Commit Graph

636 Commits (099f4fa5e0fd025366489c4416157d91d619c7be)

Author SHA1 Message Date
James Elliott 099f4fa5e0
feat(authentication): ldap users reset filter
This allows setting a specific users filter for password resets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 13:59:03 +10:00
James Elliott 92cf5a186d
feat(authentication): ldap memberof
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 13:52:02 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
James Elliott e37f19c170
build: allow users to set the umask easily (#5407)
This adds an easy way for users  to set a UMASK in the container.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-13 13:19:47 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott 4700133682
docs: fix typo (#5413)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 20:30:32 +10:00
James Elliott 83cd09db79
docs: factorize (#5411)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 16:02:59 +10:00
James Elliott 998ffe5255
refactor: strip word and from duration (#5412)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott 41afaa5cc2
docs: factorize (#5410)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 14:26:12 +10:00
James Elliott d77bd901da
docs: fix netlify next (#5409)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 14:08:28 +10:00
James Elliott a0deacff55
refactor: misc consistency fixes (#5406)
Misc consistency fixes to docs and related content.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott 3abad065a3
docs: fix totp support header (#5405)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 20:28:21 +10:00
James Elliott 2116422b79
docs: totp reference (#5404)
Adds documentation for supported TOTP apps.

Closes #2650

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:52:47 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 4ba1b6465a
docs: add alert for configuration sections (#5380)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-04 21:23:15 +10:00
James Elliott 6d48e4cd51
docs: add nix pkg manager reference (#5372)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-03 20:18:51 +10:00
Amir Zarrinkafsh 6b04fe2652
docs: fix tailscale oidc typos and inaccuracies (#5367)
Adjusts some inaccuracies and inconsistencies.

Fixes #5359

Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-03 11:29:55 +10:00
James Elliott 871cd8701d
docs: oidc faq resolution (#5352)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 19:54:42 +10:00
James Elliott 7d6a74ceec
docs: fix missing text (#5347)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 13:58:15 +10:00
James Elliott 9006ff6979
docs: include stdout information about complete logs (#5346)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 13:44:39 +10:00
James Elliott eaddb57c27
docs: add exhaustive complete logs reference guide (#5345)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 12:36:02 +10:00
Dennis Gaida 63d2de7604
docs: update screenshot (#5342)
Signed-off-by: Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
2023-05-01 12:19:06 +10:00
James Elliott 908ca811e6
docs: bump deps (#5343)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 09:45:13 +10:00
James Elliott 9537ad6813
docs: fix line endings (#5340)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-30 11:13:55 +10:00
Dennis Gaida c3cc4061b8
docs: improve tailscale integration (#5330)
This is an addendum to #5287 and includes some improvements.

Signed-off-by: Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
2023-04-30 09:18:57 +10:00
Harold f08cf83be4
docs(oidc): kasm workspaces (#5314)
This adds a Kasm Workspaces OpenID Connect 1.0 integration guide.

Signed-off-by: Harold <73724671+HaroldVB@users.noreply.github.com>
2023-04-27 18:40:06 +10:00
James Elliott c772ec26b1
i18n: update generated language support (#5316)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-26 13:00:54 +10:00
James Elliott b11353bbe8
docs: implement developer certificate of origin (#5096)
This implements the Developer Certificate of Origin as a commit check via the commitlint hook and add the relevant documentation.

Closes #5095

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-26 12:48:15 +10:00
James Elliott 8f2cef5ab2
docs: misc fix (#5302)
Include a missing link.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-23 10:11:40 +10:00
Dennis Gaida 1ba134fd60
docs(oidc): tailscale integration (#5287)
Adding Tailscale configuration documentation.
2023-04-23 10:06:28 +10:00
Nicolas Znamenski 0ec58d772a
docs: fix typo (#5301)
Fixed a typo/deprecated parameter --random-charset into --random.charset

Signed-off-by: Nicolas Znamenski <contact@loud.software>
2023-04-23 10:03:39 +10:00
James Elliott 033d3c0408
fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00
James Elliott 616fa3c48d
docs: header consistency (#5266) 2023-04-18 09:53:26 +10:00
James Elliott 9917e3290a
docs: misc fixes (#5258)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-16 07:48:03 +10:00
James Elliott 9e8db3c3f3
docs(oidc): faq refresh (#5254)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
James Elliott 11eafba079
docs: update blog (#5251)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 16:08:29 +10:00
James Elliott 773387291a
docs: update branding docs (#5249)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:39:13 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott db130dad48
docs: github links (#5230)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:10:12 +10:00
James Elliott ecdae9e5d2
build: update lockfiles (#5212)
* build: update lockfiles

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

* refactor(web): update pnpm dep configuration

---------

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-04-11 12:16:41 +10:00
James Elliott 157675f1f3
docs: adjust references of webauthn (#5203)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
James Elliott 304467c10f
docs: fix missing migration (#5202)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 13:12:13 +10:00
James Elliott 2dcfc0b04c
feat(handlers): authz authrequest authelia url (#5181)
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00
James Elliott 3b52ddb137
docs: add adaptation blurbs (#5163)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 10:00:36 +10:00
James Elliott 19d1b1bbcb
docs: fix gitea example (#5156)
Fixes the gitea example and a few other minor issues.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-02 13:12:01 +10:00
Joakim Pettersen 9fe2ed9a46
docs(oidc): firezone integration (#5125)
This adds a Firezone VPN integration with OpenID Connect 1.0.
2023-03-28 20:29:13 +11:00