website: migrate to mermaid charts, rework proxy page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
ade397fc24
commit
7d6b573f8b
|
@ -4,11 +4,30 @@ title: Terminology
|
|||
slug: /terminology
|
||||
---
|
||||
|
||||
![](/img/authentik_objects.svg)
|
||||
```mermaid
|
||||
graph LR
|
||||
source_ldap((LDAP Source)) <-->|Synchronizes| datasource_ldap["FreeIPA/
|
||||
Active Directory"]
|
||||
datasource_oauth1(Twtitter) --> source_oauth((OAuth/SAML\nSource))
|
||||
datasource_oauth2(GitHub) --> source_oauth((OAuth/SAML\nSource))
|
||||
source_oauth --> authentik_db(authentik Database)
|
||||
source_ldap --> authentik_db(authentik Database)
|
||||
|
||||
### System tasks
|
||||
app_sso(Gitlab) --> authentik_provider[Provider]
|
||||
authentik_provider --> authentik_db
|
||||
authentik_provider --> authentik_app["Application
|
||||
(Stores permissions and UI details)"]
|
||||
authentik_app --> authentik_policy_engine[Policy Engine]
|
||||
authentik_policy_engine --> authentik_db
|
||||
|
||||
These are longer-running tasks which authentik runs in the background. This is used to sync LDAP sources, backup the database, and other various tasks.
|
||||
app_ldap("Applications that only
|
||||
support LDAP (e.g. pfSense)") --> authentik_outpost_ldap[LDAP Outpost]
|
||||
app_proxy("Applications that don't
|
||||
support any SSO (e.g. Plex)") --> authentik_outpost_proxy[Proxy Outpost]
|
||||
authentik_outpost_ldap --> authentik_outposts[Outposts]
|
||||
authentik_outpost_proxy --> authentik_outposts[Outposts]
|
||||
authentik_outposts --> authentik_provider
|
||||
```
|
||||
|
||||
### Application
|
||||
|
||||
|
@ -26,7 +45,7 @@ A Provider is a way for other applications to authenticate against authentik. Co
|
|||
|
||||
At a base level a policy is a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the user is member of the specified Group and False if not. This can be used to conditionally apply Stages, grant/deny access to various objects, and for other custom logic.
|
||||
|
||||
See [Policies](./policies/)
|
||||
See [Policies](../policies/index.md)
|
||||
|
||||
### Flows & Stages
|
||||
|
||||
|
@ -34,16 +53,20 @@ Flows are an ordered sequence of stages. These flows can be used to define how a
|
|||
|
||||
A stage represents a single verification or logic step. They are used to authenticate users, enroll users, and more. These stages can optionally be applied to a flow via policies.
|
||||
|
||||
See [Flows](./flow/)
|
||||
See [Flows](../flow/index.md)
|
||||
|
||||
### Property Mappings
|
||||
|
||||
Property Mappings allow you to make information available for external applications. For example, if you want to login to AWS with authentik, you'd use Property Mappings to set the user's roles in AWS based on their group memberships in authentik.
|
||||
|
||||
See [Property Mappings](./property-mappings/)
|
||||
See [Property Mappings](../property-mappings/index.md)
|
||||
|
||||
### Outpost
|
||||
|
||||
An outpost is a separate component of authentik, which can be deployed anywhere, regardless of the authentik deployment. The outpost offers services that aren't implemented directly into the authentik core, e.g. Reverse Proxying.
|
||||
|
||||
See [Outposts](./outposts/)
|
||||
See [Outposts](../outposts/index.mdx)
|
||||
|
||||
### System tasks
|
||||
|
||||
These are longer-running tasks which authentik runs in the background. This is used to sync LDAP sources, backup the database, and other various tasks.
