providers/proxy: add initial header token auth (#4421)
* initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
31c6ea9fda
commit
cd12e177ea
|
@ -8,6 +8,7 @@ from django.urls import reverse
|
|||
from authentik.core.models import Application
|
||||
from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
|
||||
from authentik.lib.generators import generate_id, generate_key
|
||||
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
|
||||
from authentik.providers.oauth2.models import IDToken, OAuth2Provider, RefreshToken
|
||||
from authentik.providers.oauth2.tests.utils import OAuthTestCase
|
||||
|
||||
|
@ -57,6 +58,8 @@ class TesOAuth2Introspection(OAuthTestCase):
|
|||
self.assertJSONEqual(
|
||||
res.content.decode(),
|
||||
{
|
||||
"acr": ACR_AUTHENTIK_DEFAULT,
|
||||
"auth_time": None,
|
||||
"aud": None,
|
||||
"sub": "bar",
|
||||
"exp": None,
|
||||
|
@ -64,6 +67,7 @@ class TesOAuth2Introspection(OAuthTestCase):
|
|||
"iss": "foo",
|
||||
"active": True,
|
||||
"client_id": self.provider.client_id,
|
||||
"scope": " ".join(self.token.scope),
|
||||
},
|
||||
)
|
||||
|
||||
|
|
|
@ -52,9 +52,8 @@ class TokenIntrospectionParams:
|
|||
if not provider:
|
||||
raise TokenIntrospectionError
|
||||
|
||||
try:
|
||||
token: RefreshToken = RefreshToken.objects.get(provider=provider, **token_filter)
|
||||
except RefreshToken.DoesNotExist:
|
||||
token: RefreshToken = RefreshToken.objects.filter(provider=provider, **token_filter).first()
|
||||
if not token:
|
||||
LOGGER.debug("Token does not exist", token=raw_token)
|
||||
raise TokenIntrospectionError()
|
||||
|
||||
|
@ -74,15 +73,12 @@ class TokenIntrospectionView(View):
|
|||
"""Introspection handler"""
|
||||
try:
|
||||
self.params = TokenIntrospectionParams.from_request(request)
|
||||
|
||||
response_dic = {}
|
||||
response = {}
|
||||
if self.params.id_token:
|
||||
token_dict = self.params.id_token.to_dict()
|
||||
for k in ("aud", "sub", "exp", "iat", "iss"):
|
||||
response_dic[k] = token_dict[k]
|
||||
response_dic["active"] = True
|
||||
response_dic["client_id"] = self.params.token.provider.client_id
|
||||
|
||||
return TokenResponse(response_dic)
|
||||
response.update(self.params.id_token.to_dict())
|
||||
response["active"] = True
|
||||
response["scope"] = " ".join(self.params.token.scope)
|
||||
response["client_id"] = self.params.token.provider.client_id
|
||||
return TokenResponse(response)
|
||||
except TokenIntrospectionError:
|
||||
return TokenResponse({"active": False})
|
||||
|
|
|
@ -37,6 +37,7 @@ class OpenIDConnectConfigurationSerializer(PassiveSerializer):
|
|||
class ProxyProviderSerializer(ProviderSerializer):
|
||||
"""ProxyProvider Serializer"""
|
||||
|
||||
client_id = CharField(read_only=True)
|
||||
redirect_uris = CharField(read_only=True)
|
||||
outpost_set = ListField(child=CharField(), read_only=True, source="outpost_set.all")
|
||||
|
||||
|
@ -77,6 +78,7 @@ class ProxyProviderSerializer(ProviderSerializer):
|
|||
|
||||
model = ProxyProvider
|
||||
fields = ProviderSerializer.Meta.fields + [
|
||||
"client_id",
|
||||
"internal_host",
|
||||
"external_host",
|
||||
"internal_host_ssl_validation",
|
||||
|
@ -88,6 +90,7 @@ class ProxyProviderSerializer(ProviderSerializer):
|
|||
"mode",
|
||||
"redirect_uris",
|
||||
"cookie_domain",
|
||||
"jwks_sources",
|
||||
"token_validity",
|
||||
"outpost_set",
|
||||
]
|
||||
|
|
|
@ -126,6 +126,7 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
|||
"""Ensure all OAuth2-related settings are correct"""
|
||||
self.client_type = ClientTypes.CONFIDENTIAL
|
||||
self.signing_key = None
|
||||
self.include_claims_in_id_token = True
|
||||
scopes = ScopeMapping.objects.filter(
|
||||
managed__in=[
|
||||
"goauthentik.io/providers/oauth2/scope-openid",
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
"""OAuth Source Serializer"""
|
||||
from django.urls.base import reverse_lazy
|
||||
from django_filters.filters import BooleanFilter
|
||||
from django_filters.filterset import FilterSet
|
||||
from drf_spectacular.types import OpenApiTypes
|
||||
from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field
|
||||
from requests import RequestException
|
||||
|
@ -111,13 +113,20 @@ class OAuthSourceSerializer(SourceSerializer):
|
|||
extra_kwargs = {"consumer_secret": {"write_only": True}}
|
||||
|
||||
|
||||
class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
|
||||
"""Source Viewset"""
|
||||
class OAuthSourceFilter(FilterSet):
|
||||
"""OAuth Source filter set"""
|
||||
|
||||
queryset = OAuthSource.objects.all()
|
||||
serializer_class = OAuthSourceSerializer
|
||||
lookup_field = "slug"
|
||||
filterset_fields = [
|
||||
has_jwks = BooleanFilter(label="Only return sources with JWKS data", method="filter_has_jwks")
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
def filter_has_jwks(self, queryset, name, value): # pragma: no cover
|
||||
"""Only return sources with JWKS data"""
|
||||
return queryset.exclude(oidc_jwks__iexact="{}")
|
||||
|
||||
class Meta:
|
||||
|
||||
model = OAuthSource
|
||||
fields = [
|
||||
"name",
|
||||
"slug",
|
||||
"enabled",
|
||||
|
@ -133,6 +142,15 @@ class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
|
|||
"consumer_key",
|
||||
"additional_scopes",
|
||||
]
|
||||
|
||||
|
||||
class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
|
||||
"""Source Viewset"""
|
||||
|
||||
queryset = OAuthSource.objects.all()
|
||||
serializer_class = OAuthSourceSerializer
|
||||
lookup_field = "slug"
|
||||
filterset_class = OAuthSourceFilter
|
||||
search_fields = ["name", "slug"]
|
||||
ordering = ["name"]
|
||||
|
||||
|
|
|
@ -120,7 +120,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
|||
}))
|
||||
mux.Use(func(inner http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
c, _ := a.getClaims(r)
|
||||
c, _ := a.checkAuth(rw, r)
|
||||
user := ""
|
||||
if c != nil {
|
||||
user = c.PreferredUsername
|
||||
|
|
78
internal/outpost/proxyv2/application/auth.go
Normal file
78
internal/outpost/proxyv2/application/auth.go
Normal file
|
@ -0,0 +1,78 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"goauthentik.io/internal/outpost/proxyv2/constants"
|
||||
)
|
||||
|
||||
const HeaderAuthorization = "Authorization"
|
||||
const AuthBearer = "Bearer "
|
||||
|
||||
// checkAuth Get claims which are currently in session
|
||||
// Returns an error if the session can't be loaded or the claims can't be parsed/type-cast
|
||||
func (a *Application) checkAuth(rw http.ResponseWriter, r *http.Request) (*Claims, error) {
|
||||
s, _ := a.sessions.Get(r, constants.SessionName)
|
||||
|
||||
c := a.getClaimsFromSession(r)
|
||||
if c != nil {
|
||||
return c, nil
|
||||
}
|
||||
|
||||
if rw == nil {
|
||||
return nil, fmt.Errorf("no response writer")
|
||||
}
|
||||
