Jens L
|
28ddeb124f
|
providers: SCIM (#4835)
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-06 19:39:08 +01:00 |
Jens L
|
e47bbe63b8
|
website/docs: update release notes (#4833)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-02 20:27:51 +01:00 |
Jens L
|
972dce1462
|
security: fix CVE-2023-26481 (#4832)
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-02 20:15:33 +01:00 |
sdimovv
|
a6eba37d5a
|
core: Add `resolve_dns` and `reverse_dns` functions to evaluator (#4769)
* Add resolve_dns
* Add reverse_dns
* Fix lint
* add caching, small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Added time-aware LRU cache
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-01 22:15:13 +01:00 |
Jens L
|
5e60db8593
|
providers/oauth2: fix typo (#4803)
|
2023-02-27 17:17:48 +01:00 |
Jens L
|
39d0893303
|
flows: change default flow stage binding settings (#4784)
* flows: change default flow stage binding settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fallback to correct value
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-27 15:21:26 +01:00 |
Jens L
|
596ff529c4
|
core: bootstrap email (#4788)
|
2023-02-26 17:02:45 +01:00 |
roche-quentin
|
cd99b6e48f
|
providers/ldap: making ldap compatible with synology (#4694)
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-22 15:26:41 +01:00 |
sdimovv
|
51c6a14786
|
providers/ldap: Improve compatibility with LDAP clients (#4750)
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-22 14:18:22 +01:00 |
Jens L
|
122055b38b
|
stages/user_login: terminate others (#4754)
* rework session list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use sender filtering for signals when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add terminate_other_sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-22 14:09:28 +01:00 |
Jens L
|
b61d181ec7
|
website/docs: add better explanation for goauthentik.io/user/token-ex… (#4755)
website/docs: add better explanation for goauthentik.io/user/token-expires
closes #4727
|
2023-02-22 13:24:04 +01:00 |
Jens Langhammer
|
2c78053631
|
website/docs: add release note titles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-21 12:27:24 +01:00 |
Jens Langhammer
|
17364c3bd8
|
website/docs: add 2023.2.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 20:34:25 +01:00 |
Jens Langhammer
|
19f5e6e07e
|
website/docs: update events page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 16:44:13 +01:00 |
Jens Langhammer
|
7d6b573f8b
|
website: migrate to mermaid charts, rework proxy page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-15 12:14:17 +01:00 |
Jens Langhammer
|
c340830b37
|
website/docs: prepare 2023.2.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-14 18:19:02 +01:00 |
Jens Langhammer
|
cf36da2e5d
|
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-12 17:44:53 +01:00 |
sdimovv
|
b69e55eae9
|
core: Add support for auto generating unique avatars based on the user's initials (#4663)
|
2023-02-12 16:35:17 +01:00 |
Jens L
|
af43330fd6
|
providers/oauth2: rework OAuth2 Provider (#4652)
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-09 20:19:48 +01:00 |
Jens Langhammer
|
a7cf454760
|
web/admin: add notice for user_login stage session cookie behaviour
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-08 14:18:52 +01:00 |
Jens Langhammer
|
7a85038c11
|
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-07 22:52:29 +01:00 |
Jens Langhammer
|
3170b2f92c
|
providers/proxy: add token support for basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-07 22:50:49 +01:00 |
Melvin Snijders
|
547c01f481
|
website/docs: update Caddy docs to include HTTPS proxying (#4316)
Update Caddy documentation to include HTTPS proxying
Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
|
2023-02-03 14:43:13 +01:00 |
Jens L
|
7d4ce41e12
|
providers/proxy: outpost wide logout implementation (#4605)
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-02 21:18:59 +01:00 |
Jens Langhammer
|
cadb710c38
|
website/docs: add troubleshooting for CSRF
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-02-02 11:09:03 +01:00 |
Skyler Mäntysaari
|
c2b4d14af5
|
website/docs: Add note for firefox about FIDO and TouchID (#4552)
* docs(passwordless): Make sure to include a warning
Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
* add notice for firefox touchID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-28 22:45:51 +01:00 |
Jens Langhammer
|
b99afd82b2
|
stages/user_write: fix migration setting wrong value, fix form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-23 14:38:26 +01:00 |
Jens Langhammer
|
446dc0a17b
|
website/docs: prepare 2023.1.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-20 14:25:20 +01:00 |
Jens Langhammer
|
3a59b75f4a
|
website/docs: update ldap provider docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-20 11:46:57 +01:00 |
Jens L
|
98485c528e
|
ci: build beta for amd64 and arm64 (#4468)
* ci: build for arm64, but independently
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add notice to beta
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-19 21:41:56 +01:00 |
Jens Langhammer
|
59be3c7746
|
website/docs: add docs for validating phone numbers before SMS enrollment
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-19 17:57:52 +01:00 |
Jens Langhammer
|
97acc77e0a
|
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-18 15:25:58 +01:00 |
Jens Langhammer
|
eb1e0427c1
|
website/docs: add missing user uid field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-18 15:22:06 +01:00 |
Jens L
|
23c69c456a
|
providers/proxy: add setting to intercept authorization header (#4457)
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 18:56:48 +01:00 |
Jens L
|
c73fce4f58
|
sources/ldap: manual import (#4456)
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 12:21:33 +01:00 |
Jens Langhammer
|
19ee98b36d
|
outposts/proxy: allow setting no-redirect via header or query param
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-17 10:56:43 +01:00 |
Jens Langhammer
|
07767c9376
|
website/docs: add disclaimer to beta page that downgrade isn't supported
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-16 10:44:42 +01:00 |
Jens Langhammer
|
d31e566873
|
outposts/proxy: add header to prevent redirects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-14 22:18:25 +01:00 |
Jens Langhammer
|
b6b97f4706
|
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-13 16:32:34 +01:00 |
Jens L
|
cd12e177ea
|
providers/proxy: add initial header token auth (#4421)
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-13 16:22:03 +01:00 |
Jens Langhammer
|
d3e2f41561
|
website/docs: fix typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-01-09 13:13:41 +01:00 |
Jens Langhammer
|
bec538c543
|
sources/ldap: make task timeout adjustable
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-06 12:37:59 +01:00 |
Jens L
|
2604dc14fe
|
providers/ldap: add code-MFA support for ldap provider (#4354)
* add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-05 18:32:06 +01:00 |
Jens L
|
a960ce9454
|
stages/user_write: add more user creation options (#4367)
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-05 15:46:20 +01:00 |
Jens L
|
e6b5810e03
|
polices/hibp: remove deprecated (#4363)
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-05 13:19:26 +01:00 |
Jens Langhammer
|
ed3f36e72a
|
website/docs: update redirect docs
closes #4248
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-05 12:38:38 +01:00 |
Jens Langhammer
|
1efc7eecbf
|
website/docs: add metrics for monitoring and metrics
closes #4308
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-04 20:49:35 +01:00 |
Jens L
|
dc1359a763
|
providers/saml: initial SLO implementation (#2346)
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-04 19:45:31 +01:00 |
Jens Langhammer
|
c4bb51469b
|
website/docs: prepare 2022.12.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-04 10:15:15 +01:00 |
Jens Langhammer
|
82184b2882
|
web/flows: fix alternate captchas not loading
closes #4321
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2023-01-01 18:49:41 +01:00 |