gcp-cherry-pick-bot[bot]
9c8fec21cf
providers/oauth2: remember session_id from initial token (cherry-pick #7976 ) ( #7977 )
...
providers/oauth2: remember session_id from initial token (#7976 )
* providers/oauth2: remember session_id original token was created with for future access/refresh tokens
* providers/proxy: use hashed session as `sid`
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-23 01:20:48 +01:00
gcp-cherry-pick-bot[bot]
8d95612287
providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541 ) ( #7544 )
...
providers/proxy: Fix duplicate cookies when using file system store. (#7541 )
Fix duplicate cookies when using file system store.
Co-authored-by: thijs_a <thijs@thijsalders.nl>
2023-11-13 16:02:35 +01:00
gcp-cherry-pick-bot[bot]
c16317d7cf
providers/proxy: fix closed redis client (cherry-pick #7385 ) ( #7429 )
...
providers/proxy: fix closed redis client (#7385 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-03 15:46:17 +01:00
Jens L
7d91842e8a
providers/proxy: attempt to fix duplicate cookie ( #7324 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 00:41:13 +02:00
Jens L
dd7d3bf738
providers/proxy: fix redis cookies missing strict path ( #7135 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-10 12:17:35 +02:00
Jens L
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 01:06:52 +02:00
Jens L
efb2823391
internal: fix redis session store ( #7011 )
2023-09-28 21:06:27 +02:00
Jens L
c93c6ee6f9
root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )
...
* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-26 18:56:37 +02:00
Jens L
af200a6bf9
web: cleanup ( #6664 )
...
* web: remove <p> used for padding and do it properly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: remove .form-help-text as it didn't change anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move data-list styling to correct scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove title from navbar for docs-only build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 18:24:11 +02:00
Jens L
1410169af1
providers/proxy: fix JWKS url in embedded outpost ( #6644 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-28 00:52:01 +02:00
Jens L
9e29789c09
root: fix config loading for outposts ( #6640 )
...
* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-26 19:40:48 +02:00
Jens L
f6b144a0fa
providers/proxy: only intercept auth header when a value is set ( #6488 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-06 01:18:20 +02:00
Jens L
0782b3b0fa
providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )
...
* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-05 22:09:27 +02:00
Alexandre NICOLAIE
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
Jens L
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:44 +02:00
authentik-db-cooper
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:57:52 +03:00
Jens L
fd2677af1f
root: bump api generator ( #5139 )
...
* root: bump api generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump api diff too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump go api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* simplify go api generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-01 18:10:52 +02:00
Jens L
ef028af7d1
providers/proxy: rework endpoints logic ( #4993 )
...
* providers/proxy: rework endpoints logic
again...this time with tests and better logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-18 18:51:20 +01:00
Jens L
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 13:27:46 +01:00
Jens Langhammer
f70be86ddc
providers/proxy: strip scheme when comparing redirect URL
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 21:22:26 +01:00
Jens Langhammer
9f431396c0
providers/proxy: ensure issuer is correct when browser url override is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4715
2023-02-19 17:35:29 +01:00
Jens Langhammer
d945d30cda
providers/proxy: fix value is too long with filesystem sessions
...
closes #4693
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 10:50:01 +01:00
Jens Langhammer
b6c120f555
providers/proxy: fix client credential flows not using http interceptor
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 00:22:56 +01:00
Jens L
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 16:34:47 +01:00
Jens Langhammer
8f70354e3c
internal: remove debug remnant from cookie testing
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:29:18 +01:00
Jens L
21e29744c2
providers/proxy: different cookie name based on hashed client id ( #4666 )
2023-02-12 16:34:57 +01:00
Jens L
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer
3170b2f92c
providers/proxy: add token support for basic auth
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
Jens Langhammer
61b06eff06
providers/proxy: better log outpost token errors
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-06 20:26:43 +01:00
Jens Langhammer
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
Jens L
7d4ce41e12
providers/proxy: outpost wide logout implementation ( #4605 )
...
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens L
a9b32e2f97
providers/ldap: add unbind flow execution ( #4484 )
...
add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 20:36:30 +01:00
Jens Langhammer
43854dc828
outposts/proxy: fix panic due to IsSet misbehaving
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 18:22:55 +01:00
Jens L
c11367553e
providers/proxy: fix issuer for embedded outpost ( #4480 )
...
fix issuer for embedded outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 15:39:30 +01:00
Jens L
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens Langhammer
19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
...
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer
9b2ceb0d44
outposts/proxy: make logged user more consistent, set FlushInterval
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 23:58:15 +01:00
Jens Langhammer
69d4719687
outposts/proxy: set http code when no redirect header is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:20:52 +01:00
Jens Langhammer
d31e566873
outposts/proxy: add header to prevent redirects
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens Langhammer
0ddcefce80
outposts/proxy: cache basic and bearer credentials for one minute
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:12:48 +01:00
Jens Langhammer
4c45d35507
outposts/proxy: fix error handling, remove requirement for profile/etc scopes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 21:44:28 +01:00
Jens Langhammer
829e49275d
outposts/proxy: fix proxy's TokenIntrospection potentially not being set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:54:34 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer
001869641d
web: ensure img tags have alt attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:44:51 +01:00
Jens Langhammer
b3da1d223c
providers/proxy: correctly set id_token_hint if possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 19:02:37 +00:00
Jens L
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens L
d53733b6fc
outposts/proxy: reduce possibility for redirect loops, keep single state ( #3831 )
...
use single state, redirect when start url is hit with active session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 21:27:34 +02:00
Jens L
49b6aabb02
outposts/proxy: fix redirect path when external host is a subdirectory ( #3628 )
...
fix redirect path when external host is a subdirectory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-22 10:10:29 +02:00
Jens L
47daaf969a
outposts: fix oauth state when using signature routing ( #3616 )
...
* fix oauth state when using signature routing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more retires
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-19 21:38:34 +02:00
Jens Langhammer
220f123b29
internal: add more tracing for states
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-07 09:53:10 +02:00