This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2022/v2022.9.md
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346)
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00

281 lines
7.3 KiB
Markdown

---
title: Release 2022.9
slug: "/releases/2022.9"
---
## Breaking changes
- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers)
## New features
- UI for Duo device Import
Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices.
- Duo Admin API integration
When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../flow/stages/authenticator_duo/).
## API Changes
#### What's New
---
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_device_manual/
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
#### What's Deleted
---
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices/
#### What's Changed
---
##### `GET` /stages/authenticator/duo/{stage_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `admin_integration_key` (string)
##### `PUT` /stages/authenticator/duo/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `admin_integration_key` (string)
- Added property `admin_secret_key` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `admin_integration_key` (string)
##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `admin_integration_key` (string)
- Added property `admin_secret_key` (string)
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `admin_integration_key` (string)
##### `GET` /flows/executor/{flow_slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'xak-flow-error' component:
- Property `type` (string)
Enum values:
- `native`
- `shell`
- `redirect`
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `title` (string)
- Property `background` (string)
- Property `cancel_url` (string)
- Property `layout` (string)
Enum values:
- `stacked`
- `content_left`
- `content_right`
- `sidebar_left`
- `sidebar_right`
- Property `component` (string)
- Property `response_errors` (object)
- Property `pending_user` (string)
- Property `pending_user_avatar` (string)
- Property `request_id` (string)
- Property `error` (string)
- Property `traceback` (string)
##### `POST` /flows/executor/{flow_slug}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Added 'xak-flow-error' component:
- Property `type` (string)
Enum values:
- `native`
- `shell`
- `redirect`
- Property `flow_info` (object)
> Contextual flow information for a challenge
- Property `title` (string)
- Property `background` (string)
- Property `cancel_url` (string)
- Property `layout` (string)
Enum values:
- `stacked`
- `content_left`
- `content_right`
- `sidebar_left`
- `sidebar_right`
- Property `component` (string)
- Property `response_errors` (object)
- Property `pending_user` (string)
- Property `pending_user_avatar` (string)
- Property `request_id` (string)
- Property `error` (string)
- Property `traceback` (string)
##### `POST` /stages/authenticator/duo/
###### Request:
Changed content type : `application/json`
- Added property `admin_integration_key` (string)
- Added property `admin_secret_key` (string)
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `admin_integration_key` (string)
##### `GET` /stages/authenticator/duo/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > AuthenticatorDuoStage Serializer
- Added property `admin_integration_key` (string)
## Minor changes/fixes
- \*: cleanup stray print calls
- \*: remove remaining default creation code in squashed migrations
- blueprint: fix EntryInvalidError not being handled in tasks
- blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
- blueprints: don't export events by default and exclude anonymous user
- blueprints: OCI registry support (#3500)
- blueprints: use correct log level when re-logging import validation logs
- core: fix custom favicon not being set correctly on load
- core: improve error template (#3521)
- crypto: add command to import certificates
- events: fix MonitoredTasks' save_on_success not behaving as expected
- events: reset task info when not saving on success
- events: save event to test notification transport
- flows: fix incorrect diagram for policies bound to flows
- flows: migrate FlowExecutor error handler to native challenge instead of shell
- internal: fix outposts not logging flow execution errors correctly
- internal: optimise outpost's flow executor to use less requests
- internal: use config system for workers/threads, document the settings (#3626)
- outposts: fix oauth state when using signature routing (#3616)
- outposts/proxy: fix redirect path when external host is a subdirectory (#3628)
- providers/oauth2: add x5c (#3556)
- providers/proxy: fix routing based on signature in traefik and caddy
- root: make redis persistent in docker-compose
- root: re-use custom log helper from config and cleanup duplicate functions
- root: shorten outpost docker healthcheck intervals
- sources/ldap: start_tls before binding but without reading server info
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
- sources/oauth: use UPN for username with azure AD source
- stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
- stages/authenticator_duo: improved import (#3601)
- stages/consent: default to expiring consent instead of always_require
- tenants: handle all errors in default_locale
- web: fix checkbox styling on applications form
- web: fix scrolling in modals in low-height views (#3596)
- web: use mermaidjs (#3623)
- web/admin: enable blueprint instances by default
- web/flows: fix ak-locale prompt being rendered without name attribute
- web/flows: update flow background
- web/user: justify content on user settings page on desktop
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.9 from [here](https://goauthentik.io/version/2022.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.9.1
```