Commit Graph

104 Commits (renovate/haproxy-2.x)

Author SHA1 Message Date
James Elliott f79db588be
feat(authentication): ldap memberof group search (#5418)
Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.

Closes #2161

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 14:40:38 +10:00
James Elliott 4577fce95b
refactor: path from address (#5492)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 18:21:19 +10:00
James Elliott 5e9d8d6c71
docs: fix missing values (#5497)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 21:51:45 +10:00
James Elliott 32c68804e0
feat(oidc): disable minimum parameter entropy (#5495)
This allows disabling the minimum parameter entropy checks.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 11:50:55 +10:00
James Elliott 0a2d849cda
docs: fixes to oidc docs (#5469)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:25:20 +10:00
James Elliott 65f69aeb4e
feat(oidc): jwk selection by id (#5464)
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott 1b7c99ec0b
docs(oidc): authz policy (#5468)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 18:44:40 +10:00
James Elliott 83c4cb8a94
docs: misc fixes (#5462)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott 4700133682
docs: fix typo (#5413)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 20:30:32 +10:00
James Elliott 83cd09db79
docs: factorize (#5411)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 16:02:59 +10:00
James Elliott 998ffe5255
refactor: strip word and from duration (#5412)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott 41afaa5cc2
docs: factorize (#5410)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 14:26:12 +10:00
James Elliott a0deacff55
refactor: misc consistency fixes (#5406)
Misc consistency fixes to docs and related content.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott 2116422b79
docs: totp reference (#5404)
Adds documentation for supported TOTP apps.

Closes #2650

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:52:47 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 4ba1b6465a
docs: add alert for configuration sections (#5380)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-04 21:23:15 +10:00
James Elliott 9e8db3c3f3
docs(oidc): faq refresh (#5254)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott db130dad48
docs: github links (#5230)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:10:12 +10:00
James Elliott 304467c10f
docs: fix missing migration (#5202)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 13:12:13 +10:00
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott b9a6856ff5
fix(logging): injected time format inconsistent (#5004)
This fixes an issue where the injected log time format is inconsistent with a normalized time format. This adjusts it to use a RFC3339 format.
2023-02-28 20:40:04 +11:00
James Elliott 8e4b660f15
refactor: certs (#4912)
This refactors the suites to use a Enterprise Root CA PKI signed certificate so the CA public certificate can be trusted. This is particularly useful for webauthn in Chrome.
2023-02-11 14:11:40 +11:00
James Elliott e9fd4160e4
docs: add important note for implicit consent (#4901) 2023-02-08 13:51:23 +11:00
James Elliott d1147f9ac4
docs: refactor oidc config docs (#4892) 2023-02-08 01:29:43 +11:00
James Elliott a7ccf3652f
docs: fix rfc references and fix misc issues (#4879) 2023-02-05 18:11:30 +11:00
James Elliott 598ea2bb19
feat(configuration): disallow public suffix domains (#4855)
This adds a check to the domains configuration to ensure the domain value is not part of the public suffix list at https://publicsuffix.org. These domains are special and users cannot write cookies with this domain value, this makes them unusable with Authelia and this more readily makes that apparent.
2023-02-02 16:34:49 +11:00
James Elliott 7e285f461f
docs: add common oidc shortcode and update (#4862) 2023-02-02 12:30:06 +11:00
James Elliott a2965183f7
docs: fix missing yaml example (#4853) 2023-01-31 10:28:00 +11:00
James Elliott deb47264d5
docs: gen (#4833) 2023-01-26 19:04:46 +11:00
James Elliott 8cd88e83c1
docs: fix typo (#4832) 2023-01-26 18:39:56 +11:00
James Elliott b42a84340d
docs: env adjustment (#4826) 2023-01-26 13:23:02 +11:00
James Elliott a33b37a9cd
docs: make several openid connect areas uniform (#4824) 2023-01-26 10:59:18 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
electrofloat ce65764948
docs: fix copy paste typo (#4815)
Fixed a copy-paste bug in the description of the idle server timeout. This change only fixes that bug, but this part of the documentation need better explaining. (Something called "idle" in the "Server Timeouts" section of course configures server idle timeout, but what is server in this context, when happens when the time defined in idle expires, etc.)
2023-01-24 09:58:57 +11:00
James Elliott a566c16d08
feat(web): privacy policy url (#4625)
This allows users to customize a privacy policy URL at the bottom of the login view.

Closes #2639
2023-01-22 19:58:07 +11:00
James Elliott d696593d6d
docs: fix incorrect env name (#4768) 2023-01-15 12:02:38 +11:00
Dinh Bao Dang 98604dc7eb
docs: fix links and npm install command (#4755)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-12 22:02:13 +11:00
Manuel Nuñez 8b29cf7ee8
feat(session): multiple session cookie domains (#3754)
This adds support to configure multiple session cookie domains.

Closes #1198

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
James Elliott adaf069eab
feat(oidc): per-client pkce enforcement policy (#4692)
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott 55a6794370
feat(templates): templating functions (#4635)
This adds several functions which are available in most areas that use templates.
2022-12-23 21:58:54 +11:00
James Elliott d7ab3bb633
feat(commands): storage import/export commands (#4545)
This adds commands to export and import TOTP configurations and Webauthn devices as YAML.
2022-12-23 15:00:23 +11:00
James Elliott 0130edb870
feat(configuration): env config file discovery (#4618)
This allows Authelia to discover config files and config options via environment variables.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-12-23 11:03:50 +11:00
James Elliott cc1e58e004
feat(configuration): load config from directory (#4616)
This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
2022-12-22 17:34:20 +11:00