authentik fork
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
.github ci: allow errors in migrate-from-stable for now 2022-11-14 21:52:31 +01:00
.vscode blueprints: add desired state attribute to objects (#4061) 2022-11-22 14:27:20 +01:00
authentik security: fix CVE 2022 46145 (#4140) 2022-12-02 16:14:25 +01:00
blueprints security: fix CVE 2022 46145 (#4140) 2022-12-02 16:14:25 +01:00
cmd root: make sentry DSN configurable (#4016) 2022-11-15 16:05:29 +01:00
internal internal: reuse http transport to prevent leaking connections (#3996) 2022-11-25 18:24:01 +01:00
lifecycle lifecycle: don't set user/group in gunicorn 2022-12-02 12:42:55 +02:00
locale web/admin: clarify phrasing that user ID is required 2022-11-24 11:37:54 +01:00
scripts root: update options for generating TS API (#3833) 2022-10-21 09:08:25 +02:00
tests events: fix incorrect EventAction being used 2022-11-25 11:53:05 +01:00
web security: fix CVE 2022 46145 (#4140) 2022-12-02 16:14:25 +01:00
website security: fix CVE 2022 46145 (#4140) 2022-12-02 16:14:25 +01:00
xml */saml: test against SAML Schema 2020-12-13 19:53:16 +01:00
.bumpversion.cfg release: 2022.11.1 2022-11-22 21:42:10 +01:00
.dockerignore root: add bundled docs 2021-07-13 11:06:51 +02:00
.editorconfig repo cleanup, switch to new docker registry 2019-04-29 17:05:39 +02:00
.gitignore root: add vscode tasks 2022-07-01 16:10:08 +02:00
CODE_OF_CONDUCT.md root: rework and expand security policy 2022-11-28 12:10:53 +01:00
CONTRIBUTING.md root: rework and expand security policy 2022-11-28 12:10:53 +01:00
docker-compose.yml release: 2022.11.1 2022-11-22 21:42:10 +01:00
Dockerfile root: include security policy in website container 2022-11-29 00:05:42 +01:00
go.mod core: bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#4118) 2022-11-30 08:37:48 +01:00
go.sum core: bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#4118) 2022-11-30 08:37:48 +01:00
ldap.Dockerfile core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925) 2022-11-01 23:26:17 +01:00
LICENSE root: relicense and launch blog post 2022-11-03 16:00:00 +01:00
Makefile root: use single redis db (#4009) 2022-11-15 14:31:29 +01:00
manage.py root: update deprecation warnings 2022-11-25 11:47:28 +01:00
poetry.lock core: bump selenium from 4.6.1 to 4.7.0 (#4134) 2022-12-02 09:47:53 +01:00
proxy.Dockerfile core: bump golang from 1.19.2-bullseye to 1.19.3-bullseye (#3925) 2022-11-01 23:26:17 +01:00
pyproject.toml release: 2022.11.1 2022-11-22 21:42:10 +01:00
README.md root: rework and expand security policy 2022-11-28 12:10:53 +01:00
schema.yml security: fix CVE 2022 46145 (#4140) 2022-12-02 16:14:25 +01:00
SECURITY.md root: rework and expand security policy 2022-11-28 12:10:53 +01:00

authentik logo


Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Docker pulls Latest version

What is authentik?

authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.

Installation

For small/test setups it is recommended to use docker-compose, see the documentation

For bigger setups, there is a Helm Chart here. This is documented here

Screenshots

Light Dark

Development

See Development Documentation

Security

See SECURITY.md

Sponsors

This project is proudly sponsored by:

DigitalOcean provides development and testing resources for authentik.

Deploys by Netlify

Netlify hosts the goauthentik.io site.