Commit Graph

126 Commits

Author SHA1 Message Date
Jens Langhammer 25a4310bb1 internal: use Expires not MaxAge for LDAP session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-11 10:04:32 +02:00
dependabot[bot] 4d755dc0f6
build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5 (#2843)
* build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022041.4 to 3.2022041.5.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.4...v3.2022041.5)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 20:33:19 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824)
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer 9b6e47e6b8 outposts/ldap: fix panic in type conversion when value is nil
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 15:52:58 +02:00
Jens Langhammer 51194cbf42 outposts/ldap: use backend group num_pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
Jens Langhammer b45a442447 outposts/ldap: fix contexts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
Simon Siebert 75a720ead1
outposts/ldap: prevent operations error from nil dereference (#2447)
closes #2526
2022-03-19 18:26:26 +01:00
Jens Langhammer 62a939b91d internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer fb33906637 internal/ldap: fix panic when parsing lists with mixed types
closes #2355

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:55 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Ilya Kogan 947ecec02b
outposts/ldap: Fix more case sensitivity issues. (#2144) 2022-01-25 11:27:27 +01:00
Jens Langhammer 819af78e2b internal: make internal go version match python version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00
Jens Langhammer bf347730b3 outposts/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:52:19 +01:00
Jens Langhammer ececfc3a30 internal: fix comment formatting for TODOs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
Jens Langhammer 884c546f32 outposts: clean up flow executor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 19:52:19 +01:00
Jens Langhammer b3ba083ff0 internal: cleanup logging, remove duplicate code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
Jens Langhammer fc9d270992 outposts/ldap: fix log formatter and level not being set correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:46:01 +01:00
Jens Langhammer 7d6e88061f outposts: check if hub from context is set and fallback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:19:57 +01:00
Jens Langhammer f8aab40e3e internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00
Jens Langhammer 8abc9cc031 outposts: cleanup logs for failed binds
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:09:18 +01:00
Jens Langhammer 63a19a1381 outposts/ldap: fix searches with mixed casing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 20:55:51 +01:00
Ilya Kogan bd2e453218
outposts/ldap: Fix search case sensitivity. (#1897) 2021-12-08 20:11:56 +01:00
Ilya Kogan 40404ff41d
outposts/ldap: Rework/improve LDAP search logic. (#1687)
* outposts/ldap: Refactor searching so we key primarily off base dn

* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
Jens Langhammer 2ac9f5426d outposts: don't panic when listening for metrics fails
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:37:13 +01:00
Jens Langhammer ae9f1c1063 outpost/ldap: fix panic when attempting to update without locked users mutex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-18 19:36:27 +01:00
Jens Langhammer f069cfb643 outposts/ldap: copy boundUsers map when running refresh instead of using blank map
closes #1651

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 00:26:01 +01:00
Jens Langhammer e7b4363d21 outposts/ldap: fix logic error in cached ldap searcher
closes #1779

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
Jens Langhammer ed6659a46d outpost/ldap: don't cleanup user info as it is overwritten on bind
closes #1651

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:41:38 +01:00
Jens Langhammer 4d36699b78 outpost/ldap: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 19:32:11 +01:00
Jens L 5a8c66d325
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/ldap: add basic in-memory searcher

