Commit Graph

333 Commits (e6cf728f24deab81280f5eef86844f7d78755245)

Author SHA1 Message Date
Andrew Moore 6ef6d0499a
feat(oidc): add pkce support (#2924)
Implements Proof Key for Code Exchange for OpenID Connect Authorization Code Flow. By default this is enabled for the public client type and requires the S256 challenge method.

Closes #2921
2022-03-02 15:44:05 +11:00
James Elliott decc4fd05e
docs: fix missing link (#2934) 2022-03-01 16:06:17 +11:00
James Elliott 1eef78ff7b
docs: move oidc roadmap (#2933) 2022-03-01 16:00:27 +11:00
James Elliott c479ba6386
fix(oidc): make preferred_username a profile scope claim (#2930)
This corrects an issue with the preferred_username which should be part of the profile scope as per https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims.

Introduced in ddbb21a via #2829
2022-03-01 14:07:39 +11:00
James Elliott 3c81e75d79
feat(commands): add access-control check-policy command (#2871)
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 14:15:01 +11:00
dependabot[bot] 5ff2323a7f
build(deps): bump nokogiri from 1.12.5 to 1.13.3 in /docs (#2919)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-02-27 15:19:10 +11:00
James Elliott bed7a8ae32
feat(server): csp template (#2856)
Implements the ability for advanced users to override the CSP and easily include the required nonce.
2022-02-21 10:14:09 +11:00
Clément Michaud 6043b43d94
docs: fix roadmap item about oidc (#2885) 2022-02-21 08:50:20 +11:00
Clément Michaud 64adb9eb67
docs: update roadmap with new priorities based on feedbacks (#2878) 2022-02-18 22:35:22 +11:00
James White 50e9ccafa1
docs: fix grammar (#2863)
Remove the gender specific examples for `default_redirection_url`

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-02-17 13:26:17 +11:00
Karlos 096946bcb7
docs: add OIDC integration details about Harbor and Verdaccio (#2867)
Added Harbor (docker/helm open source registry) and verdaccio (open source NPM proxy registry)
2022-02-13 10:05:38 +01:00
James Elliott ddbb21af90
fix(handlers): include preferred_username claim in meta (#2829)
This includes the preferred_username claim in the meta. Also uses the consts for all the applicable claims and scopes.
2022-02-10 09:55:28 +11:00
Clément Michaud 100d598a0e
docs: add documentation about the logout endpoint (#2860)
fix #2859
2022-02-10 09:10:35 +11:00
Biel Frontera 8fc48476c6
docs: add community example of integrating authelia with Django (#2858)
Extend the information given at #2636 about how to integrate
authelia with Django.
2022-02-09 21:50:34 +01:00
Dylan Drost b6cffaaf50
docs: added example configs for oidc for specific services (portainer, proxmox) (#2831)
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2022-02-08 00:05:10 +01:00
Michael Shamoon 5dd0cfb8c7
docs: add Bookstack to list of community-tested OIDC integrations (#2849)
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2022-02-07 22:08:48 +01:00
James Elliott fcdd41ea2a
feat: oidc scope i18n (#2799)
This adds i18n for the OIDC scope descriptsions descriptions.
2022-02-08 01:18:16 +11:00
James Elliott 7775d2af0e
fix(ntp): disable failure ignored (#2835)
Disable failure was ignored previously, this ensures it isn't.
2022-02-03 14:04:24 +11:00
James Elliott e59f571816
refactor(oidc): add client id to two factor log message (#2816)
Adds the client id to a log message where it's likely useful. Additionally adds beta stage for prompt/display handling.
2022-01-21 14:15:50 +11:00
James Elliott 06641cd15a
fix(oidc): add preferred username claim (#2801)
This adds the missing preferred username claim to the ID Token for OIDC.

