Jens Langhammer
6021fc0f52
providers/proxy: fix backend override persisting for other users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 22:29:34 +01:00
Jens Langhammer
7fd6be5abb
providers/proxy: add backend_override
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 21:35:08 +01:00
Jens Langhammer
67d550a80d
providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:23:08 +01:00
Jens Langhammer
ebb5711c32
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:14:02 +01:00
Jens Langhammer
96ae68cf09
internal: make error message less confusing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 15:45:21 +01:00
Jens Langhammer
63b3434b6f
website/docs: improve nginx examples
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 14:25:21 +01:00
Jens Langhammer
1c2b452406
outposts/proxy: fix potential empty redirect, add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2141
2022-01-25 10:57:53 +01:00
Jens Langhammer
650e2cbc38
internal: remove duplicate log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:25:35 +01:00
Jens Langhammer
b32800ea71
outposts/proxy: trace full headers to debug
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:08:31 +01:00
Jens Langhammer
e1c0c0b20c
internal: don't override server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:05:11 +01:00
Jens Langhammer
ef335ec083
outposts/proxy: add more test cases for domain-level auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 21:41:15 +01:00
Jens Langhammer
07b09df3fe
internal: add more outpost tests, add support for X-Original-URL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:50:13 +01:00
Jens Langhammer
e70e031a1f
internal: start adding tests to outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:12:25 +01:00
Jens Langhammer
1dce408c72
internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 09:30:33 +01:00
Jens Langhammer
af3fb5c2cd
internal: use math.MaxInt for compatibility
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1819
2022-01-21 23:11:17 +01:00
Jens Langhammer
3bfb8b2cb2
outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:43:16 +01:00
Jens Langhammer
9fc5ff4b77
outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:29:51 +01:00
Jens Langhammer
41e7b9b73f
outposts/proxyv2: fix before-redirect url not being saved in proxy mode
...
closes #2109
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:16:30 +01:00
Jens Langhammer
7f47f93e4e
internal: cleanup log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:01:24 +01:00
Jens Langhammer
14c7d8c4f4
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2079
2022-01-18 23:19:43 +01:00
Jens Langhammer
c07b8d95d0
outposts/proxy: remove deprecated headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
Jens Langhammer
ececfc3a30
internal: fix comment formatting for TODOs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
Jens Langhammer
c741c13132
internal: fix listen attempt on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 12:36:11 +01:00
Jens Langhammer
f246da6b73
outposts/proxy: fix error checking for type assertion
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:57:32 +01:00
Jens Langhammer
410d1b97cd
outposts/proxy: add support for multiple states, when multiple requests are redirect at once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:16:02 +01:00
Jens Langhammer
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
Jens Langhammer
22a8603892
internal: add custom proxy certificates support to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:16:01 +01:00
Jens Langhammer
ba55538a34
outposts/proxy: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:06 +01:00
Jens Langhammer
f742c73e24
outposts/proxy: fix allowlist for forward_auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1970
2021-12-21 15:49:25 +01:00
Jens Langhammer
b932b6c963
website/docs: update log levels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:15:17 +01:00
Jens Langhammer
3c048a1921
outposts/proxy: fix session not expiring correctly due to miscalculation
...
closes #1976
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:10:57 +01:00
Jens Langhammer
f10b57ba0b
outposts/proxy: handle redirect loop in start handler, show error message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 10:07:08 +01:00
Jens Langhammer
eca2ef20d0
outposts/proxy: add initial redirect-loop prevention
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:21:53 +01:00
Jens Langhammer
cac5c7b3ea
outposts/proxy: make templates more re-usable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:20:23 +01:00
Jens Langhammer
37ee555c8e
outposts/proxy: fix ping URI not being routed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:12:02 +01:00
Jens Langhammer
c843f18743
lib: add additional celery logger to sentry ignore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
Jens Langhammer
68637cf7cf
outposts: handle/ignore http Abort handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:42:45 +01:00
Jens Langhammer
7a73ddfb60
outposts/proxy: match skipPathRegex against full URL on domain auth
...
closes #1955
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:50:42 +01:00
Jens L
95bce9c9e7
outposts: release binary outposts ( #1954 )
...
* outposts/proxy: always embed static assets, still check local
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: add initial ci to build outpost as binary
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: fix typo, build web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: upload to release on publish, only run linux on ci
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: ensure latest go is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: split e2e tests into two halves
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-17 19:49:32 +00:00
Jens Langhammer
7d6e88061f
outposts: check if hub from context is set and fallback
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:19:57 +01:00
Jens Langhammer
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00
Jens Langhammer
5f0f4284a2
web/admin: fix rendering for applications on view page
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 15:27:28 +01:00
Jens Langhammer
c11be2284d
outposts/proxy: also set max length for redis backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 15:05:55 +01:00
Jens Langhammer
aa321196d7
outposts/proxy: fix securecookie: the value is too long again, since it can happen even with filesystem storage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 13:33:20 +01:00
Jens Langhammer
4e2457560d
outposts/proxy: use filesystem storage for non-embedded outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 17:59:31 +01:00
Jens Langhammer
2ddf122d27
Revert "outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long"
...
This reverts commit b3e40c6aed
.
