Jens L
|
393d7ec486
|
providers/proxy: no exposed urls (#3151)
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-30 17:51:01 +02:00 |
Jens Langhammer
|
79bec6f6b2
|
providers/proxy: only send misconfiguration event once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-16 10:32:34 +02:00 |
Jens L
|
a286f999e2
|
api: migrate to openapi generator v6 (#2968)
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-26 15:15:30 +02:00 |
Jens Langhammer
|
62a939b91d
|
internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-03 10:40:07 +01:00 |
Jens Langhammer
|
6fdf3ad3e5
|
internal/outpost: improve logging and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2393
|
2022-02-26 22:29:56 +01:00 |
Jens Langhammer
|
67d550a80d
|
providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:23:08 +01:00 |
Jens Langhammer
|
ebb5711c32
|
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:14:02 +01:00 |
Jens Langhammer
|
63b3434b6f
|
website/docs: improve nginx examples
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-25 14:25:21 +01:00 |
Jens Langhammer
|
07b09df3fe
|
internal: add more outpost tests, add support for X-Original-URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 20:50:13 +01:00 |
Jens Langhammer
|
9fc5ff4b77
|
outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-21 13:29:51 +01:00 |
Jens Langhammer
|
c07b8d95d0
|
outposts/proxy: remove deprecated headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-07 17:01:23 +01:00 |
Jens Langhammer
|
410d1b97cd
|
outposts/proxy: add support for multiple states, when multiple requests are redirect at once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-26 14:16:02 +01:00 |
Jens Langhammer
|
ba55538a34
|
outposts/proxy: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 19:16:06 +01:00 |
Jens Langhammer
|
f742c73e24
|
outposts/proxy: fix allowlist for forward_auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1970
|
2021-12-21 15:49:25 +01:00 |
Jens Langhammer
|
c843f18743
|
lib: add additional celery logger to sentry ignore
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-20 21:04:45 +01:00 |
Jens Langhammer
|
2ddf122d27
|
Revert "outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long"
This reverts commit b3e40c6aed .
|
2021-12-12 17:58:19 +01:00 |
Jens Langhammer
|
b3e40c6aed
|
outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-06 13:54:59 +01:00 |
Jens Langhammer
|
347c3793fc
|
outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-02 14:19:57 +01:00 |
Jens Langhammer
|
d0ceafe79e
|
outposts/proxy: add X-authentik-meta-version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:59:45 +01:00 |
Jens Langhammer
|
60b95271eb
|
outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:19:09 +01:00 |
Jens Langhammer
|
3b068610b9
|
outposts/proxy: clean up header setting (don't copy all headers)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:05:56 +01:00 |
Jens Langhammer
|
3c1ac4c7ec
|
outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-02 22:00:23 +02:00 |
Jens L
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |