This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/outpost
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
..
cmd outposts/ldap: fix linting 2021-04-26 12:24:46 +02:00
pkg outposts: set cookies for a domain to authenticate an entire domain (#971) 2021-06-08 23:10:17 +02:00
.dockerignore outpost: rename proxy to outpost 2021-01-16 19:20:27 +01:00
.gitignore outpost: migrate to openapitools/openapi-generator-cli 2021-05-16 21:07:01 +02:00
azure-pipelines.yml outposts: set cookies for a domain to authenticate an entire domain (#971) 2021-06-08 23:10:17 +02:00
go.mod build(deps): bump github.com/go-openapi/runtime in /outpost (#987) 2021-06-08 08:53:34 +02:00
go.sum build(deps): bump github.com/go-openapi/runtime in /outpost (#987) 2021-06-08 08:53:34 +02:00
ldap.Dockerfile outpost/ldap: add http server for healthchecks 2021-06-06 23:07:13 +02:00
Makefile outpost: migrate to openapitools/openapi-generator-cli 2021-05-16 21:07:01 +02:00
proxy.Dockerfile build(deps): bump golang from 1.16.4 to 1.16.5 in /outpost (#966) 2021-06-04 09:37:13 +02:00
README.md outpost: migrate to openapitools/openapi-generator-cli 2021-05-16 21:07:01 +02:00

authentik outpost

CI Build status Docker pulls (proxy) Docker pulls (ldap)

Reverse Proxy based on oauth2_proxy, completely managed and monitored by authentik.

LDAP Server using ldap, completely managed and monitored by authentik.

Usage

authentik Outpost is built to be configured by authentik itself, hence the only options you can directly give it are connection params.

The following environment variable are implemented:

AUTHENTIK_HOST: Full URL to the authentik instance with protocol, i.e. "https://authentik.company.tld"

AUTHENTIK_TOKEN: Token used to authenticate against authentik. This is generated after an Outpost instance is created.

AUTHENTIK_INSECURE: This environment variable can optionally be set to ignore the SSL Certificate of the authentik instance. Applies to both HTTP and WS connections.

Development

authentik outpost uses an auto-generated API Client to communicate with authentik. This client is not kept in git. To generate the client locally, run make gen-outpost in the root directory of the repo.

Afterwards you can build the outpost like any other Go project, using go build ./cmd/proxy/server.go or go build ./cmd/ldap/server.go.