2021-12-12 17:58:19 +01:00
Jens Langhammer
deebdf2bcc
outposts: fix unlabeled transaction
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 13:46:31 +01:00
Jens Langhammer
8abc9cc031
outposts: cleanup logs for failed binds
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:09:18 +01:00
Jens Langhammer
b3e40c6aed
outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 13:54:59 +01:00
Jens Langhammer
ea097afeae
outposts/proxy: fix path prefix in static handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 19:21:40 +01:00
Jens Langhammer
f8dc7f48f2
outposts/proxy: fix path for media
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 18:47:36 +01:00
Jens Langhammer
85a417d22e
outposts/proxy: re-add rs256 support
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 15:17:32 +01:00
Jens Langhammer
347c3793fc
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 14:19:57 +01:00
Jens Langhammer
e42ad8db93
outposts/proxy: copy user-agent header from upstream request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 10:01:54 +01:00
Jens Langhammer
e917e756cc
outposts/proxy: make logging fields more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 09:58:50 +01:00
Jens Langhammer
d0ceafe79e
outposts/proxy: add X-authentik-meta-version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:59:45 +01:00
Jens Langhammer
f2023a7af2
*: don't use go embed to make using custom files easier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:35:28 +01:00
Jens Langhammer
60b95271eb
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:09 +01:00
Jens Langhammer
3b068610b9
outposts/proxy: clean up header setting (don't copy all headers)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:05:56 +01:00
Jens Langhammer
8b7f698c7b
outposts/proxy: continue compiling additional regexes even when one fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-28 15:06:26 +01:00
Jens Langhammer
d1bd8f333b
outposts/proxy: use disableIndex for static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:50:56 +01:00
Jens Langhammer
2ac9f5426d
outposts: don't panic when listening for metrics fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:37:13 +01:00
Jens Langhammer
97b814ab33
outpost/proxy: show better error when hostname isn't configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:45:37 +01:00
Jens Langhammer
e7b4363d21
outposts/ldap: fix logic error in cached ldap searcher
...
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
Jens Langhammer
c98bdbacc5
providers/proxy: return list of configured scope names so outpost requests custom scopes
...
closes #1762
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
Jens Langhammer
202b057ce9
outposts/proxy: fix static files not being served in proxy mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 17:16:13 +01:00
Jens Langhammer
02b4173d30
root: add utm_source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:34:39 +02:00
Jens Langhammer
4d51ec906d
internal/proxyv2: improve error handling when configuring app
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 21:48:11 +02:00
Jens Langhammer
22a7c25526
internal: call GetStore on application to improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 13:33:20 +02:00
Jens Langhammer
f6e8dbfb5e
outposts/proxy: show full error message when user is authenticated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:37 +02:00
Jens Langhammer
3c1ac4c7ec
outposts/proxy: add new headers with unified naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:23 +02:00
Jens Langhammer
52bbf454e3
outpost/proxy: fix missing negation for internal host ssl verification
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 21:17:15 +02:00
Jens Langhammer
2462d58135
outposts/proxy: fix duplicate protocol in domain auth mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-27 20:49:00 +02:00
Jens Langhammer
b248f450dd
outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
...
closes #1471
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 12:00:51 +02:00
Jens Langhammer
9f4a4449f5
outposts/proxy: ensure cookies only last as long as tokens
...
closes #1462
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 16:12:59 +02:00
Jens Langhammer
27e04589c1
outposts/proxyv2: fix routing not working correctly for domain auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 23:32:16 +02:00
Jens Langhammer
471f7d9c62
outposts: add consistent name and type to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:14:51 +02:00
Jens Langhammer
a6a6b3bd06
outposts: add outpost_name label to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:04:17 +02:00
Jens Langhammer
48ad3dccda
outposts/proxy: remove deprecated rs256
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 09:57:47 +02:00
Jens Langhammer
95efd47f65
root: remove asgi error handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 12:23:14 +02:00
Jens Langhammer
223d9ad414
outposts/proxy: fix upstream ssl certificate not being ignored if configured to do so
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 19:30:21 +02:00
Jens Langhammer
9a79bab43d
outposts/proxy: fix redirect URL error due to callback url not being joined correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 16:19:29 +02:00
Jens Langhammer
3d042e708a
outposts/proxy: always redirect on forward_auth for traefik
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 12:43:57 +02:00
Jens L
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens Langhammer
e5944567e8
outposts/proxy: fix url not being substituted for sign_out
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 11:00:58 +02:00
Jens Langhammer
d296c12d01
outposts/proxy: fix redirect when using forward_auth mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 10:56:20 +02:00
Jens Langhammer
4c3a9e69f2
outposts/proxy: fix securecookie: no codecs provided error with redis
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 10:23:46 +02:00
Jens Langhammer
8ca29f6d49
Revert "outpost/proxy: set samesite none"
...
This reverts commit f7afb60c1f
.
2021-09-08 22:56:24 +02:00
Jens Langhammer
0a33d38adf
outpost/proxy: fix prometheus errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 22:41:41 +02:00
Jens Langhammer
f7afb60c1f
outpost/proxy: set samesite none
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 22:06:44 +02:00
Jens Langhammer
b9c605bf1a
outpost/proxy: fix double slash when trailing slash in authentik_host
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 22:03:41 +02:00
Jens Langhammer
2983adc719
outpost/proxyv2: fix redirect to localhost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 21:07:16 +02:00
Jens Langhammer
502393ee56
outpost/proxyv2: allow port offset via yaml
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 21:07:06 +02:00
Jens L
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00