// Check bearer token if set
|
||||
bearer := a.checkAuthHeaderBearer(r)
|
||||
if bearer != "" {
|
||||
a.log.Trace("checking bearer token")
|
||||
tc := a.attemptBearerAuth(r, bearer)
|
||||
if tc != nil {
|
||||
s.Values[constants.SessionClaims] = tc.Claims
|
||||
err := s.Save(r, rw)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r.Header.Del(HeaderAuthorization)
|
||||
return &tc.Claims, nil
|
||||
}
|
||||
a.log.Trace("no/invalid bearer token")
|
||||
}
|
||||
// Check basic auth if set
|
||||
username, password, basicSet := r.BasicAuth()
|
||||
if basicSet {
|
||||
a.log.Trace("checking basic auth")
|
||||
tc := a.attemptBasicAuth(username, password)
|
||||
if tc != nil {
|
||||
s.Values[constants.SessionClaims] = *tc
|
||||
err := s.Save(r, rw)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r.Header.Del(HeaderAuthorization)
|
||||
return tc, nil
|
||||
}
|
||||
a.log.Trace("no/invalid basic auth")
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("failed to get claims from session")
|
||||
}
|
||||
|
||||
func (a *Application) getClaimsFromSession(r *http.Request) *Claims {
|
||||
s, err := a.sessions.Get(r, constants.SessionName)
|
||||
if err != nil {
|
||||
// err == user has no session/session is not valid, reject
|
||||
return nil
|
||||
}
|
||||
claims, ok := s.Values[constants.SessionClaims]
|
||||
if claims == nil || !ok {
|
||||
// no claims saved, reject
|
||||
return nil
|
||||
}
|
||||
c, ok := claims.(Claims)
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
return &c
|
||||
}
|
59
internal/outpost/proxyv2/application/auth_basic.go
Normal file
59
internal/outpost/proxyv2/application/auth_basic.go
Normal file
|
@ -0,0 +1,59 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type TokenResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
IDToken string `json:"id_token"`
|
||||
}
|
||||
|
||||
func (a *Application) attemptBasicAuth(username, password string) *Claims {
|
||||
values := url.Values{
|
||||
"grant_type": []string{"client_credentials"},
|
||||
"client_id": []string{a.oauthConfig.ClientID},
|
||||
"username": []string{username},
|
||||
"password": []string{password},
|
||||
"scope": []string{strings.Join(a.oauthConfig.Scopes, " ")},
|
||||
}
|
||||
req, err := http.NewRequest("POST", a.endpoint.TokenURL, strings.NewReader(values.Encode()))
|
||||
if err != nil {
|
||||
a.log.WithError(err).Warning("failed to create token request")
|
||||
return nil
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
res, err := a.httpClient.Do(req)
|
||||
if err != nil || res.StatusCode > 200 {
|
||||
a.log.WithError(err).Warning("failed to send token request")
|
||||
return nil
|
||||
}
|
||||
var token TokenResponse
|
||||
err = json.NewDecoder(res.Body).Decode(&token)
|
||||
if err != nil {
|
||||
a.log.WithError(err).Warning("failed to parse token response")
|
||||
return nil
|
||||
}
|
||||
// Parse and verify ID Token payload.
|
||||
idToken, err := a.tokenVerifier.Verify(context.Background(), token.IDToken)
|
||||
if err != nil {
|
||||
a.log.WithError(err).Warning("failed to verify token")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Extract custom claims
|
||||
var claims *Claims
|
||||
if err := idToken.Claims(&claims); err != nil {
|
||||
a.log.WithError(err).Warning("failed to convert token to claims")
|
||||
return nil
|
||||
}
|
||||
if claims.Proxy == nil {
|
||||
claims.Proxy = &ProxyClaims{}
|
||||
}
|
||||
claims.RawToken = token.IDToken
|
||||
return claims
|
||||
}
|
62
internal/outpost/proxyv2/application/auth_bearer.go
Normal file
62
internal/outpost/proxyv2/application/auth_bearer.go
Normal file
|
@ -0,0 +1,62 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func (a *Application) checkAuthHeaderBearer(r *http.Request) string {
|
||||
auth := r.Header.Get(HeaderAuthorization)
|
||||
if auth == "" {
|
||||
return ""
|
||||
}
|
||||
if len(auth) < len(AuthBearer) || !strings.EqualFold(auth[:len(AuthBearer)], AuthBearer) {
|
||||
return ""
|
||||
}
|
||||
return auth[len(AuthBearer):]
|
||||
}
|
||||
|
||||
type TokenIntrospectionResponse struct {
|
||||
Claims
|
||||
Scope string `json:"scope"`
|
||||
Active bool `json:"active"`
|
||||
ClientID string `json:"client_id"`
|
||||
}
|
||||
|
||||
func (a *Application) attemptBearerAuth(r *http.Request, token string) *TokenIntrospectionResponse {
|
||||
values := url.Values{
|
||||
"client_id": []string{a.oauthConfig.ClientID},
|
||||
"client_secret": []string{a.oauthConfig.ClientSecret},
|
||||
"token": []string{token},
|
||||
}
|
||||
req, err := http.NewRequest("POST", a.endpoint.TokenIntrospection, strings.NewReader(values.Encode()))
|
||||
if err != nil {
|
||||
a.log.WithError(err).Warning("failed to create introspection request")
|
||||
return nil
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
res, err := a.httpClient.Do(req)
|
||||
if err != nil || res.StatusCode > 200 {
|
||||
a.log.WithError(err).Warning("failed to send introspection request")
|
||||
return nil
|
||||
}
|
||||
intro := TokenIntrospectionResponse{}
|
||||
err = json.NewDecoder(res.Body).Decode(&intro)
|
||||
if err != nil {
|
||||
a.log.WithError(err).Warning("failed to parse introspection response")
|
||||
return nil
|
||||
}
|
||||
if !intro.Active {
|
||||
a.log.Warning("token is not active")
|
||||
return nil
|
||||
}
|
||||
if !strings.Contains(intro.Scope, "openid") || !strings.Contains(intro.Scope, "profile") {
|
||||
a.log.Error("token missing openid or profile scope")
|
||||
return nil
|
||||
}
|
||||
intro.RawToken = token
|
||||
a.log.Trace("successfully introspected bearer token")
|
||||
return &intro
|
||||
}
|
|
@ -12,6 +12,7 @@ import (
|
|||
|
||||
type OIDCEndpoint struct {
|
||||
oauth2.Endpoint
|
||||
TokenIntrospection string
|
||||
EndSessionEndpoint string
|
||||
JwksUri string
|
||||
}
|
||||
|
@ -67,5 +68,6 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoin
|
|||
ep.AuthURL = authU.String()
|
||||
ep.EndSessionEndpoint = endU.String()
|
||||
ep.JwksUri = jwksU.String()
|
||||
ep.TokenIntrospection = p.OidcConfiguration.IntrospectionEndpoint
|
||||
return ep
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@ type ErrorPageData struct {
|
|||
}
|
||||
|
||||
func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err string) {
|
||||
claims, _ := a.getClaims(r)
|
||||
claims, _ := a.checkAuth(rw, r)
|
||||
data := ErrorPageData{
|
||||
Title: "Bad Gateway",
|
||||
Message: "Error proxying to upstream server",
|
||||
|
|
|
@ -15,7 +15,6 @@ import (
|
|||
|
||||
func (a *Application) addHeaders(headers http.Header, c *Claims) {
|
||||
// https://goauthentik.io/docs/providers/proxy/proxy
|
||||
|
||||
headers.Set("X-authentik-username", c.PreferredUsername)
|
||||
headers.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
|
||||
