authentik

Commit Graph

Author	SHA1	Message	Date
Jens Langhammer	f70be86ddc	providers/proxy: strip scheme when comparing redirect URL Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 21:22:26 +01:00
Jens Langhammer	9f431396c0	providers/proxy: ensure issuer is correct when browser url override is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4715	2023-02-19 17:35:29 +01:00
Jens Langhammer	b6c120f555	providers/proxy: fix client credential flows not using http interceptor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 00:22:56 +01:00
Jens L	ec42b597ab	providers/proxy: send token request internally, with overwritten host header (#4675 ) * send token request internally, with overwritten host header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 16:34:47 +01:00
Jens Langhammer	8f70354e3c	internal: remove debug remnant from cookie testing Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-12 17:29:18 +01:00
Jens L	21e29744c2	providers/proxy: different cookie name based on hashed client id (#4666 )	2023-02-12 16:34:57 +01:00
Jens L	af43330fd6	providers/oauth2: rework OAuth2 Provider (#4652 ) * always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-09 20:19:48 +01:00
Jens Langhammer	3170b2f92c	providers/proxy: add token support for basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-07 22:50:49 +01:00
Jens Langhammer	61b06eff06	providers/proxy: better log outpost token errors Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-06 20:26:43 +01:00
Jens Langhammer	388367785d	*/saml: disable pretty_print, add signature tests closes #4536 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 15:42:09 +01:00
Jens L	7d4ce41e12	providers/proxy: outpost wide logout implementation (#4605 ) * initial outpost wide logout implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle deserialize error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix file cleanup, add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 21:18:59 +01:00
Jens Langhammer	43854dc828	outposts/proxy: fix panic due to IsSet misbehaving Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 18:22:55 +01:00
Jens L	c11367553e	providers/proxy: fix issuer for embedded outpost (#4480 ) fix issuer for embedded outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 15:39:30 +01:00
Jens L	23c69c456a	providers/proxy: add setting to intercept authorization header (#4457 ) * add setting to intercept authorization header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to intercept_header_auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 18:56:48 +01:00
Jens Langhammer	19ee98b36d	outposts/proxy: allow setting no-redirect via header or query param closes #4455 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 10:56:43 +01:00
Jens Langhammer	9b2ceb0d44	outposts/proxy: make logged user more consistent, set FlushInterval Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 23:58:15 +01:00
Jens Langhammer	69d4719687	outposts/proxy: set http code when no redirect header is set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:20:52 +01:00
Jens Langhammer	d31e566873	outposts/proxy: add header to prevent redirects Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:18:25 +01:00
Jens Langhammer	0ddcefce80	outposts/proxy: cache basic and bearer credentials for one minute Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 22:12:48 +01:00
Jens Langhammer	4c45d35507	outposts/proxy: fix error handling, remove requirement for profile/etc scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 21:44:28 +01:00
Jens Langhammer	829e49275d	outposts/proxy: fix proxy's TokenIntrospection potentially not being set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 20:54:34 +01:00
Jens L	cd12e177ea	providers/proxy: add initial header token auth (#4421 ) * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:22:03 +01:00
Jens Langhammer	b3da1d223c	providers/proxy: correctly set id_token_hint if possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 19:02:37 +00:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens L	d53733b6fc	outposts/proxy: reduce possibility for redirect loops, keep single state (#3831 ) use single state, redirect when start url is hit with active session Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 21:27:34 +02:00
Jens L	49b6aabb02	outposts/proxy: fix redirect path when external host is a subdirectory (#3628 ) fix redirect path when external host is a subdirectory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-22 10:10:29 +02:00
Jens L	47daaf969a	outposts: fix oauth state when using signature routing (#3616 ) * fix oauth state when using signature routing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more retires Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-19 21:38:34 +02:00
Jens Langhammer	220f123b29	internal: add more tracing for states Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-07 09:53:10 +02:00
Jens Langhammer	8e7a456f74	providers/proxy: fix routing based on signature in traefik and caddy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-02 22:03:08 +02:00
Jens Langhammer	8ffae4505f	internal: set Host on url in envoy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 23:20:12 +01:00
Jens Langhammer	0cc83c23c4	providers/proxy: fix duplicate proxy set default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 21:13:45 +01:00
Jens Langhammer	514c48a986	internal: fix routing for requests with querystring signature to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 20:43:01 +02:00
Jens Langhammer	201bea6d30	internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-07 18:50:24 +02:00
Jens Langhammer	fcf4657833	providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser closes #3314 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 20:29:23 +02:00
Jens L	393d7ec486	providers/proxy: no exposed urls (#3151 ) * test any callback Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont detect callback in per-server handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use full redirect uri with both path and query param Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * correctly route to embedded outpost for callback signature Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix allowed redirects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 17:51:01 +02:00
Jens L	b41acebf5b	providers/proxy: add caddy endpoint (#3330 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-29 10:58:53 +02:00
Jens Langhammer	10b48b27b0	internal: walk config in go, check, parse and load from scheme like in python closes #2719 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-26 11:33:37 +02:00
Jens Langhammer	41eb44137e	internal: remove pkg/errors	2022-07-05 20:26:33 +00:00
Jens Langhammer	b6267fdf28	*: add versioned user agent to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-20 11:54:10 +02:00
Jens Langhammer	79bec6f6b2	providers/proxy: only send misconfiguration event once Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-16 10:32:34 +02:00
Jens Langhammer	e30103aa9f	providers/proxy: use same redirect-save code for all modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-04 23:25:47 +02:00
Jens L	8447e9b9c2	providers/proxy: envoy v2 (#3029 ) * add path prefix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use prefix correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only set redirect if session doesn't have a redirect yet Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-03 10:32:52 +02:00
Jens L	f9a419107a	outposts/proxyv2: add basic envoy support (#3026 ) * outposts/proxyv2: add basic envoy support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't crash when backend is not available Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add envoy tests and docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-03 00:06:09 +02:00
Jens L	3eb466ff4b	lifecycle: cleanup prometheus (#2972 ) * remove high cardinality labels Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * retry worker number for prometheus multiprocess id Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * revert to pid, use subdirectories Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use worker id based off of https://github.com/benoitc/gunicorn/issues/1352 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing app label Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: remove static names Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-29 21:45:25 +02:00
Jens L	a286f999e2	api: migrate to openapi generator v6 (#2968 ) * migrate to openapi generator v6 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * bump api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 15:15:30 +02:00
Jens Langhammer	646d174dd2	internal: revert cookie path on proxy causing redirect loops Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-21 16:26:12 +02:00
Jens Langhammer	ebb44c992b	Revert "internal: set SameSite for outpost" This reverts commit `7e95c756b9`.	2022-05-21 14:08:40 +02:00
Jens Langhammer	7e95c756b9	internal: set SameSite for outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-21 13:21:45 +02:00
Jens Langhammer	be26b92927	internal: cleanup outpost logs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-21 13:18:06 +02:00
Jens Langhammer	a52638d898	internal: fix typo in session name constant Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-20 10:10:29 +02:00

1 2 3

138 Commits