Fixes #2798
2022-01-18 20:32:06 +11:00
Patrick Ruckstuhl 8507195240
docs: add annotations for nginx ingress to k8s doc (#2726) 2021-12-17 09:11:36 +11:00
Shadow f05f9cf12a
docs: add link to migrations page from faq (#2686) 2021-12-09 18:44:40 +11:00
James Elliott c1c980f107
docs: update matrix links (#2675)
This updates our matrix links to use the new Authelia homeserver.
2021-12-04 15:50:31 +11:00
James Elliott 255aaeb2ad
feat(storage): encrypt u2f key (#2664)
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00
James Elliott 104a61ecd6
refactor(web): only fetch totp conf if required (#2663)
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott f0119b5c75
docs: update fail2ban example (#2661)
Updates the fail2ban examples to align with new messages.

Fixes #2649.
2021-12-02 17:09:47 +11:00
James Elliott f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
Aram Akhavan 5b3fa1fffb
docs: consistent naming for configuration file (#2626)
* change all instances (file names and docs) of "config.template.yml" to "configuration.template.yml" so its consistent with the expectations of the Dockerfile

* Keep config.template.yml named as is

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Update index.html

* revert filename changes and add a note about docker

* refactor: apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 15:50:05 +11:00
James Elliott 8a12af97ab
refactor: remove previously deprecated options (#2629)
This removes the deprecated logging, host, port, and tls options per our deprecation policy.
2021-12-02 00:01:32 +11:00
James Elliott ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
Philipp Staiger 01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
James Elliott ee14fcf3cb
docs: fix tables (#2647) 2021-11-30 22:36:16 +11:00
James Elliott ab8f9b0697
fix(notifier): force use of sender email in smtp from cmd (#2616)
This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion.

Fixes #2571
2021-11-30 22:15:21 +11:00
James Elliott 87f3cf71c1
docs(oidc): provide beta intentions clarification and fix typo (#2632) 2021-11-25 16:11:31 +11:00
James Elliott 347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
James Elliott 3695aa8140
feat(storage): primary key for all tables and general qol refactoring (#2431)
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes #1337
2021-11-23 20:45:38 +11:00
Amir Zarrinkafsh 0be883befb
feat: customizable static assets (#2597)
* feat: customizable static assets

This change provides the means to override specific assets from the embedded Go FS with files situated on disk.

We only allow overriding the following files currently:
* favicon.ico
* logo.png

* refactor(server): make logo string a const

* refactor(suites): override favicon and use ntp3 in traefik2 suite

* test(suites): test logo override in traefik2 suite

* test(suites): test asset override fallback in traefik suite

Closes #1630.
2021-11-15 19:37:58 +11:00
Amir Zarrinkafsh 7d5a59098d
docs: add hashicorp vault oidc configuration and update minio tested version (#2592) 2021-11-11 15:36:21 +11:00
Justin Sievenpiper 04831c2433
feat(session): add support for acl-based sentinel auth against redis (#2516)
Implements the sentinel username parameter which can be different to the redis username.
2021-10-31 11:49:27 +11:00
James Elliott 183f0974ae
docs: fix tables (#2468)
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-10-08 11:32:57 +11:00
Amir Zarrinkafsh 8685e095e9
fix(web): clarify 2fa informational message (#2451) 2021-10-07 10:54:48 +11:00
Amir Zarrinkafsh 209b39ffd0
docs: fix required flag for smtp notifier sender option (#2446)
Fixes: #2445.
2021-10-04 13:44:59 +11:00
Amir Zarrinkafsh 33fe1262bd
docs: fix typo in secrets env var (#2432) 2021-10-01 13:30:56 +10:00
Amir Zarrinkafsh 3d312cf3b9
refactor: replace yarn with pnpm (#2424)
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
2021-09-29 17:24:21 +10:00
dependabot[bot] 3b2e4ad477
build(deps): bump nokogiri from 1.11.4 to 1.12.5 in /docs (#2420)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.4 to 1.12.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.4...v1.12.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-29 09:24:34 +10:00
yossbg 05406cfc7b
feat(ntp): check clock sync on startup (#2251)
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-09-17 14:44:35 +10:00
Alex Gustafsson a88c5588e8
feat: add config flag to hash-password tool (#2047)
This change implements a --config flag for the hash-password which parses the config and validates it just as it would at run-time. The values specified in the config replace those specified as parameters.