headers.Set("X-authentik-email", c.Email)
|
||||
|
|
|
@ -49,7 +49,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
|
|||
return
|
||||
}
|
||||
// Check if we're authenticated, or the request path is on the allowlist
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if claims != nil && err == nil {
|
||||
a.addHeaders(rw.Header(), claims)
|
||||
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
|
||||
|
@ -100,7 +100,7 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
// Check if we're authenticated, or the request path is on the allowlist
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if claims != nil && err == nil {
|
||||
a.addHeaders(rw.Header(), claims)
|
||||
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
|
||||
|
@ -139,7 +139,7 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if claims != nil && err == nil {
|
||||
a.addHeaders(rw.Header(), claims)
|
||||
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
|
||||
|
@ -175,7 +175,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
|
|||
r.URL.Host = r.Host
|
||||
fwd := r.URL
|
||||
// Check if we're authenticated, or the request path is on the allowlist
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if claims != nil && err == nil {
|
||||
a.addHeaders(rw.Header(), claims)
|
||||
rw.Header().Set("User-Agent", r.Header.Get("User-Agent"))
|
||||
|
|
|
@ -33,10 +33,11 @@ func (a *Application) configureProxy() error {
|
|||
rp.ErrorHandler = a.newProxyErrorHandler()
|
||||
rp.ModifyResponse = a.proxyModifyResponse
|
||||
a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if claims == nil && a.IsAllowlisted(r.URL) {
|
||||
a.log.Trace("path can be accessed without authentication")
|
||||
} else if claims == nil && err != nil {
|
||||
a.log.WithError(err).Trace("no claims")
|
||||
a.redirectToStart(rw, r)
|
||||
return
|
||||
} else {
|
||||
|
@ -67,7 +68,7 @@ func (a *Application) configureProxy() error {
|
|||
func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
|
||||
return func(r *http.Request) {
|
||||
r.Header.Set("X-Forwarded-Host", r.Host)
|
||||
claims, _ := a.getClaims(r)
|
||||
claims, _ := a.checkAuth(nil, r)
|
||||
r.URL.Scheme = ou.Scheme
|
||||
r.URL.Host = ou.Host
|
||||
if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
|
||||
|
|
|
@ -50,7 +50,7 @@ func (a *Application) handleAuthStart(rw http.ResponseWriter, r *http.Request) {
|
|||
// and if we do we don't do anything here
|
||||
currentState, ok := s.Values[constants.SessionOAuthState].(string)
|
||||
if ok {
|
||||
claims, err := a.getClaims(r)
|
||||
claims, err := a.checkAuth(rw, r)
|
||||
if err != nil && claims != nil {
|
||||
a.log.Trace("auth start request with existing authenticated session")
|
||||
a.redirect(rw, r)
|
||||
|
|
|
@ -50,6 +50,9 @@ func (a *Application) redeemCallback(savedState string, u *url.URL, c context.Co
|
|||
if err := idToken.Claims(&claims); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if claims.Proxy == nil {
|
||||
claims.Proxy = &ProxyClaims{}
|
||||
}
|
||||
claims.RawToken = rawIDToken
|
||||
return claims, nil
|
||||
}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path"
|
||||
|
@ -77,26 +76,6 @@ func (a *Application) redirect(rw http.ResponseWriter, r *http.Request) {
|
|||
http.Redirect(rw, r, redirect, http.StatusFound)
|
||||
}
|
||||
|
||||
// getClaims Get claims which are currently in session
|
||||
// Returns an error if the session can't be loaded or the claims can't be parsed/type-cast
|
||||
func (a *Application) getClaims(r *http.Request) (*Claims, error) {
|
||||
s, err := a.sessions.Get(r, constants.SessionName)
|
||||
if err != nil {
|
||||
// err == user has no session/session is not valid, reject
|
||||
return nil, fmt.Errorf("invalid session")
|
||||
}
|
||||
claims, ok := s.Values[constants.SessionClaims]
|
||||
if claims == nil || !ok {
|
||||
// no claims saved, reject
|
||||
return nil, fmt.Errorf("invalid session")
|
||||
}
|
||||
c, ok := claims.(Claims)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid session")
|
||||
}
|
||||
return &c, nil
|
||||
}
|
||||
|
||||
// toString Generic to string function, currently supports actual strings and integers
|
||||
func toString(in interface{}) string {
|
||||
switch v := in.(type) {
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2023-01-11 13:08+0000\n"
|
||||
"POT-Creation-Date: 2023-01-13 14:37+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -18,7 +18,7 @@ msgstr ""
|
|||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
|
||||
|
||||
#: authentik/admin/api/tasks.py:115
|
||||
#: authentik/admin/api/tasks.py:126
|
||||
#, python-format
|
||||
msgid "Successfully re-scheduled Task %(name)s!"
|
||||
msgstr ""
|
||||
|
@ -952,11 +952,11 @@ msgstr ""
|
|||
msgid "authentik API Access on behalf of your user"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/proxy/api.py:51
|
||||
#: authentik/providers/proxy/api.py:52
|
||||
msgid "User and password attributes must be set when basic auth is enabled."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/proxy/api.py:61
|
||||
#: authentik/providers/proxy/api.py:62
|
||||
msgid "Internal host cannot be empty when forward auth is disabled."
|
||||
msgstr ""
|
||||
|
||||
|
@ -991,11 +991,11 @@ msgstr ""
|
|||
msgid "HTTP-Basic Password Key"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/proxy/models.py:151
|
||||
#: authentik/providers/proxy/models.py:152
|
||||
msgid "Proxy Provider"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/proxy/models.py:152
|
||||
#: authentik/providers/proxy/models.py:153
|
||||
msgid "Proxy Providers"
|
||||
msgstr ""
|
||||
|
||||
|
|
33
schema.yml
33
schema.yml
|
@ -16202,6 +16202,11 @@ paths:
|
|||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
- in: query
|
||||
name: has_jwks
|
||||
schema:
|
||||
type: boolean
|
||||
description: Only return sources with JWKS data
|
||||
- in: query
|
||||
name: name
|
||||
schema:
|
||||
|
@ -34360,6 +34365,14 @@ components:
|
|||
Exclusive with internal_host.
|
||||
cookie_domain:
|
||||
type: string
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Any JWT signed by the JWK of the selected source can be used to
|
||||
authenticate.
|
||||
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
|
||||
token_validity:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
@ -35729,6 +35742,9 @@ components:
|
|||
meta_model_name:
|
||||
type: string
|
||||
readOnly: true
|
||||
client_id:
|
||||
type: string
|
||||
readOnly: true
|
||||
internal_host:
|
||||
type: string
|
||||
format: uri
|
||||
|
@ -35771,6 +35787,14 @@ components:
|
|||
readOnly: true
|
||||
cookie_domain:
|
||||
type: string
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Any JWT signed by the JWK of the selected source can be used to
|
||||
authenticate.
