b16a3d5697
use config system for workers/threads, document the settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
273 lines
6.8 KiB
Markdown
273 lines
6.8 KiB
Markdown
---
|
|
title: Release 2022.9
|
|
slug: "2022.9"
|
|
---
|
|
|
|
## Breaking changes
|
|
|
|
- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers)
|
|
|
|
## New features
|
|
|
|
- UI for Duo device Import
|
|
|
|
Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices.
|
|
|
|
- Duo Admin API integration
|
|
|
|
When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../flow/stages/authenticator_duo/).
|
|
|
|
## API Changes
|
|
|
|
#### What's New
|
|
|
|
---
|
|
|
|
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_device_manual/
|
|
|
|
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
|
|
|
|
#### What's Deleted
|
|
|
|
---
|
|
|
|
##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices/
|
|
|
|
#### What's Changed
|
|
|
|
---
|
|
|
|
##### `GET` /stages/authenticator/duo/{stage_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
##### `PUT` /stages/authenticator/duo/{stage_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
- Added property `admin_secret_key` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
##### `PATCH` /stages/authenticator/duo/{stage_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
- Added property `admin_secret_key` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
##### `GET` /flows/executor/{flow_slug}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
Added 'xak-flow-error' component:
|
|
|
|
- Property `type` (string)
|
|
|
|
Enum values:
|
|
|
|
- `native`
|
|
- `shell`
|
|
- `redirect`
|
|
|
|
- Property `flow_info` (object)
|
|
|
|
> Contextual flow information for a challenge
|
|
|
|
- Property `title` (string)
|
|
|
|
- Property `background` (string)
|
|
|
|
- Property `cancel_url` (string)
|
|
|
|
- Property `layout` (string)
|
|
|
|
Enum values:
|
|
|
|
- `stacked`
|
|
- `content_left`
|
|
- `content_right`
|
|
- `sidebar_left`
|
|
- `sidebar_right`
|
|
|
|
- Property `component` (string)
|
|
|
|
- Property `response_errors` (object)
|
|
|
|
- Property `pending_user` (string)
|
|
|
|
- Property `pending_user_avatar` (string)
|
|
|
|
- Property `request_id` (string)
|
|
|
|
- Property `error` (string)
|
|
|
|
- Property `traceback` (string)
|
|
|
|
##### `POST` /flows/executor/{flow_slug}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
Added 'xak-flow-error' component:
|
|
|
|
- Property `type` (string)
|
|
|
|
Enum values:
|
|
|
|
- `native`
|
|
- `shell`
|
|
- `redirect`
|
|
|
|
- Property `flow_info` (object)
|
|
|
|
> Contextual flow information for a challenge
|
|
|
|
- Property `title` (string)
|
|
|
|
- Property `background` (string)
|
|
|
|
- Property `cancel_url` (string)
|
|
|
|
- Property `layout` (string)
|
|
|
|
Enum values:
|
|
|
|
- `stacked`
|
|
- `content_left`
|
|
- `content_right`
|
|
- `sidebar_left`
|
|
- `sidebar_right`
|
|
|
|
- Property `component` (string)
|
|
|
|
- Property `response_errors` (object)
|
|
|
|
- Property `pending_user` (string)
|
|
|
|
- Property `pending_user_avatar` (string)
|
|
|
|
- Property `request_id` (string)
|
|
|
|
- Property `error` (string)
|
|
|
|
- Property `traceback` (string)
|
|
|
|
##### `POST` /stages/authenticator/duo/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
- Added property `admin_secret_key` (string)
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
##### `GET` /stages/authenticator/duo/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > AuthenticatorDuoStage Serializer
|
|
|
|
- Added property `admin_integration_key` (string)
|
|
|
|
## Minor changes/fixes
|
|
|
|
- stages/authenticator_duo: improved import (#3601)
|
|
- \*: cleanup stray print calls
|
|
- \*: remove remaining default creation code in squashed migrations
|
|
- blueprint: fix EntryInvalidError not being handled in tasks
|
|
- blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
|
|
- blueprints: don't export events by default and exclude anonymous user
|
|
- blueprints: OCI registry support (#3500)
|
|
- blueprints: use correct log level when re-logging import validation logs
|
|
- core: fix custom favicon not being set correctly on load
|
|
- core: improve error template (#3521)
|
|
- crypto: add command to import certificates
|
|
- events: fix MonitoredTasks' save_on_success not behaving as expected
|
|
- events: reset task info when not saving on success
|
|
- events: save event to test notification transport
|
|
- flows: fix incorrect diagram for policies bound to flows
|
|
- flows: migrate FlowExecutor error handler to native challenge instead of shell
|
|
- internal: fix outposts not logging flow execution errors correctly
|
|
- internal: optimise outpost's flow executor to use less requests
|
|
- providers/oauth2: add x5c (#3556)
|
|
- providers/proxy: fix routing based on signature in traefik and caddy
|
|
- root: make redis persistent in docker-compose
|
|
- root: re-use custom log helper from config and cleanup duplicate functions
|
|
- sources/ldap: start_tls before binding but without reading server info
|
|
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
|
|
- sources/oauth: use UPN for username with azure AD source
|
|
- stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
|
|
- stages/consent: default to expiring consent instead of always_require
|
|
- tenants: handle all errors in default_locale
|
|
- web/admin: enable blueprint instances by default
|
|
- web/flows: update flow background
|
|
- web/user: justify content on user settings page on desktop
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2022.9 from [here](https://goauthentik.io/version/2022.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2022.9.1
|
|
```
|