authelia

Commit Graph

Author	SHA1	Message	Date
James Elliott	b4e570358e	fix: include major in go.mod module directive (#2278 ) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc	2021-08-11 11:16:46 +10:00
James Elliott	ddea31193b	feature(oidc): add support for OpenID Connect OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>	2021-05-05 00:15:36 +02:00
James Elliott	4dce8f9496	perf(authorizer): preload access control lists (#1640 ) * adjust session refresh to always occur (for disabled users) * feat: adds filtering option for Request Method in ACL's * simplify flow of internal/authorization/authorizer.go's methods * implement query string checking * utilize authorizer.Object fully * make matchers uniform * add tests * add missing request methods * add frontend enhancements to handle request method * add request method to 1FA Handler Suite * add internal ACL representations (preparsing) * expand on access_control next * add docs * remove unnecessary slice for network names and instead just use a plain string * add warning for ineffectual bypass policy (due to subjects) * add user/group wildcard support * fix(authorization): allow subject rules to match anonymous users * feat(api): add new params * docs(api): wording adjustments * test: add request method into testing and proxy docs * test: add several checks and refactor schema validation for ACL * test: add integration test for methods acl * refactor: apply suggestions from code review * docs(authorization): update description	2021-03-05 15:18:31 +11:00

Author

SHA1

Message

Date

James Elliott

b4e570358e

fix: include major in go.mod module directive (#2278 )

* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc

2021-08-11 11:16:46 +10:00

James Elliott

ddea31193b

feature(oidc): add support for OpenID Connect

OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.

This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.

We are still working on adding the remaining set of features before making it GA as soon as possible.

Related to #189

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>

2021-05-05 00:15:36 +02:00

James Elliott

4dce8f9496

perf(authorizer): preload access control lists (#1640 )

* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description

2021-03-05 15:18:31 +11:00

3 Commits (5b3fa1fffb82cf7a5f4ba11ce151e16b929a6e34)