gcp-cherry-pick-bot[bot]
c16317d7cf
providers/proxy: fix closed redis client (cherry-pick #7385 ) ( #7429 )
...
providers/proxy: fix closed redis client (#7385 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-03 15:46:17 +01:00
Jens L
7d91842e8a
providers/proxy: attempt to fix duplicate cookie ( #7324 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 00:41:13 +02:00
Jens L
dd7d3bf738
providers/proxy: fix redis cookies missing strict path ( #7135 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-10 12:17:35 +02:00
Jens L
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 01:06:52 +02:00
Jens L
efb2823391
internal: fix redis session store ( #7011 )
2023-09-28 21:06:27 +02:00
Jens L
c93c6ee6f9
root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )
...
* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-26 18:56:37 +02:00
Jens L
9e29789c09
root: fix config loading for outposts ( #6640 )
...
* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-26 19:40:48 +02:00
Jens L
0782b3b0fa
providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )
...
* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-05 22:09:27 +02:00
Jens L
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:44 +02:00
Jens Langhammer
8f70354e3c
internal: remove debug remnant from cookie testing
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:29:18 +01:00
Jens L
21e29744c2
providers/proxy: different cookie name based on hashed client id ( #4666 )
2023-02-12 16:34:57 +01:00
Jens L
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
Jens L
7d4ce41e12
providers/proxy: outpost wide logout implementation ( #4605 )
...
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens L
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens Langhammer
10b48b27b0
internal: walk config in go, check, parse and load from scheme like in python
...
closes #2719
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-26 11:33:37 +02:00
Jens Langhammer
646d174dd2
internal: revert cookie path on proxy causing redirect loops
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 16:26:12 +02:00
Jens Langhammer
ebb44c992b
Revert "internal: set SameSite for outpost"
...
This reverts commit 7e95c756b9
.
2022-05-21 14:08:40 +02:00
Jens Langhammer
7e95c756b9
internal: set SameSite for outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:21:45 +02:00
Jens Langhammer
be26b92927
internal: cleanup outpost logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:18:06 +02:00
Jens Langhammer
421b003218
internal: set path on cookie for proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2305
2022-05-11 10:08:38 +02:00
Jens Langhammer
76660e4666
internal: add tests with querystring
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-07 22:03:36 +01:00
Jens Langhammer
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer
af3fb5c2cd
internal: use math.MaxInt for compatibility
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1819
2022-01-21 23:11:17 +01:00
Jens Langhammer
b932b6c963
website/docs: update log levels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:15:17 +01:00
Jens Langhammer
3c048a1921
outposts/proxy: fix session not expiring correctly due to miscalculation
...
closes #1976
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:10:57 +01:00
Jens Langhammer
c11be2284d
outposts/proxy: also set max length for redis backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 15:05:55 +01:00
Jens Langhammer
aa321196d7
outposts/proxy: fix securecookie: the value is too long again, since it can happen even with filesystem storage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 13:33:20 +01:00
Jens Langhammer
4e2457560d
outposts/proxy: use filesystem storage for non-embedded outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 17:59:31 +01:00
Jens Langhammer
22a7c25526
internal: call GetStore on application to improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 13:33:20 +02:00
Jens Langhammer
9f4a4449f5
outposts/proxy: ensure cookies only last as long as tokens
...
closes #1462
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 16:12:59 +02:00
Jens Langhammer
4c3a9e69f2
outposts/proxy: fix securecookie: no codecs provided error with redis
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 10:23:46 +02:00
Jens Langhammer
8ca29f6d49
Revert "outpost/proxy: set samesite none"
...
This reverts commit f7afb60c1f
.
2021-09-08 22:56:24 +02:00
Jens Langhammer
f7afb60c1f
outpost/proxy: set samesite none
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 22:06:44 +02:00
Jens L
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00