trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: forward-auth page, add list of links (#4937) 

* add list of links

* added commas

* fix build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana Berry <tanaberry@Tanas-MacBook-Pro-authentik.local>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Tana M Berry 2023-03-14 07:45:49 -05:00 committed by GitHub
parent ff1532da13
commit 8b7a92068b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
website/docs/providers/proxy/forward_auth.mdx
View File

@ -7,11 +7,19 @@ Using forward auth uses your existing reverse proxy to do the proxying, and only
To use forward auth instead of proxying, you have to change a couple of settings.
In the Proxy Provider, make sure to use one of the Forward auth modes.
## Single application
## Forward auth modes
The only configuration difference between single application mode and domain level mode is the host that you specify.
For single application, you'd use the domain that the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
For domain level, you'd use the same domain as authentik.
### Single application
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
## Domain level
### Domain level
To use forward auth instead of proxying, you have to change a couple of settings.
In the Proxy Provider, make sure to use the _Forward auth (domain level)_ mode.
@ -21,10 +29,13 @@ This mode differs from the _Forward auth (single application)_ mode in the follo
- You don't have to configure an application in authentik for each domain
- Users don't have to authorize multiple times
There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
There are, however, also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
The only configuration difference between single application and domain level is the host you specify.
## Configuration templates
For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
For configuration templates for each web server, refer to the following:
For domain level, you'd use the same domain as authentik.
import DocCardList from "@theme/DocCardList";
import { useCurrentSidebarCategory } from "@docusaurus/theme-common";
<DocCardList items={useCurrentSidebarCategory().items} />