4.2 KiB
title | slug |
---|---|
Release 2021.8 | 2021.8 |
Headline Changes
-
Embedded Outpost
To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup.
You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server. Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under
/akprox
is sent to the outpost too. The rest is sent to authentik itself. -
App passwords
You can now create Tokens with the intent
app_password
, and use them when authenticating with a flow. This requires theUser database + app passwords
backend in your password stage (this is done automatically on upgrade).You will also see in the logs which backend was used as the
auth_method
andauth_method_args
arguments on the Event.
Minor changes
- admin: add API to show embedded outpost status, add notice when its not configured properly
- api: ensure all resources can be filtered
- api: make all PropertyMappings filterable by multiple managed attributes
- core: add API to directly send recovery link to user
- core: add UserSelfSerializer and separate method for users to update themselves with limited fields
- core: allow changing of groups a user is in from user api
- flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
- lifecycle: decrease default worker count on compose
- outpost/ldap: Performance improvements, support for (member=) lookup
- providers/proxy: don't create ingress when no hosts are defined
- sources/plex: add API to get user connections
- web: add API Drawer
- web/admin: add UI to copy invitation link
- web/admin: allow modification of users groups from user view
- web/admin: re-name service connection to integration
Fixed in 2021.8.1-rc2
- ci: add pipeline to build and push js api package
- ci: upgrade web api client when schema changes
- core: add new token intent and auth backend (#1284)
- core: add token tests for invalid intent and token auth
- core: fix token intent not defaulting correctly
- core: handle error when ?for_user is not numberical
- lib: move id and key generators to lib (#1286)
- lifecycle: rename to ak
- outpost: handle non-existant permission
- outposts: add recursion limit for docker controller
- outposts: add repair_permissions command
- root: add alias for akflow files
- root: add ASGI Error handler
- root: add License to NPM package
- root: fix error_handler for websocket
- root: fix mis-matched postgres version for CI
- root: remove remainders from gen
- root: remove usage of make-gen
- root: test schema auto-update
- root: update schema
- stages/password: auto-enable app password backend
- stages/user_write: fix wrong fallback authentication backend
- web: add custom readme to api client
- web: add ESM to generated Client
- web: build. api in different folder
- web: improve api client versioning
- web: Merge pull request #1258 from goauthentik/publish-api-to-npm
- web: migrate to @goauthentik/api
- web: Update Web API Client version (#1283)
- web: use custom client for web linting
- web/admin: allow users to create app password tokens
- web/admin: display token's intents
- web/admin: fix missing app passwords backend
- web/admin: improve delete modal for stage bindings and policy bindings
- web/admin: select all password stage backends by default
- web/admin: show system status first
- web/flows: fix error during error handling
- website: add docs for making schema changes
- website: make default login-2fa flow ignore 2fa with app passwords
- website/docs: add docs for
auth_method
andauth_method_args
fields
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2021.7 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Upgrade to the latest chart version to get the new images.