|
||||
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
|
||||
token_validity:
|
||||
type: string
|
||||
description: 'Tokens not valid on or after current time + this value (Format:
|
||||
|
@ -35784,6 +35808,7 @@ components:
|
|||
- assigned_application_name
|
||||
- assigned_application_slug
|
||||
- authorization_flow
|
||||
- client_id
|
||||
- component
|
||||
- external_host
|
||||
- meta_model_name
|
||||
|
@ -35849,6 +35874,14 @@ components:
|
|||
Exclusive with internal_host.
|
||||
cookie_domain:
|
||||
type: string
|
||||
jwks_sources:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
format: uuid
|
||||
title: Any JWT signed by the JWK of the selected source can be used to
|
||||
authenticate.
|
||||
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
|
||||
token_validity:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
|
|
@ -400,6 +400,7 @@ ${this.instance?.redirectUris}</textarea
|
|||
new SourcesApi(DEFAULT_CONFIG)
|
||||
.sourcesOauthList({
|
||||
ordering: "name",
|
||||
hasJwks: true,
|
||||
})
|
||||
.then((sources) => {
|
||||
return sources.results.map((source) => {
|
||||
|
|
|
@ -31,6 +31,7 @@ import {
|
|||
ProvidersApi,
|
||||
ProxyMode,
|
||||
ProxyProvider,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-proxy-form")
|
||||
|
@ -385,7 +386,10 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
|
|||
>
|
||||
</ak-search-select>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${t`Scopes`} name="propertyMappings">
|
||||
<ak-form-element-horizontal
|
||||
label=${t`Additional scopes`}
|
||||
name="propertyMappings"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${until(
|
||||
new PropertymappingsApi(DEFAULT_CONFIG)
|
||||
|
@ -440,7 +444,11 @@ ${this.instance?.skipPathRegex}</textarea
|
|||
${t`When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group>
|
||||
<span slot="header">${t`Authentication settings`}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal name="basicAuthEnabled">
|
||||
<label class="pf-c-switch">
|
||||
<input
|
||||
|
@ -458,14 +466,47 @@ ${this.instance?.skipPathRegex}</textarea
|
|||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label"
|
||||
>${t`Set HTTP-Basic Authentication`}</span
|
||||
>${t`Send HTTP-Basic Authentication`}</span
|
||||
>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Set a custom HTTP-Basic Authentication header based on values from authentik.`}
|
||||
${t`Send a custom HTTP-Basic Authentication header based on values from authentik.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
${this.showHttpBasic ? this.renderHttpBasic() : html``}
|
||||
<ak-form-element-horizontal label=${t`Trusted OIDC Sources`} name="jwksSources">
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${until(
|
||||
new SourcesApi(DEFAULT_CONFIG)
|
||||
.sourcesOauthList({
|
||||
ordering: "name",
|
||||
hasJwks: true,
|
||||
})
|
||||
.then((sources) => {
|
||||
return sources.results.map((source) => {
|
||||
const selected = (
|
||||
this.instance?.jwksSources || []
|
||||
).some((su) => {
|
||||
return su == source.pk;
|
||||
});
|
||||
return html`<option
|
||||
value=${source.pk}
|
||||
?selected=${selected}
|
||||
>
|
||||
${source.name} (${source.slug})
|
||||
</option>`;
|
||||
});
|
||||
}),
|
||||
html`<option>${t`Loading...`}</option>`,
|
||||
)}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.`}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Hold control/command to select multiple items.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
|
|
|
@ -10,10 +10,12 @@ import MDNginxStandalone from "@goauthentik/docs/providers/proxy/_nginx_standalo
|
|||
import MDTraefikCompose from "@goauthentik/docs/providers/proxy/_traefik_compose.md";
|
||||
import MDTraefikIngress from "@goauthentik/docs/providers/proxy/_traefik_ingress.md";
|
||||
import MDTraefikStandalone from "@goauthentik/docs/providers/proxy/_traefik_standalone.md";
|
||||
import MDHeaderAuthentication from "@goauthentik/docs/providers/proxy/header_authentication.md";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import "@goauthentik/elements/CodeMirror";
|
||||
import { PFColor } from "@goauthentik/elements/Label";
|
||||
import "@goauthentik/elements/Markdown";
|
||||
import "@goauthentik/elements/Markdown";
|
||||
import "@goauthentik/elements/Tabs";
|
||||
import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
|
@ -32,6 +34,7 @@ import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
|||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFForm from "@patternfly/patternfly/components/Form/form.css";
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFList from "@patternfly/patternfly/components/List/list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
@ -90,6 +93,7 @@ export class ProxyProviderViewPage extends AKElement {
|
|||
PFPage,
|
||||
PFGrid,
|
||||
PFContent,
|
||||
PFList,
|
||||
PFForm,
|
||||
PFFormControl,
|
||||
PFCard,
|
||||
|
@ -182,6 +186,9 @@ export class ProxyProviderViewPage extends AKElement {
|
|||
<section slot="page-overview" data-tab-title="${t`Overview`}">
|
||||
${this.renderTabOverview()}
|
||||
</section>
|
||||
<section slot="page-authentication" data-tab-title="${t`Authentication`}">
|
||||
${this.renderTabAuthentication()}
|
||||
</section>
|
||||
<section
|
||||
slot="page-changelog"
|
||||
data-tab-title="${t`Changelog`}"
|
||||
|
@ -200,6 +207,37 @@ export class ProxyProviderViewPage extends AKElement {
|
|||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
renderTabAuthentication(): TemplateResult {
|
||||
if (!this.provider) {
|
||||
return html``;
|
||||
}
|
||||
return html`<div
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter"
|
||||
>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list pf-m-3-col-on-lg">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text">${t`Client ID`}</span>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
<pre>${this.provider.clientId}</pre>
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-markdown .md=${MDHeaderAuthentication}></ak-markdown>
|
||||
</div>
|
||||
</div>
|
||||
</div>`;
|
||||
}
|
||||
|
||||
renderTabOverview(): TemplateResult {
|
||||
if (!this.provider) {
|
||||
return html``;
|
||||
|
@ -316,21 +354,24 @@ export class ProxyProviderViewPage extends AKElement {
|
|||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${t`Protocol Settings`}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<form class="pf-c-form">
|
||||
<div class="pf-c-form__group">
|
||||
<label class="pf-c-form__label">
|
||||
<span class="pf-c-form__label-text"
|
||||
<dl class="pf-c-description-list pf-m-3-col-on-lg">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${t`Allowed Redirect URIs`}</span
|
||||
>
|
||||
</label>
|
||||
<input
|
||||
class="pf-c-form-control"
|
||||
readonly
|
||||
type="text"
|
||||
value=${this.provider.redirectUris}
|
||||
/>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
<ul class="pf-c-list">
|
||||
${this.provider.redirectUris.split("\n").map((url) => {
|
||||
return html`<li><pre>${url}</pre></li>`;
|
||||
})}
|
||||
</ul>
|
||||
</div>
|
||||
</form>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
|
|
|
@ -27,9 +27,7 @@ export class Alert extends AKElement {
|
|||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`<div
|
||||
class="pf-c-alert ${this.inline ? html`pf-m-inline` : html``} ${this.level}"
|
||||
>
|
||||
return html`<div class="pf-c-alert ${this.inline ? "pf-m-inline" : ""} ${this.level}">
|
||||
<div class="pf-c-alert__icon">
|
||||
<i class="fas fa-exclamation-circle"></i>
|
||||
</div>
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import { docLink } from "@goauthentik/common/global";
|
||||
import "@goauthentik/elements/Alert";
|
||||
import { Level } from "@goauthentik/elements/Alert";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
|
@ -40,9 +41,13 @@ export class Markdown extends AKElement {
|
|||
replaceAdmonitions(input: string): string {
|
||||
const admonitionStart = /:::(\w+)<br\s\/>/gm;
|
||||
const admonitionEnd = /:::/gm;
|
||||
return input
|
||||
.replaceAll(admonitionStart, "<ak-alert level='$1'>")
|
||||
.replaceAll(admonitionEnd, "</ak-alert>");
|
||||
return (
|
||||
input
|
||||
.replaceAll(admonitionStart, "<ak-alert level='pf-m-$1'>")
|
||||
.replaceAll(admonitionEnd, "</ak-alert>")
|
||||
// Workaround for admonitions using caution instead of warning
|
||||
.replaceAll("pf-m-caution", Level.Warning)
|
||||
);
|
||||
}
|
||||
|
||||
replaceList(input: string): string {
|
||||
|
|
|
@ -352,6 +352,10 @@ msgstr "Zusätzlicher Gruppen-DN, dem Basis-DN vorangestellt."
