number, but I am not confident that I got it right. Is it only if there are custom decisions being made that the port number has to be for the cluster?
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/providers/proxy/forward_auth.mdx
Signed-off-by: Jens L. <jens@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:28:40 +00:00
c4a7648ce3
website: add website development setup, update contribution guidelines on PR titles ( #4852 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:27:05 +00:00
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
2c32e54746
website: bump dns-packet from 5.3.1 to 5.4.0 in /website ( #4836 )
2023-03-03 00:05:22 +01:00
e47bbe63b8
website/docs: update release notes ( #4833 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 20:27:51 +01:00
972dce1462
security: fix CVE-2023-26481 ( #4832 )
...
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 20:15:33 +01:00
a6eba37d5a
core: Add `resolve_dns` and `reverse_dns` functions to evaluator ( #4769 )
...
* Add resolve_dns
* Add reverse_dns
* Fix lint
* add caching, small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Added time-aware LRU cache
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-01 22:15:13 +01:00
5e60db8593
providers/oauth2: fix typo ( #4803 )
2023-02-27 17:17:48 +01:00
39d0893303
flows: change default flow stage binding settings ( #4784 )
...
* flows: change default flow stage binding settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fallback to correct value
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 15:21:26 +01:00
99ddbf553c
website: add X-Frame-Options ( #4800 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 13:40:33 +01:00
596ff529c4
core: bootstrap email ( #4788 )
2023-02-26 17:02:45 +01:00
7503b32c74
website/integrations: Zammad instructions ( #4644 )
...
* add zammad
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* some improvements
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* add navi-item
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* fix mappings
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* typo
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* personalized link removed
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* replace inventory placeholder & fix SAML
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* Replace placeholder
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* text improvement
Signed-off-by: Tealk <tealk@rollenspiel.monster>
---------
Signed-off-by: Tealk <tealk@rollenspiel.monster>
2023-02-22 16:55:32 +00:00
383b6a38ba
website/integrations: Mastodon integration ( #4733 )
...
* init mastodon integration
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* replace inventory placeholder
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* Replace placeholder
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* replace username with sub
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* text improvement
Signed-off-by: Tealk <tealk@rollenspiel.monster>
---------
Signed-off-by: Tealk <tealk@rollenspiel.monster>
2023-02-22 17:23:38 +01:00
7d9eef37ed
website/integrations: Mobilizon instructions ( #4747 )
...
* add mobilizonintegration
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* replace inventory placeholder
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* Replace placeholder
Signed-off-by: Tealk <tealk@rollenspiel.monster>
* text improvement
Signed-off-by: Tealk <tealk@rollenspiel.monster>
---------
Signed-off-by: Tealk <tealk@rollenspiel.monster>
2023-02-22 16:20:47 +00:00
60d3da20f3
website/integrations: fix Vikunja setup instructions ( #4730 )
...
* fix: Vikunja setup instructions
Signed-off-by: kolaente <k@knt.li>
* fix: clarify what needs restarting after config change
---------
Signed-off-by: kolaente <k@knt.li>
2023-02-22 15:31:18 +00:00
cd99b6e48f
providers/ldap: making ldap compatible with synology ( #4694 )
...
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
51c6a14786
providers/ldap: Improve compatibility with LDAP clients ( #4750 )
...
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:18:22 +01:00
122055b38b
stages/user_login: terminate others ( #4754 )
...
* rework session list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use sender filtering for signals when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add terminate_other_sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:09:28 +01:00
b61d181ec7
website/docs: add better explanation for goauthentik.io/user/token-ex… ( #4755 )
...
website/docs: add better explanation for goauthentik.io/user/token-expires
closes #4727
2023-02-22 13:24:04 +01:00
2c78053631
website/docs: add release note titles
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 12:27:24 +01:00
8de4471322
website: update blog
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 19:35:39 +01:00
e5dfe7dafe
website: always show build version in version dropdown
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#3940
2023-02-16 14:38:58 +01:00
17364c3bd8
website/docs: add 2023.2.2 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 20:34:25 +01:00
19f5e6e07e
website/docs: update events page
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:44:13 +01:00
7d6b573f8b
website: migrate to mermaid charts, rework proxy page
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 12:14:17 +01:00
859b6cc60e
website: adjust padding on hero header
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 00:28:45 +01:00
c340830b37
website/docs: prepare 2023.2.1
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 18:19:02 +01:00
fc9ae9e938
website: include 2023.2 in sidebar
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 13:17:55 +01:00
6bb809fd82
website/integrations: remove exclude_x5 from guacamole
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 11:55:11 +01:00
cf36da2e5d
website/docs: prepare 2023.2 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:44:53 +01:00
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
e490d25791
website/integrations: Add danger annotation for using username as Nextcloud UID ( #4667 )
...
