OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.
This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.
We are still working on adding the remaining set of features before making it GA as soon as possible.
Related to #189
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Add a suite for testing the PathPrefix feature implemented earlier to serve authelia under a multi-purpose domain.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
* [MISC] Remove executable permission of nginx backend files.
* Set permissions to 644 on k8s tar'd files
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* [DEV] Fix permission issue with dev workflow.
nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.
* Fix Kubernetes integration test
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* [BUGFIX] Fix dev workflow by using TLS for all suites.
* Fix traefik 1.x and 2.x suites.
* Display authelia logs on suite failure.
* Fix HAProxy suite.
* Extend timeout of test case.
* Display current URL in verify assertion.
* fix doLoginTwoFactor by adding a timeout
* when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal
* fix by adding one second timeout
* bump go version to 1.14.2
* Fix Kube suite and bump dashboard.
* Update dist authelia-frontend to proxy_pass with variable
* Apply suggestions from code review
Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
* Apply suggestions from code review
Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
* Remove debug logs since it's polluting logs.
Also set timeout back to 5 seconds in HA suite.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
James Elliott
Amir Zarrinkafsh
Clément Michaud