From c07b8d95d0d667769de8f900da8106f1d3690a04 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 7 Jan 2022 09:55:19 +0100 Subject: [PATCH] outposts/proxy: remove deprecated headers Signed-off-by: Jens Langhammer --- authentik/providers/proxy/controllers/k8s/traefik.py | 7 ------- internal/outpost/proxyv2/application/mode_common.go | 8 -------- website/integrations/services/home-assistant/index.md | 7 ++++++- 3 files changed, 6 insertions(+), 16 deletions(-) diff --git a/authentik/providers/proxy/controllers/k8s/traefik.py b/authentik/providers/proxy/controllers/k8s/traefik.py index 22b7a4f47..4831d4123 100644 --- a/authentik/providers/proxy/controllers/k8s/traefik.py +++ b/authentik/providers/proxy/controllers/k8s/traefik.py @@ -121,13 +121,6 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware]) forwardAuth=TraefikMiddlewareSpecForwardAuth( address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik", authResponseHeaders=[ - # Legacy headers, remove after 2022.1 - "X-Auth-Username", - "X-Auth-Groups", - "X-Forwarded-Email", - "X-Forwarded-Preferred-Username", - "X-Forwarded-User", - # New headers, unique prefix "X-authentik-username", "X-authentik-groups", "X-authentik-email", diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go index 5438b0e36..7122b9dc8 100644 --- a/internal/outpost/proxyv2/application/mode_common.go +++ b/internal/outpost/proxyv2/application/mode_common.go @@ -14,14 +14,6 @@ import ( func (a *Application) addHeaders(headers http.Header, c *Claims) { // https://goauthentik.io/docs/providers/proxy/proxy - // Legacy headers, remove after 2022.1 - headers.Set("X-Auth-Username", c.PreferredUsername) - headers.Set("X-Auth-Groups", strings.Join(c.Groups, "|")) - headers.Set("X-Forwarded-Email", c.Email) - headers.Set("X-Forwarded-Preferred-Username", c.PreferredUsername) - headers.Set("X-Forwarded-User", c.Sub) - - // New headers, unique prefix headers.Set("X-authentik-username", c.PreferredUsername) headers.Set("X-authentik-groups", strings.Join(c.Groups, "|")) headers.Set("X-authentik-email", c.Email) diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md index 68af89647..49eb7b21e 100644 --- a/website/integrations/services/home-assistant/index.md +++ b/website/integrations/services/home-assistant/index.md @@ -31,7 +31,12 @@ This guide requires https://github.com/BeryJu/hass-auth-header, which can be ins Afterwards, make sure the `trusted_proxies` setting contains the IP(s) of the Host(s) authentik is running on. -With the default Header of `X-Forwarded-Preferred-Username` matching is done on a username basis, so your Name in Home-Assistant and your username in authentik have to match. +Use this configuration to match on the user's authentik username. + +```yaml +auth_header: + username_header: X-authentik-username +``` If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.