Commit Graph

270 Commits (0f5fae86469e711f74e3c3455bb43bf84ac10d90)

Author SHA1 Message Date
James Elliott f79db588be
feat(authentication): ldap memberof group search (#5418)
Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.

Closes #2161

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 14:40:38 +10:00
James Elliott 4577fce95b
refactor: path from address (#5492)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 18:21:19 +10:00
James Elliott 5e9d8d6c71
docs: fix missing values (#5497)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 21:51:45 +10:00
James Elliott 32c68804e0
feat(oidc): disable minimum parameter entropy (#5495)
This allows disabling the minimum parameter entropy checks.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 11:50:55 +10:00
James Elliott 0a2d849cda
docs: fixes to oidc docs (#5469)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:25:20 +10:00
James Elliott 65f69aeb4e
feat(oidc): jwk selection by id (#5464)
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott 1b7c99ec0b
docs(oidc): authz policy (#5468)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 18:44:40 +10:00
James Elliott 83c4cb8a94
docs: misc fixes (#5462)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
James Elliott e37f19c170
build: allow users to set the umask easily (#5407)
This adds an easy way for users  to set a UMASK in the container.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-13 13:19:47 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott 4700133682
docs: fix typo (#5413)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 20:30:32 +10:00
James Elliott 83cd09db79
docs: factorize (#5411)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 16:02:59 +10:00
James Elliott 998ffe5255
refactor: strip word and from duration (#5412)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott 41afaa5cc2
docs: factorize (#5410)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 14:26:12 +10:00
James Elliott a0deacff55
refactor: misc consistency fixes (#5406)
Misc consistency fixes to docs and related content.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott 3abad065a3
docs: fix totp support header (#5405)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 20:28:21 +10:00
James Elliott 2116422b79
docs: totp reference (#5404)
Adds documentation for supported TOTP apps.

Closes #2650

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:52:47 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 4ba1b6465a
docs: add alert for configuration sections (#5380)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-04 21:23:15 +10:00
James Elliott 6d48e4cd51
docs: add nix pkg manager reference (#5372)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-03 20:18:51 +10:00
Amir Zarrinkafsh 6b04fe2652
docs: fix tailscale oidc typos and inaccuracies (#5367)
Adjusts some inaccuracies and inconsistencies.

Fixes #5359

Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-03 11:29:55 +10:00
James Elliott 871cd8701d
docs: oidc faq resolution (#5352)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 19:54:42 +10:00
James Elliott 7d6a74ceec
docs: fix missing text (#5347)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 13:58:15 +10:00
James Elliott 9006ff6979
docs: include stdout information about complete logs (#5346)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 13:44:39 +10:00
James Elliott eaddb57c27
docs: add exhaustive complete logs reference guide (#5345)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-01 12:36:02 +10:00
Dennis Gaida 63d2de7604
docs: update screenshot (#5342)
Signed-off-by: Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
2023-05-01 12:19:06 +10:00
James Elliott 9537ad6813
docs: fix line endings (#5340)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-30 11:13:55 +10:00
Dennis Gaida c3cc4061b8
docs: improve tailscale integration (#5330)
This is an addendum to #5287 and includes some improvements.

Signed-off-by: Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
2023-04-30 09:18:57 +10:00
Harold f08cf83be4
docs(oidc): kasm workspaces (#5314)
This adds a Kasm Workspaces OpenID Connect 1.0 integration guide.

Signed-off-by: Harold <73724671+HaroldVB@users.noreply.github.com>
2023-04-27 18:40:06 +10:00
James Elliott c772ec26b1
i18n: update generated language support (#5316)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-26 13:00:54 +10:00
James Elliott b11353bbe8
docs: implement developer certificate of origin (#5096)
This implements the Developer Certificate of Origin as a commit check via the commitlint hook and add the relevant documentation.

Closes #5095

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-26 12:48:15 +10:00
James Elliott 8f2cef5ab2
docs: misc fix (#5302)
Include a missing link.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-23 10:11:40 +10:00
Dennis Gaida 1ba134fd60
docs(oidc): tailscale integration (#5287)
Adding Tailscale configuration documentation.
2023-04-23 10:06:28 +10:00
Nicolas Znamenski 0ec58d772a
docs: fix typo (#5301)
Fixed a typo/deprecated parameter --random-charset into --random.charset

Signed-off-by: Nicolas Znamenski <contact@loud.software>
2023-04-23 10:03:39 +10:00
James Elliott 033d3c0408
fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00
James Elliott 616fa3c48d
docs: header consistency (#5266) 2023-04-18 09:53:26 +10:00
James Elliott 9917e3290a
docs: misc fixes (#5258)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-16 07:48:03 +10:00
James Elliott 9e8db3c3f3
docs(oidc): faq refresh (#5254)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
James Elliott 11eafba079
docs: update blog (#5251)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 16:08:29 +10:00
James Elliott 773387291a
docs: update branding docs (#5249)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:39:13 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott db130dad48
docs: github links (#5230)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:10:12 +10:00
James Elliott 157675f1f3
docs: adjust references of webauthn (#5203)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
James Elliott 304467c10f
docs: fix missing migration (#5202)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 13:12:13 +10:00
James Elliott 2dcfc0b04c
feat(handlers): authz authrequest authelia url (#5181)
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00