29 KiB
title | slug |
---|---|
Release 2023.3 - SCIM support | /releases/2023.3 |
New features
- SCIM support
:::info This feature is still in technical preview, so please report any Bugs you run into on GitHub. :::
authentik can now provision users from other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background.
-
Theming improvements
- The custom.css file is now loaded in ShadowDOMs, allowing for much greater customization, as previously it was only possible to style elements outside of the ShadowDOM. See docs for Flow, User and Admin interfaces.
- Previously, authentik would automatically switch between dark and light theme based on the users' browsers' settings. This can now be overridden to either force the light or dark theme, per user/group/tenant. See docs for Flow, User and Admin interfaces.
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose.yml
file for 2023.3 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2023.3.0
Minor changes/fixes included in release 2023.3
- *: add additional Prometheus metrics, remove unusable high entropy metrics
- blueprints: improve error handling in example flow
- core: Add
resolve_dns
andreverse_dns
functions to evaluator (#4769) - core: bootstrap email (#4788)
- core: enforce unique on names where it makes sense (#4866)
- core: fix bug causing whitespace-only names to raise exception when generating avatars (#4746)
- core: fix error when creating token without request in context
- core: improve service account creation (#4751)
- events: fix m2m_change events not being logged
- flows: change default flow stage binding settings (#4784)
- flows: planner error handling (#4812)
- internal: fix crash when port 9000 is in use (#4863)
- providers: SCIM (#4835)
- providers/ldap: improve compatibility with LDAP clients (#4750)
- providers/ldap: making LDAP compatible with Synology (#4694)
- providers/oauth2: fix missing information for revoked token access events
- providers/oauth2: OpenID conformance (#4758)
- providers/proxy: ensure issuer is correct when browser URL override is set
- providers/proxy: strip scheme when comparing redirect URL
- providers/scim: add option to filter out service accounts, parent group (#4862)
- providers/scim: customizable externalId, document behavior (#4868)
- sources/ldap: improve error handling for password complexity (#4780)
- sources/oauth: fix not all token errors being logged with response
- sources/plex: fix check_token error unusable if token is empty (#4834)
- stages/authenticator_sms: fix twilio sending (#4829)
- stages/user_login: add option to terminate other sessions (#4754)
- tests/e2e: use example blueprints for testing (#4805)
- web: fetch custom.css via fetch and add stylesheet (#4804)
- web: toggle dark/light theme manually (#4876)
- web/admin: fix chart display with no sources (#4782)
- web/admin: fix issue with wizard's Next button incorrectly disabled when radio button is already selected (#4821)
- web/admin: workaround for tenant certificate selection being cut off (#4820)
- web/elements: add loading spinner for charts, render middle text with CSS
- web/elements: fix center text not scrolling with container (#4853)
- web/flows: fix fa:// icons in sources not shown correctly
- web/user: fix source connections not being filtered (#4778)
API Changes
What's New
GET
/propertymappings/scim/
POST
/propertymappings/scim/
GET
/propertymappings/scim/{pm_uuid}/
PUT
/propertymappings/scim/{pm_uuid}/
DELETE
/propertymappings/scim/{pm_uuid}/
PATCH
/propertymappings/scim/{pm_uuid}/
GET
/propertymappings/scim/{pm_uuid}/used_by/
GET
/providers/scim/
POST
/providers/scim/
GET
/providers/scim/{id}/
PUT
/providers/scim/{id}/
DELETE
/providers/scim/{id}/
PATCH
/providers/scim/{id}/
GET
/providers/scim/{id}/sync_status/
GET
/providers/scim/{id}/used_by/
What's Changed
POST
/core/users/service_account/
Request:
Changed content type : application/json
-
Added property
expiring
(boolean) -
Added property
expires
(string)If not provided, valid for 360 days
GET
/policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
-
PUT
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
-
PATCH
/policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
-
GET
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PUT
/providers/oauth2/{id}/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PATCH
/providers/oauth2/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PUT
/providers/proxy/{id}/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PATCH
/providers/proxy/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/core/groups/{group_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
PUT
/core/groups/{group_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
PATCH
/core/groups/{group_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
GET
/core/tenants/current/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New required properties:
ui_theme
-
Added property
ui_theme
(object)Enum values:
automatic
light
dark
GET
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
PUT
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
PATCH
/events/rules/{pbm_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
GET
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
PUT
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
PATCH
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum value:
authentik.providers.scim
-
-
GET
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PUT
/providers/ldap/{id}/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PATCH
/providers/ldap/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
POST
/providers/oauth2/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/providers/oauth2/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth2Provider Serializer
New optional properties:
authorization_flow
-
POST
/providers/proxy/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/providers/proxy/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > ProxyProvider Serializer
New optional properties:
authorization_flow
-
GET
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PUT
/providers/saml/{id}/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
PATCH
/providers/saml/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
created_by
(object)Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
PUT
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
created_by
(object)Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
PATCH
/stages/invitation/invitations/{invite_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
created_by
(object)Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
POST
/core/groups/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
GET
/core/groups/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
POST
/events/rules/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
GET
/events/rules/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > NotificationRule Serializer
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
-
GET
/flows/bindings/{fsb_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
PUT
/flows/bindings/{fsb_uuid}/
Request:
Changed content type : application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
PATCH
/flows/bindings/{fsb_uuid}/
Request:
Changed content type : application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
GET
/oauth2/access_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
GET
/oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
GET
/oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
POST
/policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
GET
/policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
group_obj
(object)Group Serializer
-
Changed property
users_obj
(array)Changed items (object): > Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
-
POST
/providers/ldap/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/providers/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAPProvider Serializer
New optional properties:
authorization_flow
-
POST
/providers/saml/
Request:
Changed content type : application/json
New optional properties:
authorization_flow
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
New optional properties:
authorization_flow
GET
/providers/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLProvider Serializer
New optional properties:
authorization_flow
-
GET
/sources/user_connections/all/
Parameters:
Added: user
in query
POST
/stages/invitation/invitations/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
created_by
(object)Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
GET
/stages/invitation/invitations/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Invitation Serializer
-
Changed property
created_by
(object)Stripped down user serializer to show relevant users for groups
New optional properties:
avatar
- Deleted property
avatar
(string)
-
-
GET
/stages/user_login/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
- Added property
PUT
/stages/user_login/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
- Added property
PATCH
/stages/user_login/{stage_uuid}/
Request:
Changed content type : application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
- Added property
POST
/flows/bindings/
Request:
Changed content type : application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
GET
/flows/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > FlowStageBinding Serializer
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
-
GET
/flows/inspector/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
plans
(array)Changed items (object): > Serializer for an active FlowPlan
-
Changed property
next_planned_stage
(object)FlowStageBinding Serializer
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
-
Changed property
current_stage
(object)FlowStageBinding Serializer
- Changed property
evaluate_on_plan
(boolean)Evaluate policies during the Flow planning process.
- Changed property
-
-
GET
/oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
provider
(object)OAuth2Provider Serializer
New optional properties:
authorization_flow
-
-
POST
/stages/user_login/
Request:
Changed content type : application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
- Added property
GET
/stages/user_login/
Parameters:
Added: terminate_other_sessions
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > UserLoginStage Serializer
- Added property
terminate_other_sessions
(boolean)Terminate all other sessions of the user logging in.
- Added property
-