Jens Langhammer
25a4310bb1
internal: use Expires not MaxAge for LDAP session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-11 10:04:32 +02:00
dependabot[bot]
4d755dc0f6
build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5 ( #2843 )
...
* build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2022041.4 to 3.2022041.5.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.4...v3.2022041.5 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 20:33:19 +02:00
Jens L
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer
9b6e47e6b8
outposts/ldap: fix panic in type conversion when value is nil
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 15:52:58 +02:00
Jens Langhammer
51194cbf42
outposts/ldap: use backend group num_pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
Jens Langhammer
b45a442447
outposts/ldap: fix contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
Simon Siebert
75a720ead1
outposts/ldap: prevent operations error from nil dereference ( #2447 )
...
closes #2526
2022-03-19 18:26:26 +01:00
Jens Langhammer
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer
fb33906637
internal/ldap: fix panic when parsing lists with mixed types
...
closes #2355
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:55 +01:00
Jens L
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Ilya Kogan
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
Jens Langhammer
819af78e2b
internal: make internal go version match python version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00
Jens Langhammer
bf347730b3
outposts/ldap: remove deprecated fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:52:19 +01:00
Jens Langhammer
ececfc3a30
internal: fix comment formatting for TODOs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
Jens Langhammer
884c546f32
outposts: clean up flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 19:52:19 +01:00
Jens Langhammer
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
Jens Langhammer
fc9d270992
outposts/ldap: fix log formatter and level not being set correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:46:01 +01:00
Jens Langhammer
7d6e88061f
outposts: check if hub from context is set and fallback
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:19:57 +01:00
Jens Langhammer
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00
Jens Langhammer
8abc9cc031
outposts: cleanup logs for failed binds
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:09:18 +01:00
Jens Langhammer
63a19a1381
outposts/ldap: fix searches with mixed casing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 20:55:51 +01:00
Ilya Kogan
bd2e453218
outposts/ldap: Fix search case sensitivity. ( #1897 )
2021-12-08 20:11:56 +01:00
Ilya Kogan
40404ff41d
outposts/ldap: Rework/improve LDAP search logic. ( #1687 )
...
* outposts/ldap: Refactor searching so we key primarily off base dn
* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
Jens Langhammer
2ac9f5426d
outposts: don't panic when listening for metrics fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:37:13 +01:00
Jens Langhammer
ae9f1c1063
outpost/ldap: fix panic when attempting to update without locked users mutex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-18 19:36:27 +01:00
Jens Langhammer
f069cfb643
outposts/ldap: copy boundUsers map when running refresh instead of using blank map
...
closes #1651
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 00:26:01 +01:00
Jens Langhammer
e7b4363d21
outposts/ldap: fix logic error in cached ldap searcher
...
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
Jens Langhammer
ed6659a46d
outpost/ldap: don't cleanup user info as it is overwritten on bind
...
closes #1651
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:41:38 +01:00
Jens Langhammer
4d36699b78
outpost/ldap: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 19:32:11 +01:00
Jens L
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Jens Langhammer
2e06786869
outpost/ldap: fix logging for mismatched provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 19:49:17 +02:00
Ilya Kogan
9ed236f7ab
outposts/ldap: Support hard coded `uidNumber` and `gidNumber`. ( #1582 )
2021-10-10 23:43:36 +02:00
Jens Langhammer
75ef4ce596
tests/e2e: add new ldap object classes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:57:42 +02:00
Jens Langhammer
c2f3ce11b0
outposts/ldap: fix potential panic when converting attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:52:25 +02:00
Jens Langhammer
3c256fecc6
outposts/ldap: add groupofuniquenames
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:49:11 +02:00
Jens Langhammer
0285b84133
outposts/ldap: add query support for all supported object classes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:42:26 +02:00
Jens Langhammer
c7e6eb8896
outposts/ldap: add support for base scope and domain info
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 14:01:22 +02:00
Jens Langhammer
ebc06f1abe
outposts/ldap: fix logic error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-22 13:19:50 +02:00
Jens Langhammer
0f8880ab0a
outposts: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-22 13:14:28 +02:00
Jens Langhammer
1f97420207
outposts/ldap: allow custom attributes to shadow built-in attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:59:39 +02:00