* feat(cmd): add config flag to hash-password tool
* fix(cmd): fix linting issue

Closes: #1709.
2021-09-16 10:20:42 +10:00
James Elliott f1b2b4d79e
docs(oidc): remove invalid footnote (#2354)
Removes the footnote from beta2.
2021-09-09 12:24:47 +10:00
Amir Zarrinkafsh cc765115b2
ci: add husky with pre-commit and commit-msg hooks (#2352)
* ci: add husky with pre-commit and commit-msg hooks

This change includes two new hooks as part of our GitHub workflow with husky:

* `pre-commit`: Performs linting with golangci-lint and eslint/prettier
* `commit-msg`: Ensures that the commit messages conform to our guidelines and will error and provide context to a user when they do not.

The `prepare` command which has been included is executed each time a `yarn install` is executed.

* ci: extend @commitlint/config-conventional configuration

* fix: lint all dot js files
2021-09-09 12:22:11 +10:00
Nicolas Reymundo eb07bff5d4
docs: add wekan and portainer to community oidc list (#2302) 2021-08-20 07:59:52 +10:00
Nicolas Reymundo 34ad7da213
docs: add nextcloud community tested oidc apps (#2298)
Adds additional oidc apps.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-08-19 22:17:42 +10:00
polandy 880a6c5832
docs: add gitea redirect_uri with notes to community docs (#2275)
* docs: add gitea redirect_uri with notes to community docs

* docs: remove unnecessary dash from Gitea notes

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-10 20:48:31 +10:00
James Elliott c0ebe3eb8c
fix(notifier): use sane default connection timeout (#2273) 2021-08-10 10:52:41 +10:00
James Elliott 997036f9c3
fix(configuration): make notifier logging consistent and more specific (#2268)
This ensures the notifier logs are more specific to give people a clear picture of if they either have no notifier specified or multiple.
2021-08-07 13:58:08 +10:00
James Elliott b5d0e667cc
docs(configuration): add migration note about k8s (#2266)
This adds some additional information about configuration on k8s for version 4.30+.
2021-08-07 09:55:17 +10:00
James Elliott 9ebad9bec2
fix(storage): set sane default connection timeout (#2256)
This sets a sane default connection timeout for SQL connections.
2021-08-06 15:35:14 +10:00
James Elliott b2a49e1780
feat(authentication): allow customizable ldap connection timeout (#2240)
This implements both a connection timeout for LDAP connections, and makes it configurable by administrators. The default is 5s. The reason for this commit is currently if a connection to an LDAP server cannot be established it does not timeout in a reasonable period.
2021-08-05 14:30:00 +10:00
James Elliott a3b14871ba
perf(authentication): improve ldap dynamic replacement performance (#2239)
This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements.
2021-08-05 14:17:07 +10:00
James Elliott c5c6bda8b0
refactor: configuration agnostic healthcheck (#2231)
This makes the healthcheck simple and configured directly by Authelia's configuration on startup.
2021-08-05 14:02:07 +10:00
James Elliott 171b323274
docs: enhance supported proxies documentation (#2210)
This enhances the supported proxies documentation to be more comprehensive.
2021-08-04 11:21:49 +10:00
James Elliott 1440394b60
docs: fix missing line from the lite guide (#2230)
This ensures users checkout the latest tagged release when using the lite deployment.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 20:52:13 +10:00
James Elliott a7e867a699
feat(configuration): replace viper with koanf (#2053)
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 19:55:21 +10:00
James Elliott 942fd69776
docs(logging): fix invalid key log_file (#2226)
A small fix to the documentation regarding migrating configuration.
2021-08-03 10:44:21 +10:00
James Elliott ec2fc27910
docs: fix parents (#2225) 2021-08-03 07:23:40 +10:00
James Elliott 158783a9d4
feat(configuration): replace several configuration options (#2209)
This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration.

BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0
2021-08-02 21:55:30 +10:00
James Elliott 0fbd3c3938
docs: update and unify contact options (#2213)
This updates and unifies the contact options so it is easier to maintain. All contact options now link back to one of two locations, and both of these locations are a copy and paste for the most part.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-30 14:19:17 +10:00
James Elliott 2bb7b2efec
docs: update style guidelines (#2172)
Update the style guidelines.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2021-07-30 14:17:44 +10:00
James Elliott d49f2908e0
docs(oidc): fix links (#2212) 2021-07-30 09:41:42 +10:00
Georg Lauterbach 51dcf7c02b
docs(oidc): add guidance to community docs for minio (#2191) 2021-07-20 08:23:55 +10:00
Georg Lauterbach bf2b413172
Update OIDC MinIO community content (#2188)
* update OIDC MinIO community content
2021-07-17 08:50:05 +10:00
James Elliott 8342a46ba1
feat(oidc): implement client type public (#2171)
This implements the public option for clients which allows using Authelia as an OpenID Connect Provider for cli applications and SPA's where the client secret cannot be considered secure.
2021-07-15 21:02:03 +10:00
James Elliott 0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott 76189b86b7
docs(oidc): misc docs fixes and additional references (#2185)
This fixes a few anchor issues in the OpenID Connect docs, as well as adds some additional references and fixes the name of one of the endpoints.
2021-07-15 13:04:44 +10:00
James Elliott c794d57afc
perf(authentication): improve active directory default users filter (#2181)
This adds a performance change to the default Active Directory users filter. Basically as per TechNet the (sAMAccountType=805306368) filter is the same as (&(objectCategory=person)(objectClass=user)) except the performance is better.
2021-07-14 20:30:25 +10:00
Georg Lauterbach 9d7cfb8455
docs: update and enhance oidc documentation (#2142)
Update and adjust OIDC documentation. This also adds information for users about RP's that have been tested.

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-07-14 11:36:07 +10:00
dependabot[bot] d465c38f0d
build(deps): bump addressable from 2.7.0 to 2.8.0 in /docs (#2175)
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-13 11:04:57 +10:00
James Elliott 143db66445
feat(oidc): userinfo endpoint (#2146)
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
2021-07-10 14:56:33 +10:00
Amir Zarrinkafsh 711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
James Elliott ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
James Elliott 524c6eb1dc
docs: refactor access control configuration sections (#1945)
Refactors the access-control configuration documentation to be up-to-date and conform to our style guidelines. Additionally went over each part and reworded things that needed it.
2021-06-22 16:00:45 +10:00
Amir Zarrinkafsh fc71030c18
feat(examples): improve local setup script (#2094)
The local setup script expects to be run as root and would only work on a fresh clone of the repo. Now if not run as root the user will be prompted for sudo elevation at the beginning of the script and the script will also survive re-runs on a dirty clone.
2021-06-18 10:01:09 +10:00
Alex Gustafsson 150116a172
feat(web): implement automatic theme switch for light/dark (#2046)
* Implement an automatic theme

The "auto" theme will automatically switch between "dark" and "light"
depending on user preference. This allows for automatic dark mode.

* fix(configuration): allow the "auto" theme when validating

The new theme "auto" was not allowed to be used in a configuration file.

* docs: clarify what critera controls the automatic theme

How the "auto" theme functioned was unclear.

