James Elliott
f290fd90b1
feat: denied
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-19 12:02:38 +10:00
James Elliott
2f9da2b7e0
feat(oidc): per-client auth policy applied per-subject
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-19 12:02:38 +10:00
James Elliott
5e5eead729
feat(oidc): per-client auth policy applied per-subject
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-19 12:02:38 +10:00
James Elliott
f79db588be
feat(authentication): ldap memberof group search ( #5418 )
...
Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.
Closes #2161
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 14:40:38 +10:00
renovate[bot]
ecf742aa33
build(deps): update mariadb docker tag to v11 ( #5574 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-17 21:52:23 +10:00
renovate[bot]
f05db093be
build(deps): update mariadb docker tag to v10.11.4 ( #5556 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-16 03:57:55 +10:00
renovate[bot]
bbfd3d4467
build(deps): update alpine docker tag to v3.18.2 ( #5558 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-15 08:39:12 +10:00
James Elliott
4adefd3ef6
docs: fix issue template ( #5541 )
...
Fixes an issue with the issue templates.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-08 09:18:35 +10:00
renovate[bot]
899d58b827
build(deps): update golang docker tag to v1.20.5 ( #5536 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-07 12:09:41 +10:00
renovate[bot]
eaa4fb5fb7
build(deps): update envoyproxy/envoy docker tag to v1.26.2 ( #5524 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-05 22:33:19 +10:00
James Elliott
4c98da0d29
test(configuration): add some additional coverage ( #5485 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-31 20:50:22 +10:00
James Elliott
4577fce95b
refactor: path from address ( #5492 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 18:21:19 +10:00
James Elliott
f90c369b45
docs: fix some example formatting ( #5501 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 14:46:23 +10:00
James Elliott
32c68804e0
feat(oidc): disable minimum parameter entropy ( #5495 )
...
This allows disabling the minimum parameter entropy checks.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 11:50:55 +10:00
James Elliott
17db704f4d
test(authentication): add missing type tests ( #5483 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 12:26:19 +10:00
James Elliott
fbbeef3ae8
test(authentication): add missing tests ( #5482 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 11:17:35 +10:00
James Elliott
f1b3fc7b31
test(handlers): add missing tests ( #5480 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-25 07:58:00 +10:00
James Elliott
2e8a460a66
test: add misc missing tests ( #5479 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 22:33:05 +10:00
James Elliott
e784a72735
test(authorization): add missing tests ( #5478 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 19:23:46 +10:00
James Elliott
f724818c44
test(authentication): file provider ( #5473 )
...
Add additional tests to the file provider.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-24 05:57:53 +10:00
James Elliott
65f69aeb4e
feat(oidc): jwk selection by id ( #5464 )
...
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott
83c4cb8a94
docs: misc fixes ( #5462 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
renovate[bot]
90c0bce3a4
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.1 ( #5461 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-19 23:49:22 +10:00
renovate[bot]
5ce36d37cd
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.0 ( #5450 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-18 08:00:59 +10:00
James Elliott
65ecfe4b9a
feat(oidc): private_key_jwt client auth ( #5280 )
...
This adds support for the private_key_jwt client authentication method.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott
cef374cdc1
feat(oidc): multiple jwk algorithms ( #5279 )
...
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott
1dbfbc5f88
feat(oidc): client_secret_jwt client auth ( #5253 )
...
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
renovate[bot]
1d99e42436
build(deps): update mariadb docker tag to v10.11.3 ( #5429 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-12 15:40:35 +10:00
renovate[bot]
70df11be16
build(deps): update alpine docker tag to v3.18.0 ( #5421 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-10 13:06:31 +10:00
James Elliott
6c472d8627
refactor(configuration): umask from query ( #5416 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott
998ffe5255
refactor: strip word and from duration ( #5412 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott
a0deacff55
refactor: misc consistency fixes ( #5406 )
...
Misc consistency fixes to docs and related content.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott
713f8e9ab7
fix(configuration): fail to parse large int duration ( #5408 )
...
Large integers used with the duration common syntax failed to parse if they exceeded the ability to fit into an int32.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:30:49 +10:00
James Elliott
b219a85e12
refactor(model): use recommended semver regex ( #5403 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:51:35 +10:00
James Elliott
fb5c285c25
feat(authentication): suport ldap over unix socket ( #5397 )
...
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott
90d190121d
feat(server): listen on unix sockets ( #5038 )
...
This allows listening on unix sockets.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott
73861ff17a
build(deps): update module github.com/go-ldap/ldap/v3 to b50d289 ( #5396 )
...
This fixes various issues.
Fixes #4199
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-06 13:02:04 +10:00
renovate[bot]
60cb20906c
build(deps): update redis docker tag to v7 ( #3260 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-06 09:43:33 +10:00
James Elliott
7785a33ade
build(deps): update module github.com/fasthttp/session to v2.5.0 ( #5391 )
...
This offers redis v7 full compatibility.
Closes #3856
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-05 23:50:35 +10:00
renovate[bot]
ede5623485
build(deps): update haproxy docker tag to v2.7.8 ( #5366 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 13:04:56 +10:00
renovate[bot]
20f9b886a8
build(deps): update golang docker tag to v1.20.4 ( #5364 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 05:47:18 +10:00
James Elliott
71a01b9945
i18n: update translation for portal.json (Italian) ( #5338 )
2023-04-30 15:07:30 +10:00
James Elliott
34ec813370
fix(middlewares): failure to detect remote ip ( #5339 )
...
This fixes an edge case where the RemoteIP detection could safely fail with an error, and instead defaults to the TCP packet information.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-30 10:52:45 +10:00
renovate[bot]
d78c490649
build(deps): update haproxy docker tag to v2.7.7 ( #5328 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 13:52:51 +10:00
renovate[bot]
04b340350a
build(deps): update traefik docker tag to v2.10.1 ( #5326 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 07:03:26 +10:00
renovate[bot]
8ce111a8fb
build(deps): update envoyproxy/envoy docker tag to v1.26.1 ( #5325 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 01:04:06 +10:00
James Elliott
456ba9947b
i18n: update translations ( #5315 )
...
* i18n: update translation for portal.json (German)
* i18n: update translation for portal.json (Hungarian)
* i18n: update translation for portal.json (Slovenian)
* i18n: update translation for portal.json (Chinese Traditional)
2023-04-26 12:35:07 +10:00
renovate[bot]
2213540738
build(deps): update traefik docker tag to v2.10.0 ( #5310 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-25 18:20:52 +10:00
renovate[bot]
1c64e7731a
build(deps): update node.js to v20 ( #5294 )
2023-04-24 12:08:40 +10:00
James Elliott
033d3c0408
fix(commands): missing pkcs8 option ( #5270 )
...
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00