Jens Langhammer
471f7d9c62
outposts: add consistent name and type to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:14:51 +02:00
Jens Langhammer
a6a6b3bd06
outposts: add outpost_name label to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:04:17 +02:00
Jens L
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens L
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer
9ad4cf1db9
outposts/ldap: improve logging of client IPs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-05 19:47:30 +02:00
Jens Langhammer
048467e97d
outpost/ldap: delay user information removal upon closing of connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 21:13:46 +02:00
Jens Langhammer
ffbab2cd68
outpost/ldap: set request_id in sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 22:36:08 +02:00
Jens Langhammer
294d70ae4d
outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 17:53:09 +02:00
Jens Langhammer
23fd257624
outposts/ldap: fix nil pointer dereference when search self
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:51:47 +02:00
Jens Langhammer
3e909ae6bb
core: allow filtering users by the groups they are in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer
ff24bc8cb8
outpost/ldap: regularly pre-heat flow executor cache to increase bind performance
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:17:30 +02:00
Jens Langhammer
54b7ef42f5
outpost/ldap: add sAMAccountName on groups for compatibility
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 15:59:24 +02:00
Jens Langhammer
93de363c86
website/developer-docs: add notice for translation requirements
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 21:42:59 +02:00
Jens Langhammer
80df444067
outposts/ldap: add sAMAccountName field for compatibility
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 21:00:02 +02:00
Jens Langhammer
6af2c6a014
outpost/ldap: fix errors with new UserSelf serializer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 18:20:24 +02:00
Jens Langhammer
5ff3e9b418
outposts/ldap: add support for member query
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 20:00:23 +02:00
Jens Langhammer
6a8be0dc71
outposts/ldap: improve parsing of LDAP filters
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 15:41:09 +02:00
Jens Langhammer
34189fcc06
outposts/ldap: search users and group in parallel
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 22:55:23 +02:00
Jens Langhammer
0d0dcf8de0
outposts/ldap: optimise backend Search API requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:38:30 +02:00
Jens Langhammer
1b4654bb1d
outposts/ldap: add tracing for LDAP bind and search
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 19:23:56 +02:00
Jens Langhammer
253f345fc4
outposts: save certificate fingerprint and check before re-fetching to cleanup logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:53:43 +02:00
Jens Langhammer
d89266a9d2
outposts/ldap: fix order of Listeners
...
TCP -> PROXY -> TLS
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-20 15:25:11 +02:00
Jens Langhammer
d678d33756
root: add support for PROXY protocol on listeners
...
closes #1161
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-20 11:03:09 +02:00
Jens Langhammer
d87871f806
outposts/ldap: improve logging, add request ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:41:29 +02:00
Jens Langhammer
a2c587be43
outposts: don't authenticate as service user for flows to set remote-ip
...
set outpost token as additional header and check that token (user) if they can override remote-ip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:17:13 +02:00
Jens Langhammer
4029e19b72
outposts/ldap: fix order of flow check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 22:22:35 +02:00
Jens Langhammer
36de302250
outposts: separate CLI flow executor from ldap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 15:51:48 +02:00
Jens Langhammer
cffc6a1b88
outpost/ldap: fix import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-17 20:02:36 +02:00
Jens Langhammer
a0b63f50bf
outposts: fix import for self-signed cert on ldap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-17 19:38:04 +02:00
Jens Langhammer
b3159a74e5
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Dockerfile
# internal/outpost/ak/api.go
# internal/outpost/ak/api_uag.go
# internal/outpost/ak/global.go
# internal/outpost/ldap/api_tls.go
# internal/outpost/ldap/instance_bind.go
# internal/outpost/ldap/utils.go
# internal/outpost/proxy/api_bundle.go
# outpost/go.mod
# outpost/go.sum
# outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Jens Langhammer
948db46406
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
Jens Langhammer
3dc9e247d5
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
2021-07-02 16:23:30 +02:00
Jens Langhammer
ff42663d3c
root: more code merging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:21:00 +02:00
Jens Langhammer
8429dd19b2
Merge branch 'master' into inbuilt-proxy
2021-06-29 16:20:24 +02:00
Jens Langhammer
6dc38b0132
root: start deduplicating code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 12:41:34 +02:00
Jens Langhammer
690b7be1d8
root: initial merging of outpost and main project
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 12:02:02 +02:00