033d3c0408
fix(commands): missing pkcs8 option ( #5270 )
...
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00
616fa3c48d
docs: header consistency ( #5266 )
2023-04-18 09:53:26 +10:00
9917e3290a
docs: misc fixes ( #5258 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-16 07:48:03 +10:00
9e8db3c3f3
docs(oidc): faq refresh ( #5254 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
11eafba079
docs: update blog ( #5251 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 16:08:29 +10:00
773387291a
docs: update branding docs ( #5249 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:39:13 +10:00
a179775f6f
refactor: misc out of band changes ( #5238 )
...
This just implements some changes from feat-settings-ui that are out of scope.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
3d2da0b070
feat(oidc): client authentication modes ( #5150 )
...
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
db130dad48
docs: github links ( #5230 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:10:12 +10:00
157675f1f3
docs: adjust references of webauthn ( #5203 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
304467c10f
docs: fix missing migration ( #5202 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 13:12:13 +10:00
2dcfc0b04c
feat(handlers): authz authrequest authelia url ( #5181 )
...
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00
3b52ddb137
docs: add adaptation blurbs ( #5163 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 10:00:36 +10:00
19d1b1bbcb
docs: fix gitea example ( #5156 )
...
Fixes the gitea example and a few other minor issues.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-02 13:12:01 +10:00
9fe2ed9a46
docs(oidc): firezone integration ( #5125 )
...
This adds a Firezone VPN integration with OpenID Connect 1.0.
2023-03-28 20:29:13 +11:00
154110d4d9
docs: correct the link to the docs ( #5112 )
2023-03-22 13:55:31 +10:00
0bf40f63ea
docs(oidc): minio integration ( #5100 )
...
Add MinIO OpenID Connect 1.0 documentation.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-03-21 11:21:23 +11:00
b03c1d0be2
docs: include pull request review checklist ( #5094 )
...
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-03-20 15:03:52 +11:00
ae719a8e51
docs: include hardening in measures ( #5093 )
2023-03-20 12:30:12 +10:00
0fb5ac78a7
docs: misc improvements ( #5092 )
...
* docs: misc improvements
* docs: misc improvements
2023-03-20 11:25:21 +11:00
d5a4de2d98
docs: misc fixes ( #5088 )
2023-03-19 16:57:26 +10:00
a2b3cbd794
docs: openssf best practices ( #5079 )
...
* docs: openssf best practices
* docs: update csp
* docs: update sponsors and governance
2023-03-19 16:29:12 +10:00
a048c48da7
docs: misago oidc ( #5024 )
...
This adds Misago integration docs for OpenID Connect.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-03-14 08:51:13 +11:00
482f23b506
docs: gen ( #5054 )
2023-03-12 09:33:40 +11:00
fdd9901361
docs: add accessibility resolution recommendations ( #5046 )
2023-03-09 13:03:39 +11:00
3306c42cc6
docs: accessibility guidelines ( #5033 )
2023-03-06 20:17:57 +11:00
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
0565be3db1
docs: faq ( #5032 )
2023-03-06 11:32:06 +11:00
fca8e2130a
docs: update integration docs ( #4986 )
2023-03-04 15:53:48 +11:00
b9a6856ff5
fix(logging): injected time format inconsistent ( #5004 )
...
This fixes an issue where the injected log time format is inconsistent with a normalized time format. This adjusts it to use a RFC3339 format.
2023-02-28 20:40:04 +11:00
f62b4d4cd3
docs: update ngnix docs ( #4980 )
2023-02-22 15:26:10 +11:00
8253b44e5d
docs: update swag docs ( #4979 )
2023-02-22 15:11:11 +11:00
891f1de9f2
refactor(commands): x509 bundling ( #4942 )
...
This adds another bundling mode to the certificate command.
2023-02-17 14:29:07 +11:00
ad689275d3
docs: improve gitea oidc guidance ( #4808 )
...
Make the non-obvious relationship between the Gitea `Authentication Name` and the path of the redirect URI explicit.
Signed-off-by: James Hillyerd <james@hillyerd.com>
2023-02-13 07:49:43 +11:00
8e4b660f15
refactor: certs ( #4912 )
...
This refactors the suites to use a Enterprise Root CA PKI signed certificate so the CA public certificate can be trusted. This is particularly useful for webauthn in Chrome.
2023-02-11 14:11:40 +11:00
e9fd4160e4
docs: add important note for implicit consent ( #4901 )
2023-02-08 13:51:23 +11:00
2e6d17ba8a
feat(configuration): rfc2307bis implementation ( #4900 )
...
This adds configuration defaults for RFC2307bis LDAP implementations such as OpenLDAP with the RFC2307bis LDIF which should service most user needs.
2023-02-08 13:35:57 +11:00
d1147f9ac4
docs: refactor oidc config docs ( #4892 )
2023-02-08 01:29:43 +11:00
726850fe43
refactor: add some more useful templating funcs ( #4891 )
2023-02-08 01:28:09 +11:00
a7ccf3652f
docs: fix rfc references and fix misc issues ( #4879 )
2023-02-05 18:11:30 +11:00
370a3b1e8d
build: update to go 1.20 ( #4866 )
2023-02-02 21:19:28 +11:00
e408cb19b1
test: adjust tests and docs to be similar ( #4856 )
2023-02-02 18:13:18 +11:00
598ea2bb19
feat(configuration): disallow public suffix domains ( #4855 )
...
This adds a check to the domains configuration to ensure the domain value is not part of the public suffix list at https://publicsuffix.org . These domains are special and users cannot write cookies with this domain value, this makes them unusable with Authelia and this more readily makes that apparent.
2023-02-02 16:34:49 +11:00
7e285f461f
docs: add common oidc shortcode and update ( #4862 )
2023-02-02 12:30:06 +11:00
a2965183f7
docs: fix missing yaml example ( #4853 )
2023-01-31 10:28:00 +11:00
9eb9e29b13
docs: fix typo ( #4842 )
...
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-29 10:01:41 +11:00
b3b24f4479
docs: fix ip addresses ( #4843 )
...
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-29 09:25:32 +11:00
deb47264d5
docs: gen ( #4833 )
2023-01-26 19:04:46 +11:00
8cd88e83c1
docs: fix typo ( #4832 )
2023-01-26 18:39:56 +11:00
1ac4321013
docs: fix misc issues ( #4831 )
2023-01-26 16:38:08 +11:00
James Elliott
Joakim Pettersen
Trung Le
boomam
tetricky
James Hillyerd
Krasimir Nedelchev