authentik

Commit Graph

Author	SHA1	Message	Date
Jens Langhammer	3170b2f92c	providers/proxy: add token support for basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-07 22:50:49 +01:00
Jens Langhammer	61b06eff06	providers/proxy: better log outpost token errors Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-06 20:26:43 +01:00
Jens Langhammer	146d54813c	providers/ldap: fix error not being checked correctly when fetching users Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 18:10:06 +01:00
Jens Langhammer	388367785d	*/saml: disable pretty_print, add signature tests closes #4536 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 15:42:09 +01:00
Jens L	7d4ce41e12	providers/proxy: outpost wide logout implementation (#4605 ) * initial outpost wide logout implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle deserialize error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix file cleanup, add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 21:18:59 +01:00
Jens L	a9b32e2f97	providers/ldap: add unbind flow execution (#4484 ) add unbind flow execution Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 20:36:30 +01:00
Jens Langhammer	8deac81364	outposts/ldap: fix queries filtering objectClass with non-lowercase values closes #2756 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-20 11:42:23 +01:00
Jens Langhammer	43854dc828	outposts/proxy: fix panic due to IsSet misbehaving Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 18:22:55 +01:00
Jens L	c11367553e	providers/proxy: fix issuer for embedded outpost (#4480 ) fix issuer for embedded outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 15:39:30 +01:00
Jens L	23c69c456a	providers/proxy: add setting to intercept authorization header (#4457 ) * add setting to intercept authorization header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to intercept_header_auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 18:56:48 +01:00
Jens Langhammer	bd0ef69ece	outposts/ldap: decrease verbosity Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 11:12:31 +01:00
Jens Langhammer	19ee98b36d	outposts/proxy: allow setting no-redirect via header or query param closes #4455 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 10:56:43 +01:00
Jens Langhammer	9b2ceb0d44	outposts/proxy: make logged user more consistent, set FlushInterval Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 23:58:15 +01:00
Jens Langhammer	69d4719687	outposts/proxy: set http code when no redirect header is set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:20:52 +01:00
Jens Langhammer	d31e566873	outposts/proxy: add header to prevent redirects Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:18:25 +01:00
Jens Langhammer	0ddcefce80	outposts/proxy: cache basic and bearer credentials for one minute Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:12:48 +01:00
Jens Langhammer	4c45d35507	outposts/proxy: fix error handling, remove requirement for profile/etc scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 21:44:28 +01:00
Jens Langhammer	829e49275d	outposts/proxy: fix proxy's TokenIntrospection potentially not being set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 20:54:34 +01:00
Jens L	cd12e177ea	providers/proxy: add initial header token auth (#4421 ) * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:22:03 +01:00
Jens Langhammer	a9680d6088	internal: fix race condition with config loading on startup, add index on debug server Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-08 20:33:04 +01:00
Jens Langhammer	001869641d	web: ensure img tags have alt attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-06 12:44:51 +01:00
Jens L	2604dc14fe	providers/ldap: add code-MFA support for ldap provider (#4354 ) * add code support for ldap provider Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only try to extract code when auth validator stage is encountered Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use parseint instead Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 18:32:06 +01:00
Jens Langhammer	39424839c5	outposts/ldap: only use common cert if cert is configured, correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 22:50:50 +01:00
Jens Langhammer	2d03bd5c89	outposts/ldap: only use common cert if cert is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 21:29:36 +01:00
Jens Langhammer	ff13b4bb46	outposts/ldap: use configured certificate for LDAPS when all providers' certificates are identical Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 19:15:29 +01:00
Jens Langhammer	2b2323fae7	outposts: include hostname in outpost heartbeat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 16:07:52 +01:00
Jens Langhammer	b3da1d223c	providers/proxy: correctly set id_token_hint if possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 19:02:37 +00:00
Jens Langhammer	107f2745c8	providers/ldap: improve mapping of LDAP filters to authentik queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 18:30:52 +00:00
dependabot[bot]	c21c1757de	core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0 (#4179 ) * core: bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0 Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.15.0 to 0.16.0. - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-go/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: github.com/getsentry/sentry-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update custom tracer Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-09 12:20:41 +01:00
Daniel	be9790ef8a	internal: reuse http transport to prevent leaking connections (#3996 ) * Fix: Using the same http transport as the api * fix: Using global tlsTransport instead of newly created one	2022-11-25 18:24:01 +01:00
Jens L	276af8457d	root: make sentry DSN configurable (#4016 ) * make sentry DSN configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make proxy smarter Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typo in config struct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:05:29 +01:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens L	d53733b6fc	outposts/proxy: reduce possibility for redirect loops, keep single state (#3831 ) use single state, redirect when start url is hit with active session Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 21:27:34 +02:00
Jens Langhammer	b864de7721	outposts/ldap: increase compatibility with different types in user and group attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-16 22:32:18 +02:00
Jens L	44e4f2e561	crypto: make certificate parsing optional for crypto api (#3711 )	2022-10-01 00:06:00 +02:00
Jens Langhammer	50819ae0f0	*: improve error handling in ldap outpost, ignore additional errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-23 22:11:47 +02:00
Jens L	49b6aabb02	outposts/proxy: fix redirect path when external host is a subdirectory (#3628 ) fix redirect path when external host is a subdirectory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-22 10:10:29 +02:00
Jens L	47daaf969a	outposts: fix oauth state when using signature routing (#3616 ) * fix oauth state when using signature routing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more retires Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-19 21:38:34 +02:00
Jens Langhammer	220f123b29	internal: add more tracing for states Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-07 09:53:10 +02:00
Jens Langhammer	621245aece	internal: optimise outpost's flow executor to use less requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-03 21:29:58 +02:00
Jens Langhammer	8e7a456f74	providers/proxy: fix routing based on signature in traefik and caddy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-02 22:03:08 +02:00
Jens Langhammer	14a7c9f967	internal: fix outposts not logging flow execution errors correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-31 23:03:57 +02:00
Jens Langhammer	8ffae4505f	internal: set Host on url in envoy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 23:20:12 +01:00
Jens Langhammer	0cc83c23c4	providers/proxy: fix duplicate proxy set default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 21:13:45 +01:00
Jens Langhammer	514c48a986	internal: fix routing for requests with querystring signature to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 20:43:01 +02:00
Jens Langhammer	846b63a17b	*: remove some very verbose logging messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-17 13:36:56 +02:00
Jens Langhammer	201bea6d30	internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-07 18:50:24 +02:00
Jens L	89fef0ae72	blueprints: docs (#3376 ) * further blueprint cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make group users and parent optional Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix api client usage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-06 00:52:12 +02:00
Jens L	2ce8e18bab	internal: centralise config for listeners to use same config system everywhere (#3367 ) * centralise config for listeners to use same config system everywhere Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3360 * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-03 21:33:27 +02:00
Jens Langhammer	fcf4657833	providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser closes #3314 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 20:29:23 +02:00

1 2 3 4 5 ...

304 Commits