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "Zusätzliche Bereichszuordnungen, die an den Proxy übergeben werden."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "Zusätzliche Anwendungsbereiche (Scopes), die an den OAuth-Provider übergeben werden, getrennt durch ein Leerzeichen."
|
||||
|
@ -687,6 +691,7 @@ msgstr "Authentifizierung mit Plex..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Authentifizierung"
|
||||
|
||||
|
@ -709,6 +714,10 @@ msgstr "Authentifizierungsablauf"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1218,6 +1227,7 @@ msgstr "Token kopieren"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "Client-ID"
|
||||
|
@ -2108,6 +2118,10 @@ msgstr "Duo-Authentifikator"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Duo Push-Benachrichtigungen"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Dauer, nach der ein Ereignis aus der Datenbank gelöscht wird."
|
||||
|
@ -2909,6 +2923,7 @@ msgstr "Interne Konten ausblenden"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3261,6 +3276,7 @@ msgstr ""
|
|||
#~ msgstr "JWTs, welche mit den hier konfigurierten Zertifikaten signiert werden, können zur Authentifizierung beim Provider benutzt werden."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3451,6 +3467,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5160,7 +5177,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "Gültigkeitsbereich, den der Client angeben kann, um auf diese Eigenschaften zuzugreifen."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5314,6 +5330,14 @@ msgstr "Auswahl der Backends, mit denen das Kennwort getestet werden soll."
|
|||
msgid "Send Email again."
|
||||
msgstr "E-Mail erneut senden."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5402,12 +5426,12 @@ msgid "Sessions"
|
|||
msgstr "Sitzungen"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "HTTP-Basisauthentifizierung einstellen"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "HTTP-Basisauthentifizierung einstellen"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Legen Sie einen benutzerdefinierten HTTP-Basic Authentication-Header fest, der auf den Werten von authentik basiert."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "Legen Sie einen benutzerdefinierten HTTP-Basic Authentication-Header fest, der auf den Werten von authentik basiert."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6540,6 +6564,7 @@ msgid "Transports"
|
|||
msgstr "Zustellungsarten"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7623,6 +7648,10 @@ msgstr "{0} - {1} von {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} ist verfügbar!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} ungelesen"
|
||||
|
|
|
@ -334,6 +334,10 @@ msgstr "Additional group DN, prepended to the Base DN."
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "Additional scope mappings, which are passed to the proxy."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr "Additional scopes"
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
|
@ -673,6 +677,7 @@ msgstr "Authenticating with Plex..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Authentication"
|
||||
|
||||
|
@ -695,6 +700,10 @@ msgstr "Authentication flow"
|
|||
msgid "Authentication method"
|
||||
msgstr "Authentication method"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr "Authentication settings"
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr "Authentication without user interaction, or machine-to-machine authentication."
|
||||
|
@ -1214,6 +1223,7 @@ msgstr "Click to copy token"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "Client ID"
|
||||
|
@ -2130,6 +2140,10 @@ msgstr "Duo authenticator"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Duo push-notifications"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr "Duration"
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Duration after which events will be deleted from the database."
|
||||
|
@ -2951,6 +2965,7 @@ msgstr "Hide service-accounts"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3313,6 +3328,7 @@ msgstr "JWKS URL"
|
|||
#~ msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
|
||||
|
@ -3506,6 +3522,7 @@ msgstr "Loading options..."
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5264,7 +5281,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "Scope which the client can specify to access these properties."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5421,6 +5437,14 @@ msgstr "Selection of backends to test the password against."
|
|||
msgid "Send Email again."
|
||||
msgstr "Send Email again."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr "Send HTTP-Basic Authentication"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5515,12 +5539,12 @@ msgid "Sessions"
|
|||
msgstr "Sessions"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "Set HTTP-Basic Authentication"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "Set HTTP-Basic Authentication"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6688,6 +6712,7 @@ msgid "Transports"
|
|||
msgstr "Transports"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr "Trusted OIDC Sources"
|
||||
|
||||
|
@ -7786,6 +7811,10 @@ msgstr "{0} - {1} of {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} is available!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr "{0} seconds"
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} unread"
|
||||
|
|
|
@ -330,6 +330,10 @@ msgstr "DN de grupo adicional, antepuesto al DN base."
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "Mapeos de ámbito adicional, que se pasan al proxy."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "Ámbitos adicionales que se pasarán al proveedor de OAuth, separados por espacios."
|
||||
|
@ -665,6 +669,7 @@ msgstr "Autenticando con Plex..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Autenticación"
|
||||
|
||||
|
@ -687,6 +692,10 @@ msgstr "Flujo de autenticación"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1194,6 +1203,7 @@ msgstr "Haga clic para copiar el token"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "ID de cliente"
|
||||
|
@ -2084,6 +2094,10 @@ msgstr "Autenticador Duo"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Notificaciones push Duo"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Duración tras la cual los eventos se eliminarán de la base de datos."
|
||||
|
@ -2885,6 +2899,7 @@ msgstr "Ocultar cuentas de servicio"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3237,6 +3252,7 @@ msgstr ""
|
|||
#~ msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3427,6 +3443,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5136,7 +5153,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "Ámbito que el cliente puede especificar para acceder a estas propiedades."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5290,6 +5306,14 @@ msgstr "Selección de backends para probar la contraseña."
|
|||
msgid "Send Email again."
|
||||
msgstr "Vuelve a enviar el correo electrónico."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5378,12 +5402,12 @@ msgid "Sessions"
|
|||
msgstr "Sesiones"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "Establecer la autenticación básica de HTTP"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "Establecer la autenticación básica de HTTP"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Establezca un encabezado de autenticación básica HTTP personalizado en función de los valores de authentik."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "Establezca un encabezado de autenticación básica HTTP personalizado en función de los valores de authentik."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6516,6 +6540,7 @@ msgid "Transports"
|
|||
msgstr "Transportes"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7599,6 +7624,10 @@ msgstr "{0} - {1} de {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} está disponible."
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} sin leer"
|
||||
|
|
|
@ -335,6 +335,10 @@ msgstr "DN à préfixer au DN de base pour les groupes"
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr ""
|
||||
|
@ -670,6 +674,7 @@ msgstr "Authentification avec Plex..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Authentification"
|
||||
|
||||
|
@ -692,6 +697,10 @@ msgstr "Flux d'authentification"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1199,6 +1208,7 @@ msgstr "Cliquer pour copier le jeton"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "ID client"
|
||||
|
@ -2087,6 +2097,10 @@ msgstr "Authentificateur Duo"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Notification push Duo"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Expiration des évènements à l'issue de laquelle ils seront supprimés de la base de donnée."
|
||||
|
@ -2888,6 +2902,7 @@ msgstr "Cacher les comptes de service"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3238,6 +3253,7 @@ msgstr ""
|
|||
#~ msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3428,6 +3444,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5137,7 +5154,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "Portée que le client peut spécifier pour accéder à ces propriétés."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5291,6 +5307,14 @@ msgstr "Sélection de backends pour tester le mot de passe."
|
|||
msgid "Send Email again."
|
||||
msgstr "Renvoyer l’email."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5379,12 +5403,12 @@ msgid "Sessions"
|
|||
msgstr "Sessions"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "Définir l'authentification HTTP-Basic"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "Définir l'authentification HTTP-Basic"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Définir un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "Définir un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6507,6 +6531,7 @@ msgid "Transports"
|
|||
msgstr "Transports"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7588,6 +7613,10 @@ msgstr "{0} - {1} sur {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} est disponible !"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} non lu"
|
||||
|
|
|
@ -334,6 +334,10 @@ msgstr "Dodatkowa DN grupy, poprzedzona podstawową DN."
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "Dodatkowe mapowania zakresu, które są przekazywane do serwera proxy."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "Dodatkowe zakresy do przekazania do dostawcy OAuth, oddzielone spacją."
|
||||
|
@ -669,6 +673,7 @@ msgstr "Uwierzytelnianie z Plex..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Uwierzytelnianie"
|
||||
|
||||
|
@ -691,6 +696,10 @@ msgstr "Przepływ uwierzytelniania"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1200,6 +1209,7 @@ msgstr "Kliknij, aby skopiować token"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "Client ID"
|
||||
|
@ -2090,6 +2100,10 @@ msgstr "Uwierzytelniacz Duo"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Powiadomienia push Duo"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Czas, po którym zdarzenia zostaną usunięte z bazy danych."
|
||||
|
@ -2891,6 +2905,7 @@ msgstr "Ukryj konta serwisowe"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3245,6 +3260,7 @@ msgstr ""
|
|||
#~ msgstr "JWTs podpisane przez certyfikaty skonfigurowane tutaj mogą służyć do uwierzytelniania u dostawcy."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3435,6 +3451,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5146,7 +5163,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "Zakres, który klient może określić, aby uzyskać dostęp do tych właściwości."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5300,6 +5316,14 @@ msgstr "Wybór backendów do testowania hasła."
|
|||
msgid "Send Email again."
|
||||
msgstr "Wyślij e-mail ponownie."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5388,12 +5412,12 @@ msgid "Sessions"
|
|||
msgstr "Sesje"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "Ustaw HTTP-Basic Authentication"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "Ustaw HTTP-Basic Authentication"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "Ustaw niestandardowy nagłówek HTTP-Basic Authentication na podstawie wartości z authentik."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "Ustaw niestandardowy nagłówek HTTP-Basic Authentication na podstawie wartości z authentik."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6526,6 +6550,7 @@ msgid "Transports"
|
|||
msgstr "Transporty"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr "Zaufane źródła OIDC"
|
||||
|
||||
|
@ -7611,6 +7636,10 @@ msgstr "{0} - {1} z {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} jest dostępny!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} nieprzeczytane"
|
||||
|
|
|
@ -330,6 +330,10 @@ msgstr ""
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr ""
|
||||
|
@ -665,6 +669,7 @@ msgstr ""
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr ""
|
||||
|
||||
|
@ -687,6 +692,10 @@ msgstr ""
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1202,6 +1211,7 @@ msgstr ""
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr ""
|
||||
|
@ -2116,6 +2126,10 @@ msgstr ""
|
|||
msgid "Duo push-notifications"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr ""
|
||||
|
@ -2937,6 +2951,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3295,6 +3310,7 @@ msgstr ""
|
|||
#~ msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3488,6 +3504,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5244,7 +5261,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5401,6 +5417,14 @@ msgstr ""
|
|||
msgid "Send Email again."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5495,12 +5519,12 @@ msgid "Sessions"
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr ""
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6658,6 +6682,7 @@ msgid "Transports"
|
|||
msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7750,6 +7775,10 @@ msgstr ""
|
|||
msgid "{0} is available!"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr ""
|
||||
|
|
|
@ -330,6 +330,10 @@ msgstr "Ek grup DN, Base DN için eklenmiş."
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "Proxy'ye iletilen ek kapsam eşlemeleri."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "OAuth Sağlayıcıya iletilecek ek kapsamlar, boşlukla ayrılmış."
|
||||
|
@ -665,6 +669,7 @@ msgstr "Plex ile kimlik doğrulaması..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "Kimlik Doğrulama"
|
||||
|
||||
|
@ -687,6 +692,10 @@ msgstr "Kimlik doğrulama akışı"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1194,6 +1203,7 @@ msgstr "Belirteci kopyalamak için tıklayın"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "Müşteri Kimliği"
|
||||
|
@ -2084,6 +2094,10 @@ msgstr "Duo kimlik doğrulayıcı"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Duo push-bildirimleri"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "Olayların veritabanından silineceği süre."
|
||||
|
@ -2885,6 +2899,7 @@ msgstr "Hizmet hesaplarını gizle"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3237,6 +3252,7 @@ msgstr ""
|
|||
#~ msgstr ""
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3427,6 +3443,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5136,7 +5153,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "İstemcinin bu özelliklere erişmek için belirtebileceği kapsam."
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5290,6 +5306,14 @@ msgstr "Parolayı test etmek için arka uçların seçimi."
|
|||
msgid "Send Email again."
|
||||
msgstr "E-postayı tekrar gönder."
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5378,12 +5402,12 @@ msgid "Sessions"
|
|||
msgstr "Oturumlar"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "HTTP-Temel Kimlik Doğrulamasını Ayarla"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "HTTP-Temel Kimlik Doğrulamasını Ayarla"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "authentik değerlerine göre özel bir HTTP-Basic Kimlik Doğrulama başlığı ayarlayın."
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "authentik değerlerine göre özel bir HTTP-Basic Kimlik Doğrulama başlığı ayarlayın."
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6516,6 +6540,7 @@ msgid "Transports"
|
|||
msgstr "Aktarıcılar"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7599,6 +7624,10 @@ msgstr "{2} içinden {0} - {1}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} kullanılabilir!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} okunmamış"
|
||||
|
|
|
@ -336,6 +336,10 @@ msgstr "额外的组 DN,添加到 Base DN 起始处。"
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "传递给代理的额外作用域映射。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "要传递给 OAuth 提供商的额外作用域,用空格分隔。"
|
||||
|
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "身份验证"
|
||||
|
||||
|
@ -693,6 +698,10 @@ msgstr "身份验证流程"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "客户端 ID"
|
||||
|
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "Duo 推送通知"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "事件从数据库中删除的时间,超过这个时间就会被删除。"
|
||||
|
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3245,6 +3260,7 @@ msgstr ""
|
|||
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3435,6 +3451,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "客户端可以指定的访问这些属性的范围。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
|
|||
msgid "Send Email again."
