Clément Michaud
7a2b45a66f
Merge pull request #95 from clems4ever/acl-by-resources
...
Refine access control with per resource ACLs
2017-09-24 21:54:18 +02:00
Clement Michaud
cf16272a73
Refine access control with per resource ACLs
...
ACLs can now be defined by subdomain AND resource using pattern matching
with regular expressions.
It allows a very fine-grained access control to backend resources.
[Note] For using example environmnent, user must update its /etc/hosts with
new subdomains updated in README.
2017-09-24 21:39:47 +02:00
Clement Michaud
e48b196f38
Add Content-Length header to the forwarded request to Authelia
...
It seems nginx is closing the connection for some backends if
`proxy_set_header Content-Length "";` is not added to the
verification endpoint.
2017-09-23 18:02:21 +02:00
Clement Michaud
d005b83365
Set headers values Remote-User and Remote-Groups in /verify response
2017-09-22 21:25:15 +02:00
Clement Michaud
0a33b2d5ee
Add logs to detect redis connection issues earlier
...
Before this fix, the application was simply crashing during execution
when connection to redis was failing.
Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
2017-09-22 20:52:05 +02:00
Clement Michaud
7128970a53
Add redirection URL as a query parameter during authentication
...
Before this fix, the redirection URL was stored in the user session,
but this has a big drawback since user could open several pages in
browser and thus override the redirection URL leading the user to
be incorrectly redirected.
2017-09-22 17:53:18 +02:00
FrozenDragoon
e644fe7b7b
Split example scripts, allow running example using pre-built docker container (example-dockerhub) or build build from source, as it is now (example-commit).
2017-09-05 06:32:50 -05:00
FrozenDragoon
fa6134e7f5
Don't build a new container for ldap, pass the variables via docker-compose.
2017-09-05 06:17:52 -05:00
Clement Michaud
64c06fd6b8
Parameterize authentication regulation via configuration file. Both for flexibility and for testing purposes.
2017-09-03 12:48:35 +02:00
Clement Michaud
928209dc98
Fix redirection after authentication and error page when accessing restricted pages
2017-08-03 00:41:13 +02:00
Clement Michaud
c12a085f8e
Replace mocha integration tests by cucumber tests
2017-07-31 22:20:33 +02:00
Clement Michaud
e45ac39c8f
Add Mongo as scalable and resilient storage backend
2017-07-31 00:29:00 +02:00
Clement Michaud
24d4176a39
Secret page contains a link with wrong port to redirect the user to home page
2017-07-19 00:35:55 +02:00
Clement Michaud
6d5fc84693
Add an icon to the webpages of example
2017-07-16 16:19:44 +02:00
Clement Michaud
8f152d2328
Fix example environment
2017-07-14 19:05:42 +02:00
Clement Michaud
f516aaf243
Adding one integration test for redis
2017-07-14 00:25:11 +02:00
Clement Michaud
e56c2492ed
Fix integration test and package Travis scripts
2017-06-29 13:09:08 +02:00
Clement Michaud
0414d28e2b
Fix LDAP binding non working on servers with restricted ACL rules and add unit tests
2017-06-29 11:29:33 +02:00
Clement Michaud
ddf1e48535
Refactor client to make it responsive and testable
2017-06-16 18:16:38 +02:00
Clement Michaud
6d24e82835
Remove '/authentication/' base path from endpoint URLs
2017-05-14 17:41:56 +02:00
Clement Michaud
b403cfe2f8
Rework the configuration of the access control to allow default policy for certain domains
2017-03-25 18:38:14 +01:00
Clement Michaud
2a73b1a431
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains
2017-03-25 15:17:21 +01:00
Clement Michaud
c7e4f76b9c
Add an LDAP user search filter in the configuration filte to specify the user attribute to search for in LDAP
2017-03-16 01:25:55 +01:00
Clement Michaud
606ddc7308
Handle SSO over multiple subdomains
2017-03-15 23:07:57 +01:00
Clement Michaud
05046338ed
Implement password reset
2017-01-27 01:20:03 +01:00
Clement Michaud
d3db94105e
Registration process sends an email to allow user to register its U2F device
2017-01-22 17:54:45 +01:00