Commit Graph

78 Commits

Author SHA1 Message Date
Jens Langhammer bf771f8b6c release: 2021.8.5 2021-09-11 19:20:13 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer 276d8fe5cf release: 2021.8.4 2021-09-02 20:21:21 +02:00
Jens Langhammer d9a6ec2ac0 webiste/docs: update extensionvs/v1beta ingress
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-31 21:11:01 +02:00
Jens Langhammer e872371970 website/docs: add embedded outpost docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 14:43:13 +02:00
Jens Langhammer 160139813d release: 2021.8.3 2021-08-28 16:58:44 +02:00
Jens Langhammer dc41d0af27 outposts: add configurable docker_network for outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:11 +02:00
Jens Langhammer c4f72c2bc1 release: 2021.8.2 2021-08-26 17:58:20 +02:00
Jens Langhammer 897f6f3473 release: 2021.8.1 2021-08-26 16:03:45 +02:00
Jens Langhammer 4d27694706 release: 2021.8.1-rc2 2021-08-24 21:29:29 +02:00
Jens Langhammer 7639cdad0a release: 2021.8.1-rc1 2021-08-22 20:17:35 +02:00
Jens Langhammer 18211a2033 release: 2021.7.3 2021-08-05 19:23:03 +02:00
Jens Langhammer add7a80fdc release: 2021.7.2 2021-08-01 19:11:50 +02:00
Jens Langhammer e6b515e3f7 release: 2021.7.1 2021-07-27 10:35:45 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 285a9b8b1d website/docs: remove duplicate proxy docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:48:10 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Toboshii Nakama efa09d5e1d
providers/ldap: fix: Return user DN with virtual group (#1142)
* fix: incorrect ldap virtual group member DN

Signed-off-by: Toboshii Nakama <toboshii@gmail.com>

* fix: imports

Signed-off-by: Toboshii Nakama <toboshii@gmail.com>
2021-07-14 10:59:40 +00:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138)
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 5e03b27348 website/docs: add note about logging out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1113
2021-07-06 14:26:11 +02:00
Jens Langhammer adc4cd9c0d release: 2021.6.4 2021-07-05 16:59:29 +02:00
Jens Langhammer ade8644da6 outposts/ldap: add support for boolean fields in ldap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-01 11:51:07 +02:00
Jens Langhammer 1e6c081e5c website/docs: update forward_auth for nginx config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 20:32:49 +02:00
Jens Langhammer 680b182d95 release: 2021.6.3 2021-06-29 16:19:07 +02:00
Jens Langhammer fe069c5e55 website/docs: fix use of escaped_request_uri in standalone nginx
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 19:51:55 +02:00
Jens Langhammer 31a58e2c25 release: 2021.6.2 2021-06-22 23:35:10 +02:00
Jens Langhammer fe6963c428 release: 2021.6.1 2021-06-17 22:14:52 +02:00
Jens Langhammer e0f48a30b7 release: 2021.6.1-rc6 2021-06-15 21:18:33 +02:00
Jens Langhammer 4e9be85353 website/docs: add docs for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 09:21:35 +02:00
Jens Langhammer d78fda990a release: 2021.6.1-rc5 2021-06-12 15:19:24 +02:00
Jens Langhammer e25f6aea8c release: 2021.6.1-rc4 2021-06-10 18:59:00 +02:00
Jens Langhammer 2c15ab9995 release: 2021.6.1-rc3 2021-06-10 18:04:59 +02:00
Jens Langhammer 6c985acb36 release: 2021.6.1-rc2 2021-06-10 14:10:47 +02:00
Jens Langhammer f4a53c89ef release: 2021.6.1-rc1 2021-06-09 11:01:14 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
Jens Langhammer ebfa7c8dce website/docs: fix docs for outpost annotations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-31 23:32:17 +02:00
CuBiC c98e4196bd
website/docs: ingress nginx auth headers (#916)
Extend example how to pass through auth headers from authentik if using ingress nginx as forward auth.
2021-05-23 22:49:31 +02:00
Jens Langhammer 2d5c45543b release: 2021.5.4 2021-05-22 20:15:23 +02:00
Jens Langhammer bf4cbb25fe release: 2021.5.3 2021-05-20 20:17:39 +02:00
Jens Langhammer 5a465fbc36 release: 2021.5.2 2021-05-17 19:54:10 +02:00
Jens Langhammer 176360fdd7 website/docs: fix $auth_cookie not being defined in outpost docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:18:31 +02:00
Jens Langhammer 36b694fc41 website/docs: add example ldapsearch command
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 11:47:38 +02:00
Jens Langhammer 8d7bb7da17 providers/proxy: connect ingress to https instead of http
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882
2021-05-14 11:42:03 +02:00
Jens Langhammer 9bdd6f23a4 website/docs: add ldap example, use ghcr
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 11:19:09 +02:00
Jens Langhammer 0b7ebf0e07 release: 2021.5.1 2021-05-13 20:50:31 +02:00
Jens Langhammer 8f99891a9d release: 2021.5.1-rc10 2021-05-12 21:25:18 +02:00
Jens Langhammer 97a3c2d88b release: 2021.5.1-rc9 2021-05-12 20:50:29 +02:00
Jens Langhammer 3665e2fefa release: 2021.5.1-rc8 2021-05-12 14:52:34 +02:00