|
||||
msgstr "再次发送电子邮件。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5386,12 +5410,12 @@ msgid "Sessions"
|
|||
msgstr "会话"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "设置 HTTP-Basic 身份验证"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "设置 HTTP-Basic 身份验证"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6524,6 +6548,7 @@ msgid "Transports"
|
|||
msgstr "传输"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr "信任的 OIDC 来源"
|
||||
|
||||
|
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} / {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} 可用!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} 未读"
|
||||
|
|
|
@ -336,6 +336,10 @@ msgstr "额外的Group DN,优先于Base DN。"
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "传递给代理的其他作用域映射。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "要传递给 OAuth 提供程序的其他作用域,用空格分隔。"
|
||||
|
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "身份验证"
|
||||
|
||||
|
@ -693,6 +698,10 @@ msgstr "身份验证流程"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "客户端 ID"
|
||||
|
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "二重奏推送通知"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "事件将从数据库中删除的持续时间。"
|
||||
|
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3245,6 +3260,7 @@ msgstr ""
|
|||
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3435,6 +3451,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "客户端可以指定的访问这些属性的范围。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
|
|||
msgid "Send Email again."
|
||||
msgstr "再次发送电子邮件。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5386,12 +5410,12 @@ msgid "Sessions"
|
|||
msgstr "会话"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "设置 HTTP 基本身份验证"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "设置 HTTP 基本身份验证"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6524,6 +6548,7 @@ msgid "Transports"
|
|||
msgstr "传输"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} of {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} 可用!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} 未读"
|
||||
|
|
|
@ -336,6 +336,10 @@ msgstr "额外的Group DN,优先于Base DN。"
|
|||
msgid "Additional scope mappings, which are passed to the proxy."
|
||||
msgstr "传递给代理的其他作用域映射。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Additional scopes"
|
||||
msgstr ""
|
||||
|
||||
#: src/pages/sources/oauth/OAuthSourceForm.ts
|
||||
#~ msgid "Additional scopes to be passed to the OAuth Provider, separated by space."
|
||||
#~ msgstr "要传递给 OAuth 提供程序的其他作用域,用空格分隔。"
|
||||
|
@ -671,6 +675,7 @@ msgstr "正在使用 Plex 进行身份验证..."
|
|||
|
||||
#: src/admin/flows/FlowForm.ts
|
||||
#: src/admin/flows/utils.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
msgid "Authentication"
|
||||
msgstr "身份验证"
|
||||
|
||||
|
@ -693,6 +698,10 @@ msgstr "身份验证流程"
|
|||
msgid "Authentication method"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Authentication settings"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
|
||||
msgid "Authentication without user interaction, or machine-to-machine authentication."
|
||||
msgstr ""
|
||||
|
@ -1202,6 +1211,7 @@ msgstr "点击复制令牌"
|
|||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderViewPage.ts
|
||||
#: src/admin/sources/plex/PlexSourceForm.ts
|
||||
msgid "Client ID"
|
||||
msgstr "客户端 ID"
|
||||
|
@ -2092,6 +2102,10 @@ msgstr "Duo 身份验证器"
|
|||
msgid "Duo push-notifications"
|
||||
msgstr "二重奏推送通知"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "Duration"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/tenants/TenantForm.ts
|
||||
msgid "Duration after which events will be deleted from the database."
|
||||
msgstr "事件将从数据库中删除的持续时间。"
|
||||
|
@ -2893,6 +2907,7 @@ msgstr "隐藏服务账户"
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -3245,6 +3260,7 @@ msgstr ""
|
|||
#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
|
||||
msgstr ""
|
||||
|
||||
|
@ -3435,6 +3451,7 @@ msgstr ""
|
|||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/providers/saml/SAMLProviderForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
#: src/admin/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -5144,7 +5161,6 @@ msgid "Scope which the client can specify to access these properties."
|
|||
msgstr "客户端可以指定的访问这些属性的范围。"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/admin/sources/oauth/OAuthSourceForm.ts
|
||||
#: src/elements/oauth/UserRefreshList.ts
|
||||
msgid "Scopes"
|
||||
|
@ -5298,6 +5314,14 @@ msgstr "选择用于测试密码的后端。"
|
|||
msgid "Send Email again."
|
||||
msgstr "再次发送电子邮件。"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send HTTP-Basic Authentication"
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Send a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr ""
|
||||
|
||||
#: src/admin/users/RelatedUserList.ts
|
||||
#: src/admin/users/UserListPage.ts
|
||||
msgid "Send link"
|
||||
|
@ -5386,12 +5410,12 @@ msgid "Sessions"
|
|||
msgstr "会话"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set HTTP-Basic Authentication"
|
||||
msgstr "设置 HTTP 基本身份验证"
|
||||
#~ msgid "Set HTTP-Basic Authentication"
|
||||
#~ msgstr "设置 HTTP 基本身份验证"
|
||||
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
#~ msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
||||
#~ msgstr "根据来自 authentik 的值设置自定义 HTTP-Basic 身份验证标头。"
|
||||
|
||||
#: src/admin/groups/GroupForm.ts
|
||||
#: src/admin/outposts/OutpostForm.ts
|
||||
|
@ -6524,6 +6548,7 @@ msgid "Transports"
|
|||
msgstr "传输"
|
||||
|
||||
#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/admin/providers/proxy/ProxyProviderForm.ts
|
||||
msgid "Trusted OIDC Sources"
|
||||
msgstr ""
|
||||
|
||||
|
@ -7609,6 +7634,10 @@ msgstr "{0} - {1} of {2}"
|
|||
msgid "{0} is available!"
|
||||
msgstr "{0} 可用!"
|
||||
|
||||
#: src/admin/system-tasks/SystemTaskListPage.ts
|
||||
msgid "{0} seconds"
|
||||
msgstr ""
|
||||
|
||||
#: src/elements/notifications/NotificationDrawer.ts
|
||||
msgid "{0} unread"
|
||||
msgstr "{0} 未读"
|
||||
|
|
|
@ -18,6 +18,6 @@ The web client is used by the web-interface and web-FlowExecutor to communicate
|
|||
|
||||
Since the client is normally distributed as an npm package, running `make gen-client-ts` will overwrite the locally installed client with the newly built one.
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
Running `npm i` in the `/web` folder after using `make gen-client-ts` will overwrite the custom client and revert to the upstream client.
|
||||
:::
|
||||
|
|
|
@ -199,7 +199,7 @@ example:
|
|||
|
||||
Full example:
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
Note that an `!Enumeration` tag's iterable can never be an `!Item` or `!Value` tag with a depth of `0`. Minimum depth allowed is `1`. This is because a depth of `0` refers to the `!Enumeration` tag the `!Item` or `!Value` tag is in, and an `!Enumeration` tag cannot iterate over itself.
|
||||
:::
|
||||
|
||||
|
|
|
@ -297,6 +297,6 @@ Defaults to 4.
|
|||
|
||||
To modify additional settings further than the options above allow, you can create a custom python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
Using these custom settings is not supported and can prevent your authentik instance from starting. Use with caution.
|
||||
:::
|
||||
|
|
|
@ -64,7 +64,7 @@ import Objects from "../expressions/_objects.md";
|
|||
|
||||
- `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes)
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution.
|
||||
|
||||
If the user is not authenticated, this will be set to a user called _AnonymousUser_, which is an instance of [authentik.core.models.User](https://docs.djangoproject.com/en/4.1/ref/contrib/auth/#django.contrib.auth.models.User) (authentik uses django-guardian for per-object permissions, [see](https://django-guardian.readthedocs.io/en/stable/)).