* Add danger annotation for using username as Nextcloud UID
* fix lint
2023-02-12 14:13:32 +01:00
a2947975e4
website/integrations: Fix Nextcloud SAM UID value setting ( #4656 )
...
Fix SAM UID value setting
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2023-02-10 14:58:11 +01:00
99bb4c2cf8
website/sources: update mailcow docs
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-10 11:45:29 +01:00
b225f6f3ff
website: add sidebar item tests, bump node version to latest LTS
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 22:06:07 +01:00
ecd5fab082
website/integrations: add Gravitee integration ( #4564 )
...
* Add documentation on using Authentik with Gravitee
Adds documentation on using Authentik with Gravitee
Signed-off-by: barrelltitor <108460132+barrelltitor@users.noreply.github.com>
* Update sidebarsIntegrations.js
Signed-off-by: barrelltitor <108460132+barrelltitor@users.noreply.github.com>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: barrelltitor <108460132+barrelltitor@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 22:04:53 +01:00
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
cae04b8198
website: bump @sideway/formula from 3.0.0 to 3.0.1 in /website ( #4647 )
2023-02-09 03:26:08 +01:00
a7cf454760
web/admin: add notice for user_login stage session cookie behaviour
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 14:18:52 +01:00
91db046978
website: bump prettier from 2.8.3 to 2.8.4 in /website ( #4632 )
...
Bumps [prettier](https://github.com/prettier/prettier ) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/2.8.3...2.8.4 )
---
updated-dependencies:
- dependency-name: prettier
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-08 11:34:43 +01:00
7a85038c11
website/docs: prepare 2023.2 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:52:29 +01:00
3170b2f92c
providers/proxy: add token support for basic auth
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
555b33c252
website/blog: fix formatting
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 17:40:16 +01:00
f5047e3ab0
website/blog: publish new blog post
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 17:35:39 +01:00
ed01a844ef
website: bump @docusaurus/preset-classic from 2.2.0 to 2.3.1 in /website ( #4619 )
...
Bumps [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v2.3.1/packages/docusaurus-preset-classic )
---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 11:25:28 +01:00
c6843a1307
website: bump @docusaurus/plugin-client-redirects from 2.2.0 to 2.3.1 in /website ( #4620 )
...
website: bump @docusaurus/plugin-client-redirects in /website
Bumps [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v2.3.1/packages/docusaurus-plugin-client-redirects )
---
updated-dependencies:
- dependency-name: "@docusaurus/plugin-client-redirects"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 11:20:47 +01:00
a890b93869
website/integrations: Update pgAdmin documentation ( #4319 )
...
* Update index.md
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
* doc: quick update
* Update index.md
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
---------
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
2023-02-03 14:54:04 +01:00
8cf0a5dace
website/integrations: update pfSense integration details ( #4337 )
...
* Update index.md
Removed need to enable ExtendedQuery, changed format of Authentication Containers to use semi-colons per note in pfSense, and added setting for Group member attribute (to allow users to not have to create pfsense users individually)
Signed-off-by: bjk525 <34558980+bjk525@users.noreply.github.com>
* Update index.md
Signed-off-by: bjk525 <34558980+bjk525@users.noreply.github.com>
* Update index.md
Signed-off-by: bjk525 <34558980+bjk525@users.noreply.github.com>
* revert Authentication containers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: bjk525 <34558980+bjk525@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 13:45:13 +00:00
547c01f481
website/docs: update Caddy docs to include HTTPS proxying ( #4316 )
...
Update Caddy documentation to include HTTPS proxying
Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
2023-02-03 14:43:13 +01:00
Jens L
Tana M Berry
dependabot[bot]
sdimovv
Tealk
kolaente
roche-quentin
Jens Langhammer
barrelltitor
Antoine
bjk525
Melvin Snijders