|
||||
|
|
|
@ -1,28 +1,94 @@
|
|||
---
|
||||
title: Overview
|
||||
title: Proxy Provider
|
||||
---
|
||||
|
||||
```mermaid
|
||||
sequenceDiagram
|
||||
participant u as User accesses service
|
||||
participant rp as Reverse proxy
|
||||
participant ak as authentik
|
||||
participant s as Service
|
||||
|
||||
u->>rp: Initial request
|
||||
rp->>ak: Checks authentication
|
||||
alt User is authenticated
|
||||
ak ->> rp: Successful response
|
||||
rp ->> s: Initial request is forwarded
|
||||
else User needs to be authenticated
|
||||
ak ->> rp: Redirect to the login page
|
||||
rp ->> u: Redirect is passed to enduser
|
||||
end
|
||||
```
|
||||
|
||||
## Headers
|
||||
|
||||
The proxy outpost sets the following user-specific headers:
|
||||
|
||||
- X-authentik-username: `akadmin`
|
||||
### `X-authentik-username`
|
||||
|
||||
The username of the currently logged in user
|
||||
Example value: `akadmin`
|
||||
|
||||
- X-authentik-groups: `foo|bar|baz`
|
||||
The username of the currently logged in user
|
||||
|
||||
The groups the user is member of, separated by a pipe
|
||||
### `X-authentik-groups`
|
||||
|
||||
- X-authentik-email: `root@localhost`
|
||||
Example value: `foo|bar|baz`
|
||||
|
||||
The email address of the currently logged in user
|
||||
The groups the user is member of, separated by a pipe
|
||||
|
||||
- X-authentik-name: `authentik Default Admin`
|
||||
### `X-authentik-email`
|
||||
|
||||
Full name of the current user
|
||||
Example value: `root@localhost`
|
||||
|
||||
- X-authentik-uid: `900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb`
|
||||
The email address of the currently logged in user
|
||||
|
||||
The hashed identifier of the currently logged in user.
|
||||
### `X-authentik-name`
|
||||
|
||||
Example value: `authentik Default Admin`
|
||||
|
||||
Full name of the current user
|
||||
|
||||
### `X-authentik-uid`
|
||||
|
||||
Example value: `900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb`
|
||||
|
||||
The hashed identifier of the currently logged in user.
|
||||
|
||||
Besides these user-specific headers, some application specific headers are also set:
|
||||
|
||||
### `X-authentik-meta-outpost`
|
||||
|
||||
Example value: `authentik Embedded Outpost`
|
||||
|
||||
The authentik outpost's name.
|
||||
|
||||
### `X-authentik-meta-provider`
|
||||
|
||||
Example value: `test`
|
||||
|
||||
The authentik provider's name.
|
||||
|
||||
### `X-authentik-meta-app`
|
||||
|
||||
Example value: `test`
|
||||
|
||||
The authentik application's slug.
|
||||
|
||||
### `X-authentik-meta-version`
|
||||
|
||||
Example value: `goauthentik.io/outpost/1.2.3`
|
||||
|
||||
The authentik outpost's version.
|
||||
|
||||
### `X-Forwarded-Host`
|
||||
|
||||
:::info
|
||||
Only set in proxy mode
|
||||
:::
|
||||
|
||||
The original Host header sent by the client. This is set as the `Host` header is set to the host of the configured backend.
|
||||
|
||||
### Additional headers
|
||||
|
||||
Additionally, you can set `additionalHeaders` attribute on groups or users to set additional headers:
|
||||
|
||||
|
@ -31,30 +97,6 @@ additionalHeaders:
|
|||
X-test-header: test-value
|
||||
```
|
||||
|
||||
Besides these user-specific headers, some application specific headers are also set:
|
||||
|
||||
- X-authentik-meta-outpost: `authentik Embedded Outpost`
|
||||
|
||||
The authentik outpost's name.
|
||||
|
||||
- X-authentik-meta-provider: `test`
|
||||
|
||||
The authentik provider's name.
|
||||
|
||||
- X-authentik-meta-app: `test`
|
||||
|
||||
The authentik application's slug.
|
||||
|
||||
- X-authentik-meta-version: `goauthentik.io/outpost/1.2.3`
|
||||
|
||||
The authentik outpost's version.
|
||||
|
||||
### Only in proxy mode
|
||||
|
||||
- X-Forwarded-Host:
|
||||
|
||||
The original Host header sent by the client. This is set as the `Host` header is set to the host of the configured backend.
|
||||
|
||||
## HTTPS
|
||||
|
||||
The outpost listens on both 9000 for HTTP and 9443 for HTTPS.
|
||||
|
|
|
@ -169,6 +169,10 @@ module.exports = {
|
|||
},
|
||||
],
|
||||
],
|
||||
markdown: {
|
||||
mermaid: true,
|
||||
},
|
||||
themes: ["@docusaurus/theme-mermaid"],
|
||||
scripts: [
|
||||
{
|
||||
src: "https://goauthentik.io/js/script.js",
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -18,6 +18,7 @@
|
|||
"dependencies": {
|
||||
"@docusaurus/plugin-client-redirects": "2.3.1",
|
||||
"@docusaurus/preset-classic": "2.3.1",
|
||||
"@docusaurus/theme-mermaid": "^2.3.1",
|
||||
"@mdx-js/react": "^1.6.22",
|
||||
"clsx": "^1.2.1",
|
||||
"disqus-react": "^1.1.5",
|
||||
|
|
File diff suppressed because one or more lines are too long
Before Width: | Height: | Size: 24 KiB |
Reference in New Issue