5.2 KiB
title | slug |
---|---|
Release 2021.6 | 2021.6 |
Headline Changes
-
Duo two-factor support
You can now add the new
authenticator_duo
stage to configure Duo authenticators. Duo has also been added as device class to theauthenticator_validation
stage.Currently, only Duo push notifications are supported. Because no additional input is required, Duo also works with the LDAP Outpost.
-
Multi-tenancy
This version adds soft multi-tenancy. This means you can configure different branding settings and different default flows per domain.
This also changes how a default flow is determined. Previously, for defaults flow, authentik would pick the first flow that
- matches the required designation - comes first sorted by slug - is allowed by policies
Now, authentik first checks if the current tenant has a default flow configured for the selected designation. If not, it behaves the same as before, meaning that if you want to select a default flow based on policy, you can just leave the tenant default empty.
-
Domain-level authorization with proxy providers
Instead of simply being able to toggle between forward auth and proxy mode, you can now enable forward auth for an entire domain. This has the downside that you can't do per-application authorization, but also simplifies configuration as you don't have to create each application in authentik.
-
API Schema now uses OpenAPI v3
The API endpoints are mostly the same, however all the clients are now built from an OpenAPI v3 schema. You can retrieve the schema from
authentik.company.tld/api/v2beta/schema/
-
On Kubernetes installs without a /media PVC, you can now set URLs instead of uploading files.
-
Expanded prometheus metrics for PolicyEngine and FlowPlanner
Minor changes
- You can now specify which sources should be shown on an Identification stage.
- Add UI for the reputation of IPs and usernames for reputation policies.
- Fix proxy outpost not being able to redeem tokens when using with an un-trusted SSL Certificate
- Add UI to check access of any application for any user
Fixed in 2021.6.1-rc5
- flows: fix configuration URL being set when no flow is configure
- stages/authenticator_totp: set TOTP issuer based on slug'd tenant title
- stages/authenticator_webauthn: use tenant title as RP_NAME
- stages/identification: add UPN
- stages/password: add constants for password backends
- web: fix flow download link
Fixed in 2021.6.1-rc6
- ci: build and push stable tag when rc not in release name
- core: delete real session when AuthenticatedSession is deleted
- core: fix impersonation not working with inactive users
- core: fix upload api not checking clear properly
- core: revert check_access API to get to prevent CSRF errors
- events: add tenant to event
- events: catch unhandled exceptions from request as event, add button to open github issue
- flows: fix error clearing flow background when no files have been uploaded
- outpost: fix syntax error when creating an outpost with connection
- outposts: fix integrity error with tokens
- outposts/ldap: improve responses for unsuccessful binds
- policies/reputation: fix race condition in tests
- provider/proxy: mark forward_auth flag as deprecated
- providers/saml: improve error handling for signature errors
- root: fix build_hash being set incorrectly for tagged versions
- sources/saml: check sessions before deleting user
- stages/authenticator_duo: don't create default duo stage
- stages/authenticator_validate: add tests for authenticator validation
- stages/identification: fix challenges not being annotated correctly and API client not loading data correctly
- web: add capabilities to sentry event
- web: migrate banner to sidebar
- web/admin: fix user enable/disable modal not matching other modals
- web/admin: select service connection by default when only one exists
- web/flows: fix expiry not shown on consent stage when loading
- web/flows: fix IdentificationStage's label not matching fields
- web/flows: improve display of allowed fields for identification stage
- website/docs: add docs for outpost configuration
Fixed in 2021.6.1
- core: fix error getting stages when enrollment flow isn't set
- core: fix error when creating AuthenticatedSession without key
- flows: fix error when stage has incorrect type
- providers/saml: add support for NameID type unspecified
- providers/saml: fix error when getting transient user identifier
- providers/saml: fix NameIDPolicy not being parsed correctly
- recovery: fix error when creating multiple keys for the same user
- stages/authenticator_duo: fix error when enrolling an existing user
- stages/authenticator_duo: make Duo-admin viewset writeable
- website/docs: Add a note about Protocol Overwrite (#1031)
- website/docs: add changelog for release candidates
- website/docs: add docs for flow executor
- website/docs: add wekan (#1032)
- website/docs: remove migrate command
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2021.6 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Upgrade to the latest chart version to get the new images.