Commit Graph

22 Commits

Author SHA1 Message Date
Jens L 21e29744c2
providers/proxy: different cookie name based on hashed client id (#4666) 2023-02-12 16:34:57 +01:00
Jens L 7d4ce41e12
providers/proxy: outpost wide logout implementation (#4605)
* initial outpost wide logout implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handle deserialize error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix file cleanup, add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457)
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens Langhammer 19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
closes #4455

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer 69d4719687
outposts/proxy: set http code when no redirect header is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:20:52 +01:00
Jens Langhammer d31e566873
outposts/proxy: add header to prevent redirects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421)
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens L d53733b6fc
outposts/proxy: reduce possibility for redirect loops, keep single state (#3831)
use single state, redirect when start url is hit with active session

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 21:27:34 +02:00
Jens L 49b6aabb02
outposts/proxy: fix redirect path when external host is a subdirectory (#3628)
fix redirect path when external host is a subdirectory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-22 10:10:29 +02:00
Jens Langhammer e30103aa9f providers/proxy: use same redirect-save code for all modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 23:25:47 +02:00
Jens Langhammer a52638d898 internal: fix typo in session name constant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 10:10:29 +02:00
Jens Langhammer 62a939b91d internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer 744f250d05 providers/proxy: always set rd param in addition to session to prevent wrong url in session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-18 10:32:22 +01:00
Jens Langhammer 19b1f3a8c1 internal/outpost: fix logic error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 20:50:47 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Jens Langhammer ebb5711c32 providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:14:02 +01:00
Jens Langhammer 1c2b452406 outposts/proxy: fix potential empty redirect, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2141
2022-01-25 10:57:53 +01:00
Jens Langhammer 41e7b9b73f outposts/proxyv2: fix before-redirect url not being saved in proxy mode
closes #2109

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:16:30 +01:00
Jens Langhammer 85a417d22e outposts/proxy: re-add rs256 support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 15:17:32 +01:00
Jens Langhammer a6a6b3bd06 outposts: add outpost_name label to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:04:17 +02:00
Jens Langhammer 9a79bab43d outposts/proxy: fix redirect URL error due to callback url not being joined correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 16:19:29 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00