James Elliott
aaeb3aa881
feat(oidc): private key jwt client auth
...
This adds support for the private_key_jwt client authentication method.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:43:07 +10:00
James Elliott
602041d37d
feat(oidc): multiple jwk algorithms
...
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:42:39 +10:00
James Elliott
7cf907b23d
feat(oidc): client_secret_jwt authentication
...
This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-11 20:42:13 +10:00
James Elliott
6c472d8627
refactor(configuration): umask from query ( #5416 )
...
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott
fb5c285c25
feat(authentication): suport ldap over unix socket ( #5397 )
...
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott
90d190121d
feat(server): listen on unix sockets ( #5038 )
...
This allows listening on unix sockets.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott
3d2da0b070
feat(oidc): client authentication modes ( #5150 )
...
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott
ff6be40f5e
feat(oidc): pushed authorization requests ( #4546 )
...
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott
65705a646d
feat(server): customizable authz endpoints ( #4296 )
...
This allows users to customize the authz endpoints.
Closes #2753 , Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott
a566c16d08
feat(web): privacy policy url ( #4625 )
...
This allows users to customize a privacy policy URL at the bottom of the login view.
Closes #2639
2023-01-22 19:58:07 +11:00
Manuel Nuñez
8b29cf7ee8
feat(session): multiple session cookie domains ( #3754 )
...
This adds support to configure multiple session cookie domains.
Closes #1198
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
James Elliott
adaf069eab
feat(oidc): per-client pkce enforcement policy ( #4692 )
...
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott
69c4c02d03
feat(storage): tls connection support ( #4233 )
...
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
2022-10-22 19:27:59 +11:00
James Elliott
9532823a99
feat(configuration): mtls clients ( #4221 )
...
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.
Closes #4044
2022-10-21 19:41:33 +11:00
James Elliott
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott
52102eea8c
feat(authorization): query parameter filtering ( #3990 )
...
This allows for advanced filtering of the query parameters in ACL's.
Closes #2708
2022-10-19 14:09:22 +11:00
James Elliott
a0b2e78e5d
feat(authentication): file case-insensitive and email search ( #4194 )
...
This allows both case-insensitive and email searching for the file auth provider.
Closes #3383
2022-10-18 11:57:08 +11:00
James Elliott
84cb457cb0
feat(authentication): file provider hot reload ( #4188 )
...
This adds hot reloading to the file auth provider.
2022-10-17 22:31:23 +11:00
James Elliott
3a70f6739b
feat(authentication): file password algorithms ( #3848 )
...
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
Manuel Nuñez
c8fa19e6bd
feat(notification): add disable_starttls option ( #3855 )
...
This adds a boolean option to SMTP which disables StartTLS for SMTP servers that ignore standards.
2022-10-02 13:51:19 +11:00
James Elliott
6810c91d34
feat(oidc): issuer jwk certificates ( #3989 )
...
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
James Elliott
66ea374227
feat(authentication): permit feature detection failures ( #4061 )
...
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
2022-10-02 07:44:18 +11:00
James Elliott
342497a869
refactor(server): use errgroup to supervise services ( #3755 )
...
Uses the errgroup package and pattern for supervising services like servers etc.
2022-08-09 07:50:12 +10:00
James Elliott
e1ee5a5d07
fix(configuration): missing password_reset disable key ( #3616 )
2022-06-28 16:41:30 +10:00
James Elliott
25b5c1ee2e
feat(authentication): unauthenticated ldap bind ( #3291 )
...
This allows configuring unauthenticated LDAP binding.
2022-06-17 21:03:47 +10:00
James Elliott
5304178165
ci: add dedicated authelia-gen command ( #3463 )
...
Adds a dedicated authelia code/doc gen command.
2022-06-14 22:40:00 +10:00
James Elliott
001589cd6d
feat(metrics): implement prometheus metrics ( #3234 )
...
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
James Elliott
c7d992f341
fix(authentication): follow ldap referrals ( #3251 )
...
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-05-02 11:51:38 +10:00
James Elliott
e99fb7a08f
feat(configuration): configurable default second factor method ( #3081 )
...
This allows configuring the default second factor method.
2022-04-18 09:58:24 +10:00
James Elliott
dc7ca6f03c
refactor: introduce config key gen ( #3206 )
...
This adjusts the validated keys to utilize a generated code section.
2022-04-16 19:00:39 +10:00