RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,173 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

24 Commits (5b8d295d6084462ee5750de8642bccc2b1082e87)

Author SHA1 Message Date
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150) 
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
 2023-04-13 20:58:18 +10:00
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546) 
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
 2023-03-06 14:58:50 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296) 
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2023-01-25 20:36:40 +11:00
James Elliott a566c16d08
feat(web): privacy policy url (#4625) 
This allows users to customize a privacy policy URL at the bottom of the login view.

Closes #2639
 2023-01-22 19:58:07 +11:00
Manuel Nuñez 8b29cf7ee8
feat(session): multiple session cookie domains (#3754) 
This adds support to configure multiple session cookie domains.

Closes #1198

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2023-01-12 21:57:44 +11:00
James Elliott adaf069eab
feat(oidc): per-client pkce enforcement policy (#4692) 
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
 2023-01-04 02:03:23 +11:00
James Elliott 69c4c02d03
feat(storage): tls connection support (#4233) 
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
 2022-10-22 19:27:59 +11:00
James Elliott 9532823a99
feat(configuration): mtls clients (#4221) 
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.

Closes #4044
 2022-10-21 19:41:33 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080) 
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
 2022-10-20 13:16:36 +11:00
James Elliott 52102eea8c
feat(authorization): query parameter filtering (#3990) 
This allows for advanced filtering of the query parameters in ACL's.

Closes #2708
 2022-10-19 14:09:22 +11:00
James Elliott a0b2e78e5d
feat(authentication): file case-insensitive and email search (#4194) 
This allows both case-insensitive and email searching for the file auth provider.

Closes #3383
 2022-10-18 11:57:08 +11:00
James Elliott 84cb457cb0
feat(authentication): file provider hot reload (#4188) 
This adds hot reloading to the file auth provider.
 2022-10-17 22:31:23 +11:00
James Elliott 3a70f6739b
feat(authentication): file password algorithms (#3848) 
This adds significant enhancements to the file auth provider including multiple additional algorithms.
 2022-10-17 21:51:59 +11:00
Manuel Nuñez c8fa19e6bd
feat(notification): add disable_starttls option (#3855) 
This adds a boolean option to SMTP which disables StartTLS for SMTP servers that ignore standards.
 2022-10-02 13:51:19 +11:00
James Elliott 6810c91d34
feat(oidc): issuer jwk certificates (#3989) 
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
 2022-10-02 13:07:40 +11:00
James Elliott 66ea374227
feat(authentication): permit feature detection failures (#4061) 
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
 2022-10-02 07:44:18 +11:00
James Elliott 342497a869
refactor(server): use errgroup to supervise services (#3755) 
Uses the errgroup package and pattern for supervising services like servers etc.
 2022-08-09 07:50:12 +10:00
James Elliott e1ee5a5d07
fix(configuration): missing password_reset disable key (#3616) 2022-06-28 16:41:30 +10:00
James Elliott 25b5c1ee2e
feat(authentication): unauthenticated ldap bind (#3291) 
This allows configuring unauthenticated LDAP binding.
 2022-06-17 21:03:47 +10:00
James Elliott 5304178165
ci: add dedicated authelia-gen command (#3463) 
Adds a dedicated authelia code/doc gen command.
 2022-06-14 22:40:00 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234) 
Adds ability to record metrics and gather them for Prometheus.
 2022-06-14 17:20:13 +10:00
James Elliott c7d992f341
fix(authentication): follow ldap referrals (#3251) 
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-05-02 11:51:38 +10:00
James Elliott e99fb7a08f
feat(configuration): configurable default second factor method (#3081) 
This allows configuring the default second factor method.
 2022-04-18 09:58:24 +10:00
James Elliott dc7ca6f03c
refactor: introduce config key gen (#3206) 
This adjusts the validated keys to utilize a generated code section.
 2022-04-16 19:00:39 +10:00