Commit Graph

878 Commits (65f69aeb4ee6a58267b9771fd657d2b5bc8bd9a5)

Author SHA1 Message Date
James Elliott 65f69aeb4e
feat(oidc): jwk selection by id (#5464)
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott 83c4cb8a94
docs: misc fixes (#5462)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
renovate[bot] 90c0bce3a4
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.1 (#5461)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-19 23:49:22 +10:00
renovate[bot] 5ce36d37cd
build(deps): update ghcr.io/k3d-io/k3d docker tag to v5.5.0 (#5450)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-18 08:00:59 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
renovate[bot] 1d99e42436
build(deps): update mariadb docker tag to v10.11.3 (#5429)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-12 15:40:35 +10:00
renovate[bot] 70df11be16
build(deps): update alpine docker tag to v3.18.0 (#5421)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-10 13:06:31 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott 998ffe5255
refactor: strip word and from duration (#5412)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 15:57:11 +10:00
James Elliott a0deacff55
refactor: misc consistency fixes (#5406)
Misc consistency fixes to docs and related content.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:51:17 +10:00
James Elliott 713f8e9ab7
fix(configuration): fail to parse large int duration (#5408)
Large integers used with the duration common  syntax failed to parse if they exceeded the ability to fit into an int32.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-08 13:30:49 +10:00
James Elliott b219a85e12
refactor(model): use recommended semver regex (#5403)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 17:51:35 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 73861ff17a
build(deps): update module github.com/go-ldap/ldap/v3 to b50d289 (#5396)
This fixes various issues.

Fixes #4199

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-06 13:02:04 +10:00
renovate[bot] 60cb20906c
build(deps): update redis docker tag to v7 (#3260)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-06 09:43:33 +10:00
James Elliott 7785a33ade
build(deps): update module github.com/fasthttp/session to v2.5.0 (#5391)
This offers redis v7 full compatibility.

Closes #3856

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-05 23:50:35 +10:00
renovate[bot] ede5623485
build(deps): update haproxy docker tag to v2.7.8 (#5366)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 13:04:56 +10:00
renovate[bot] 20f9b886a8
build(deps): update golang docker tag to v1.20.4 (#5364)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-03 05:47:18 +10:00
James Elliott 71a01b9945
i18n: update translation for portal.json (Italian) (#5338) 2023-04-30 15:07:30 +10:00
James Elliott 34ec813370
fix(middlewares): failure to detect remote ip (#5339)
This fixes an edge case where the RemoteIP detection could safely fail with an error, and instead defaults to the TCP packet information.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-30 10:52:45 +10:00
renovate[bot] d78c490649
build(deps): update haproxy docker tag to v2.7.7 (#5328)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 13:52:51 +10:00
renovate[bot] 04b340350a
build(deps): update traefik docker tag to v2.10.1 (#5326)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 07:03:26 +10:00
renovate[bot] 8ce111a8fb
build(deps): update envoyproxy/envoy docker tag to v1.26.1 (#5325)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-28 01:04:06 +10:00
James Elliott 456ba9947b
i18n: update translations (#5315)
* i18n: update translation for portal.json (German)

* i18n: update translation for portal.json (Hungarian)

* i18n: update translation for portal.json (Slovenian)

* i18n: update translation for portal.json (Chinese Traditional)
2023-04-26 12:35:07 +10:00
renovate[bot] 2213540738
build(deps): update traefik docker tag to v2.10.0 (#5310)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-25 18:20:52 +10:00
renovate[bot] 1c64e7731a
build(deps): update node.js to v20 (#5294) 2023-04-24 12:08:40 +10:00
James Elliott 033d3c0408
fix(commands): missing pkcs8 option (#5270)
Several crypto generate situations could not generate PKCS #8 ASN.1 DER format keys. Ths fixes this.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-18 12:16:45 +10:00
renovate[bot] 4050bb6a64
build(deps): update envoyproxy/envoy docker tag to v1.26.0 (#5268)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-18 11:43:03 +10:00
James Elliott 616fa3c48d
docs: header consistency (#5266) 2023-04-18 09:53:26 +10:00
James Elliott 4db965e19f
refactor: interfaces (#5252)
Use any alias instead of empty interfaces.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:35:44 +10:00
James Elliott eaddf11df6
refactor: http verbs etc (#5248)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:03:14 +10:00
James Elliott d2cdbb23f3
refactor(authentication): remove deprecated func (#5246)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 10:51:50 +10:00
James Elliott 370585d1de
refactor(web): webauthn references (#5244)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:54:24 +10:00
James Elliott 2733fc040c
refactor: webauthn naming (#5243)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 02:04:42 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 0f4f5d5848
fix(commands): no args not enforced on crypto hash generate (#5237)
This fixes an issue where the authelia crypto hash generate command does not require no arguments leading to some confusing output.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 20:46:43 +10:00
Manuel Nuñez 56c10eab76
test(configuration): add additional coverage (#4779) 2023-04-13 21:15:28 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
renovate[bot] 85e9792cf3
build(deps): update envoyproxy/envoy docker tag to v1.25.5 (#5229)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-13 15:17:54 +10:00
James Elliott c8f75b19af
fix(oidc): default response mode not validated (#5129)
This fixes an issue where the default response mode (i.e. if the mode is omitted) would skip the validations against the allowed response modes.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 21:29:02 +10:00
James Elliott dfbbf1a1f3
fix(model): yaml encoding of totp and webauthn fails (#5204)
This fixes an issue where the encoding of the YAML files fails when exporting TOTP/WebAuthn devices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 21:11:11 +10:00
James Elliott 569af0fef0
fix(commands): storage cmd fail when implicit config absent (#5213)
This fixes an issue where if the implicit config location of configuration.yml does not exist that an error is returned. This does not affect the behavior when the method was either implicit or environment.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-11 20:52:04 +10:00
James Elliott 157675f1f3
docs: adjust references of webauthn (#5203)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-10 17:01:23 +10:00
Matthieu7503 13a45bd360
refactor: misleading host deprecation warning (#5194)
The host deprecation to sever.host is misleading this adjusts the message to be accurate.
2023-04-08 21:22:06 +10:00
James Elliott 622bf42ed4
fix(configuration): secret permission errors panic (#5141)
This fixes an issue where attempting to load secrets the process does not  have read permissions for would cause panics as well as the bit size check of the OpenID Connect 1.0 private key can potentially panic on malformed private keys. This was caused by us returning values on errors instead of nil's.

Fixes #5138

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 16:02:34 +10:00
James Elliott 0424652940
refactor: adjust openapi (#5192)
Misc fixes to OpenAPI Specification that were missed.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 15:25:19 +10:00
James Elliott 2dcfc0b04c
feat(handlers): authz authrequest authelia url (#5181)
This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-08 14:48:55 +10:00