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/ldap: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Jens Langhammer 2e06786869 outpost/ldap: fix logging for mismatched provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 19:49:17 +02:00
Ilya Kogan 9ed236f7ab
outposts/ldap: Support hard coded `uidNumber` and `gidNumber`. (#1582) 2021-10-10 23:43:36 +02:00
Jens Langhammer 75ef4ce596 tests/e2e: add new ldap object classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:57:42 +02:00
Jens Langhammer c2f3ce11b0 outposts/ldap: fix potential panic when converting attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:52:25 +02:00
Jens Langhammer 3c256fecc6 outposts/ldap: add groupofuniquenames
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:49:11 +02:00
Jens Langhammer 0285b84133 outposts/ldap: add query support for all supported object classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:42:26 +02:00
Jens Langhammer c7e6eb8896 outposts/ldap: add support for base scope and domain info
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:01:22 +02:00
Jens Langhammer ebc06f1abe outposts/ldap: fix logic error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-22 13:19:50 +02:00
Jens Langhammer 0f8880ab0a outposts: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-22 13:14:28 +02:00
Jens Langhammer 1f97420207 outposts/ldap: allow custom attributes to shadow built-in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:59:39 +02:00
Jens Langhammer 471f7d9c62 outposts: add consistent name and type to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:14:51 +02:00
Jens Langhammer a6a6b3bd06 outposts: add outpost_name label to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:04:17 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer 9ad4cf1db9 outposts/ldap: improve logging of client IPs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-05 19:47:30 +02:00
Jens Langhammer 048467e97d outpost/ldap: delay user information removal upon closing of connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 21:13:46 +02:00
Jens Langhammer ffbab2cd68 outpost/ldap: set request_id in sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 22:36:08 +02:00
Jens Langhammer 294d70ae4d outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 17:53:09 +02:00
Jens Langhammer 23fd257624 outposts/ldap: fix nil pointer dereference when search self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:51:47 +02:00
Jens Langhammer 3e909ae6bb core: allow filtering users by the groups they are in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer ff24bc8cb8 outpost/ldap: regularly pre-heat flow executor cache to increase bind performance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:17:30 +02:00
Jens Langhammer 54b7ef42f5 outpost/ldap: add sAMAccountName on groups for compatibility
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 15:59:24 +02:00
Jens Langhammer 93de363c86 website/developer-docs: add notice for translation requirements
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 21:42:59 +02:00
Jens Langhammer 80df444067 outposts/ldap: add sAMAccountName field for compatibility
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 21:00:02 +02:00
Jens Langhammer 6af2c6a014 outpost/ldap: fix errors with new UserSelf serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 18:20:24 +02:00
Jens Langhammer 5ff3e9b418 outposts/ldap: add support for member query
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 20:00:23 +02:00
Jens Langhammer 6a8be0dc71 outposts/ldap: improve parsing of LDAP filters
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 15:41:09 +02:00
Jens Langhammer 34189fcc06 outposts/ldap: search users and group in parallel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 22:55:23 +02:00
Jens Langhammer 0d0dcf8de0 outposts/ldap: optimise backend Search API requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:38:30 +02:00
Jens Langhammer 1b4654bb1d outposts/ldap: add tracing for LDAP bind and search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 19:23:56 +02:00
Jens Langhammer 253f345fc4 outposts: save certificate fingerprint and check before re-fetching to cleanup logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:53:43 +02:00
Jens Langhammer d89266a9d2 outposts/ldap: fix order of Listeners
TCP -> PROXY -> TLS

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-20 15:25:11 +02:00
Jens Langhammer d678d33756 root: add support for PROXY protocol on listeners
closes #1161

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-20 11:03:09 +02:00
Jens Langhammer d87871f806 outposts/ldap: improve logging, add request ID
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:41:29 +02:00
Jens Langhammer a2c587be43 outposts: don't authenticate as service user for flows to set remote-ip
set outpost token as additional header and check that token (user) if they can override remote-ip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:17:13 +02:00
Jens Langhammer 4029e19b72 outposts/ldap: fix order of flow check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 22:22:35 +02:00
Jens Langhammer 36de302250 outposts: separate CLI flow executor from ldap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 15:51:48 +02:00
Jens Langhammer cffc6a1b88 outpost/ldap: fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-17 20:02:36 +02:00
Jens Langhammer a0b63f50bf outposts: fix import for self-signed cert on ldap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-17 19:38:04 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Jens Langhammer 948db46406 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
Jens Langhammer 3dc9e247d5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-02 16:23:30 +02:00
Jens Langhammer ff42663d3c root: more code merging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:21:00 +02:00
Jens Langhammer 8429dd19b2 Merge branch 'master' into inbuilt-proxy 2021-06-29 16:20:24 +02:00
Jens Langhammer 6dc38b0132 root: start deduplicating code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 12:41:34 +02:00
Jens Langhammer 690b7be1d8 root: initial merging of outpost and main project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 12:02:02 +02:00