dc1359a763
* providers/saml: initial SLO implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add logout request tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add tests for POST SLO Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * matrix e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set e2e matrix name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate oidc and oauth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add basic saml slo e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add better metadata download url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * kinda prepare release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sort releases into folders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add slo urls to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix linking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
140 lines
6.8 KiB
Markdown
140 lines
6.8 KiB
Markdown
---
|
|
title: Release 2021.4
|
|
slug: "/releases/2021.4"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- Configurable Policy engine mode
|
|
|
|
In the past, all objects, which could have policies attached to them, required _all_ policies to pass to consider an action successful.
|
|
You can now configure if _all_ policies need to pass, or if _any_ policy needs to pass.
|
|
|
|
This can now be configured for the following objects:
|
|
|
|
- Applications (access restrictions)
|
|
- Sources
|
|
- Flows
|
|
- Flow-stage bindings
|
|
|
|
For backwards compatibility, this is set to _all_, but new objects will default to _any_.
|
|
|
|
- Expiring Events
|
|
|
|
Previously, events would stay in the database forever, and had to eventually be cleaned up manually. This version add expiry to events with a default
|
|
timeout of 1 Year. This also applies to existing events, and their expiry will be set during the migration.
|
|
|
|
- New UI
|
|
|
|
While the UI mostly looks the same, under the hood a lot has changed. The Web UI is now a Single-page application based on rollup and lit-html. This has several consequences and new features, for example:
|
|
|
|
- You can now see a user's OAuth Access/Refresh tokens and the consents they've given
|
|
- You can now see a per-object changelog based on the model_create/update/delete events being created.
|
|
- A new API Browser is available under `https://authentink.company/api/v2beta/`
|
|
- Several new charts, new pages and quality-of-life improvements
|
|
- Credentials of objects are no longer shown while editing them
|
|
|
|
- Deprecated Group membership has been removed.
|
|
|
|
## Minor changes
|
|
|
|
- You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable.
|
|
|
|
## Fixed in 2021.4.2
|
|
|
|
- core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746)
|
|
- core: improve messaging when creating a recovery link for a user when no recovery flow exists
|
|
- flows: annotate flows executor 404 error
|
|
- flows: include configure_flow in stages API
|
|
- helm: make storage class, size and mode configurable
|
|
- helm: turn off monitoring by default (https://github.com/goauthentik/authentik/issues/741)
|
|
- outposts: fix errors when creating multiple outposts
|
|
- root: add restart: unless-stopped to compose
|
|
- root: base Websocket message storage on Base not fallback
|
|
- root: fix healthcheck part in docker-compose
|
|
- root: fix setting of EMAIL_USE_TLS and EMAIL_USE_SSL
|
|
- sources/ldap: improve error handling during sync
|
|
- sources/oauth: fix error when creating an oauth source which has fixed URLs
|
|
- sources/oauth: fix resolution of sources' provider type
|
|
- web: fix background-color on router outlet on light mode
|
|
- web/admin: fix error when user doesn't have permissions to read source
|
|
- web/admin: fix errors in user profile when non-superuser
|
|
|
|
## Fixed in 2021.4.3
|
|
|
|
- \*: add model_name to TypeCreate API to distinguish between models sharing a component
|
|
- api: fix CSRF error when using POST/PATCH/PUT in API Browser
|
|
- api: make 401 messages clearer
|
|
- api: mount outposts under outposts/instances to match flows
|
|
- core: add parameter to output property mapping test result formatted
|
|
- core: add superuser_full_list to applications list, shows all applications when superuser
|
|
- core: fix Tokens being created with incorrect intent by default
|
|
- outposts: don't run outpost_controller when no service connection is set
|
|
- providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs
|
|
- root: auto-migrate on startup, lock database using pg_advisory_lock
|
|
- sources/oauth: add login with plex support
|
|
- sources/oauth: fix redirect loop for source with non-configurable URLs
|
|
- sources/oauth: save null instead of empty string for sources without configurable URLs
|
|
- web/admin: add ability to add users to a group whilst creating a group
|
|
- web/admin: fix default for codemirror
|
|
- web/admin: fix group member table order
|
|
- web/admin: fix non-matching provider type being selected when creating an OAuth Source
|
|
- web/admin: fix provider type resetting when changing provider type
|
|
- web/admin: fix undefined being shown when viewing application
|
|
- web/admin: improve default selection for property-mappings
|
|
|
|
## Fixed in 2021.4.4
|
|
|
|
- \*: make tasks run every 60 minutes not :00 every hour
|
|
- outposts: check for X-Forwarded-Host to switch context
|
|
- outposts: improve update performance
|
|
- outposts: move local connection check to task, run every 60 minutes
|
|
- providers/oauth2: add proper support for non-http schemes as redirect URIs
|
|
- providers/oauth2: fix TokenView not having CORS headers set even with proper Origin
|
|
- sources/oauth: fix error whilst fetching user profile when source uses fixed URLs
|
|
- sources/oauth: handle error in AzureAD when ID Can't be extracted
|
|
- stages/user_login: add default backend
|
|
- web: fix title not being loaded from config
|
|
- web: only report http errors for 500 and above
|
|
- web: send response info when response is thrown
|
|
- web/admin: add description for fields in proxy provider form
|
|
- web/admin: adjust phrasing of cards on overview page
|
|
- web/admin: fix display for user supseruser status
|
|
- web/admin: fix error when me() returns 403
|
|
- web/admin: fix error when updating identification stage
|
|
- web/admin: fix invalid group member count
|
|
- web/admin: fix link to providers on overview page
|
|
- web/admin: fix mismatched required tags
|
|
- web/admin: improve phrasing for Policy bindings
|
|
- web/admin: only allow policies to be bound to sources as users/groups cannot be checked
|
|
- web/admin: only pre-select items when creating a new object
|
|
- web/flows: fix Sentry not being loaded correctly
|
|
|
|
## Fixed in 2021.4.5
|
|
|
|
- core: fix text on error pages being hard to read
|
|
- outposts: only kill docker container if its running
|
|
- root: add middleware to properly report websocket connection to sentry
|
|
- root: don't use .error of structlog to not send to sentry
|
|
- stages/email: catch ValueError when global email settings are invalid
|
|
- stages/invitation: accept token from prompt_data
|
|
- stages/invitation: fix token not being loaded correctly from query string
|
|
- web: fix text-colour for form help text
|
|
- web: ignore network errors for sentry
|
|
- web/admin: don't show docker certs as required
|
|
- web/flows: fix redirect loop when sentry is enabled on flow views
|
|
- web/flows: include ShadyDOM, always enable ShadyDOM for flow interface, improve compatibility with password
|
|
- web/flows/identification: fix phrasing account recovery
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.4 from [here](https://goauthentik.io/version/2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Run `helm repo update` and then upgrade your release with `helm upgrade authentik authentik/authentik -f values.yaml`.
|