|
||||
|
|
50
website/docs/providers/proxy/header_authentication.md
Normal file
50
website/docs/providers/proxy/header_authentication.md
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
title: Header authentication
|
||||
---
|
||||
|
||||
### Send HTTP Basic authentication
|
||||
|
||||
Proxy providers have the option to _Send HTTP-Basic Authentication_ to the upstream authentication. When the option in the provider is enabled, two attributes must be specified. These attributes are the keys of values which can be saved on a user or group level that contain the credentials.
|
||||
|
||||
For example, with _HTTP-Basic Username Key_ set to `app_username` and _HTTP-Basic Password Key_ set to `app_password`, these attributes would have to be set either on a user or a group the user is member of:
|
||||
|
||||
```yaml
|
||||
app_username: admin
|
||||
app_password: admin-password
|
||||
```
|
||||
|
||||
These credentials are only retrieved when the user authenticates to the proxy.
|
||||
|
||||
If the user does not have a matching attribute, authentik falls back to using the user's email address as username, and the password will be empty if not found.
|
||||
|
||||
### Receiving HTTP Basic authentication
|
||||
|
||||
:::info
|
||||
Requires authentik 2023.1
|
||||
:::
|
||||
|
||||
Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md).
|
||||
|
||||
Access control is done with the policies bound to the application being accessed.
|
||||
|
||||
If the received credentials are invalid, a normal authentication flow is initiated. If the credentials are correct, the Authorization header is removed to prevent sending the credentials to the proxied application.
|
||||
|
||||
:::danger
|
||||
It is **strongly** recommended that the client sending requests with HTTP-Basic authentication persists the cookies returned by the outpost. If this is not the case, every request must be authenticated independently, which will increase load on the authentik server and encounter a performance hit.
|
||||
:::
|
||||
|
||||
### Receiving HTTP Bearer authentication
|
||||
|
||||
:::info
|
||||
Requires authentik 2023.1
|
||||
:::
|
||||
|
||||
Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported.
|
||||
|
||||
Access control is done with the policies bound to the application being accessed.
|
||||
|
||||
If the received credentials are invalid, a normal authentication flow is initiated. If the credentials are correct, the Authorization header is removed to prevent sending the credentials to the proxied application.
|
||||
|
||||
:::caution
|
||||
It is recommended that the client sending requests with HTTP-Bearer authentication persists the cookies returned by the outpost. For bearer authentication this has a smaller impact than for Basic authentication, but each request is still verified with the authentik server.
|
||||
:::
|
|
@ -24,9 +24,12 @@ The proxy outpost sets the following user-specific headers:
|
|||
|
||||
The hashed identifier of the currently logged in user.
|
||||
|
||||
Additionally, you can set `additionalHeaders` on groups or users to set additional headers.
|
||||
Additionally, you can set `additionalHeaders` attribute on groups or users to set additional headers:
|
||||
|
||||
If you enable _Set HTTP-Basic Authentication_ option, the HTTP Authorization header is being set.
|
||||
```yaml
|
||||
additionalHeaders:
|
||||
X-test-header: test-value
|
||||
```
|
||||
|
||||
Besides these user-specific headers, some application specific headers are also set:
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ From https://www.home-assistant.io/
|
|||
Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).
|
||||
:::
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ Jellyfin does not have any native external authentication support as of the writ
|
|||
Currently there are two plugins for Jelyfin that provide external authenticaion, an OIDC plugin and an LDAP plugin. This guide focuses on the use of the LDAP plugin.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
An LDAP outpost must be deployed to use the Jellyfin LDAP plugin
|
||||
:::
|
||||
|
||||
|
|
|
@ -12,11 +12,11 @@ From https://en.wikipedia.org/wiki/Nextcloud
|
|||
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This setup only works, when Nextcloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::info
|
||||
In case something goes wrong with the configuration, you can use the URL `http://nextcloud.company/login?direct=1` to log in using the built-in authentication.
|
||||
:::
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ Node-RED is a programming tool for wiring together hardware devices, APIs and on
|
|||
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.
|
||||
:::
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ Modified from https://github.com/jonaswinkler/paperless-ng
|
|||
Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.
|
||||
|
||||
The author of Paperless-ng recommends you do not expose Paperless outside your network, as it was not designed for that. Instead, they "recommend that if you do want to use it, run it locally on a server in your own home."
|
||||
|
|
|
@ -59,7 +59,7 @@ In authentik, create an outpost (under _Applications/Outposts_) of type `LDAP` t
|
|||
|
||||
## pfSense unsecure setup (without SSL)
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This setup should only be used for testing purpose, because passwords will be sent in clear text to authentik.
|
||||
:::
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ From https://pve.proxmox.com/wiki/Main_Page
|
|||
Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This requires Proxmox VE 7.0 or newer.
|
||||
:::
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ Create a new service account for all of your hosts to use to connect
|
|||
to LDAP and perform searches. Make sure this service account is added
|
||||
to `ldap.searchGroup`.
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
It seems that QNAP LDAP client configuration has issues with too long password.
|
||||
Max password length <= 66 characters.
|
||||
:::
|
||||
|
@ -111,7 +111,7 @@ Attributes:
|
|||
Configure the following values and "Apply"
|
||||
![qnap domain security](./qnap-ldap-configuration.png)
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
With each save (Apply) in the UI the `/etc/config/nss_ldap.conf` will be overwritten with default values.
|
||||
:::
|
||||
|
||||
|
|
|
@ -11,11 +11,11 @@ From https://snipeitapp.com
|
|||
A free open source IT asset/license management system.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This setup assumes you will be using HTTPS as Snipe-It dynamically generates the ACS and other settings based on the complete URL.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
In case something goes wrong with the configuration, you can use the URL `http://inventory.company/login?nosaml` to log in using the
|
||||
built-in authentication.
|
||||
:::
|
||||
|
|
|
@ -14,7 +14,7 @@ e uptime and future planning. TrueCommand also identifies and pinpoints errors o
|
|||
me when resolving issues.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL.
|
||||
:::
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ From https://en.wikipedia.org/wiki/Landscape_(software)
|
|||
Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This requires authentik 0.10.3 or newer.
|
||||
:::
|
||||
|
||||
|
|
|
@ -12,11 +12,11 @@ From https://en.wikipedia.org/wiki/VCenter
|
|||
vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This requires authentik 0.10.3 or newer.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This requires VMware vCenter 7.0.0 or newer.
|
||||
:::
|
||||
|
||||
|
@ -68,7 +68,7 @@ Create an application which uses this provider. Optionally apply access restrict
|
|||
|
||||
Set the Launch URL to `https://vcenter.company/ui/login/oauth2`. This will skip vCenter's User Prompt and directly log you in.
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
This Launch URL only works for vCenter < 7.0u2. If you're running 7.0u2 or later, set the launch URL to `https://vcenter.company/ui/login`
|
||||
:::
|
||||
|
||||
|
|
|
@ -8,11 +8,11 @@ Allows users to authenticate using their Apple ID.
|
|||
|
||||
## Preparation
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
An Apple developer account is required.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
:::caution
|
||||
Apple mandates the use of a [registered TLD](https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains), as such this source will not work with .local and other non-public TLDs.
|
||||
:::
|
||||
|
||||
|
|
|
@ -64,6 +64,7 @@ module.exports = {
|
|||
},
|
||||
items: [
|
||||
"providers/proxy/custom_headers",
|
||||
"providers/proxy/header_authentication",
|
||||
"providers/proxy/forward_auth",
|
||||
],
|
||||
},
|
||||
|
|
Reference in a new issue