website/docs: remove duplicate proxy docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-22 10:48:10 +02:00
parent 66bfa6879d
commit 285a9b8b1d
7 changed files with 23 additions and 50 deletions

View file

@ -1,5 +1,5 @@
--- ---
title: LDAP Outpost title: LDAP Provider
--- ---
:::info :::info
@ -55,7 +55,7 @@ The following fields are current set for groups:
- "group" - "group"
- "goauthentik.io/ldap/group" - "goauthentik.io/ldap/group"
A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`. A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`.
The virtual groups gidNumber is equal to the uidNumber of the user. The virtual groups gidNumber is equal to the uidNumber of the user.
**Additionally**, for both users and (non-virtual) groups, any attributes you set are also present as LDAP Attributes. **Additionally**, for both users and (non-virtual) groups, any attributes you set are also present as LDAP Attributes.

View file

@ -1,27 +0,0 @@
---
title: Proxy Provider
---
:::info
This provider is to be used in conjunction with [Outposts](../outposts/outposts.md)
:::
This provider protects applications, which have no built-in support for OAuth2 or SAML. This is done by running a lightweight Reverse Proxy in front of the application, which authenticates the requests.
authentik Proxy is based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), but has been integrated more tightly with authentik.
The Proxy these extra headers to the application:
| Header Name | Value |
| ------------------------------ | --------------------------------------------------- |
| X-Forwarded-User | The user's unique identifier (**not the username**) |
| X-Forwarded-Email | The user's email address |
| X-Forwarded-Preferred-Username | The user's username |
| X-Auth-Username | The user's username |
Additionally, you can add more custom headers using `additionalHeaders` in the User or Group Properties, for example
```yaml
additionalHeaders:
X-additional-header: bar
```

View file

@ -117,7 +117,7 @@ metadata:
annotations: annotations:
nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx
nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User,X-Auth-Groups
nginx.ingress.kubernetes.io/auth-snippet: | nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Host $http_host;
``` ```
@ -145,6 +145,7 @@ http:
authResponseHeaders: authResponseHeaders:
- Set-Cookie - Set-Cookie
- X-Auth-Username - X-Auth-Username
- X-Auth-Groups
- X-Forwarded-Email - X-Forwarded-Email
- X-Forwarded-Preferred-Username - X-Forwarded-Preferred-Username
- X-Forwarded-User - X-Forwarded-User
@ -211,7 +212,7 @@ services:
traefik.http.routers.authentik.tls: true traefik.http.routers.authentik.tls: true
traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:4180/akprox/auth?traefik traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:4180/akprox/auth?traefik
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Auth-Groups,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
restart: unless-stopped restart: unless-stopped
whoami: whoami:
@ -241,6 +242,7 @@ spec:
authResponseHeaders: authResponseHeaders:
- Set-Cookie - Set-Cookie
- X-Auth-Username - X-Auth-Username
- X-Auth-Groups
- X-Forwarded-Email - X-Forwarded-Email
- X-Forwarded-Preferred-Username - X-Forwarded-Preferred-Username
- X-Forwarded-User - X-Forwarded-User

View file

@ -1,11 +1,12 @@
--- ---
title: Proxy Outpost title: Proxy provider
--- ---
The proxy outpost sets the following headers: The proxy outpost sets the following headers:
``` ```
X-Auth-Username: akadmin # The username of the currently logged in user X-Auth-Username: akadmin # The username of the currently logged in user
X-Auth-Groups: foo|bar|baz # The groups the user is member of, separated by a pipe
X-Forwarded-Email: root@localhost # The email address of the currently logged in user X-Forwarded-Email: root@localhost # The email address of the currently logged in user
X-Forwarded-Preferred-Username: akadmin # The username of the currently logged in user X-Forwarded-Preferred-Username: akadmin # The username of the currently logged in user
X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user. X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.

View file

@ -13,7 +13,7 @@ This update brings a lot of big features, such as:
Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more. Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more.
See [Proxy](../providers/proxy.md) See [Proxy](../providers/proxy/proxy.md)
- Outpost System - Outpost System

View file

@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in
- Compatibility with forwardAuth/auth_request - Compatibility with forwardAuth/auth_request
The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost, The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,
and the correct config from [here](../outposts/proxy/forward_auth.mdx). and the correct config from [here](../providers/proxy/forward_auth.mdx).
- Docker images for ARM - Docker images for ARM

View file

@ -23,7 +23,19 @@ module.exports = {
{ {
type: "category", type: "category",
label: "Providers", label: "Providers",
items: ["providers/oauth2", "providers/saml", "providers/proxy"], items: [
"providers/oauth2",
"providers/saml",
{
type: "category",
label: "Proxy",
items: [
"providers/proxy/proxy",
"providers/proxy/forward_auth",
],
},
"providers/ldap",
],
}, },
{ {
type: "category", type: "category",
@ -39,21 +51,6 @@ module.exports = {
"outposts/manual-deploy-kubernetes", "outposts/manual-deploy-kubernetes",
], ],
}, },
{
type: "category",
label: "Proxy",
items: [
"outposts/proxy/proxy",
"outposts/proxy/forward_auth",
],
},
{
type: "category",
label: "LDAP",
items: [
"outposts/ldap/ldap",
],
},
], ],
}, },
{ {