* docs: typeset themes as code

* fix(web): apply useEffector to media query watch

* docs: add technical details

* fix(configuration): resolve merge conflicts
2021-06-17 16:42:03 +10:00
James Elliott 2c42464fc8
refactor(configuration): use key log instead of logging (#2072)
* refactor: logging config key to log

This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging).

* docs: add step to getting started to get the latest tagged commit

This is so we avoid issues with changes on master having differences that don't work on the latest docker tag.

* test: adjust tests

* docs: adjust doc strings
2021-06-08 23:15:43 +10:00
Amir Zarrinkafsh 3d42f52d4a
docs: update logos with transparent backgrounds (#2071) 2021-06-08 10:41:11 +10:00
James Elliott c555c10496
docs: add matrix space information and update readme (#2061)
* docs: add matrix space information and update readme

We recently created a Matrix Space which includes both the original room, and a new contributing room. This commit also performs some basic housekeeping on the README.md, including but not limited to: factorizing the security section, adjusting the main description, clearly outlining areas where help is wanted, adding information related to the helm chart, adding more details in the features summary, grammar, and misc other changes.

* docs: update security to be in line with the readme
2021-06-06 15:53:28 +10:00
James Elliott 6b3246a6d3
docs: refactor and update security (#1944)
Refactors the secrurity documentation to be up-to-date and conform to our style guidelines. Additionally went over each part and reworded things that needed it.
2021-06-01 14:11:33 +10:00
James Elliott cef35fadcd
feat(configuration): add error and warn log levels (#2050)
This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 14:09:50 +10:00
Frederic Hemberger 4cfda7eece
fix(docs): Update link to Lite bundle (#2048) 2021-06-01 01:17:26 +02:00
Amir Zarrinkafsh 05df642f3e
feat: add option to keep stdout logging with log_file_path (#2037)
Currently if a `log_file_path` is defined Authelia will redirect all logging from standard output to said defined location. This change allows users to keep standard output logging along with a defined `log_file_path`.
2021-05-31 14:02:54 +10:00
dependabot[bot] d945e2a9b2
build(deps): bump nokogiri from 1.11.3 to 1.11.4 in /docs (#2011)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.3 to 1.11.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.3...v1.11.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-05-20 13:27:08 +10:00
Clément Michaud 168404fbb4
doc: reword the sponsor section of readme (#1994)
Also add an explicit mention on the fact that the team is looking
for sponsorship to organize an audit of the code or a pen test.
2021-05-10 09:53:34 +10:00
Clément Michaud 0c915b933e
docs: add link for users to take quick survey on usage (#1993)
We want to gather some statistics around the usage of Authelia in
order for the team to take better design decisions and direction
regarding the roadmap.
2021-05-10 01:23:57 +10:00
Ikko Ashimine 9b1151d525
docs: fix capitalization (#1980)
This fixes the capitalization of a single instance of `Github` to `GitHub`.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2021-05-06 07:12:32 +10:00
James Elliott 952e072f1b
docs: update secrets configuration (#1978)
This updates secrets configuration for 4.29.0 and fixes an existing issue.

Fixes #1977
2021-05-05 21:23:24 +02:00
Clément Michaud e8e29831c1
docs: add oidc package in contributor guidelines (#1971) 2021-05-05 09:08:14 +10:00
James Elliott ddea31193b
feature(oidc): add support for OpenID Connect
OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.

This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.

We are still working on adding the remaining set of features before making it GA as soon as possible.

Related to #189

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-05 00:15:36 +02:00
James Elliott 706fbfdb2c
fix(session): ensure default cookie samesite value is lax (#1926)
This implements a change to the default behaviour of the cookies generated by the sessions package. The old behaviour was to set the SameSite=None, this changes it to SameSite=Lax. Additionally this puts the option in the hands of the end-user so they can decide for themselves what the best option is.
2021-04-18 10:02:04 +10:00
James Elliott cc4f47f21c
fix: removed deprecated smtp/ldap options (#1912)
This removes the deprecated options from 4.25. This includes the LDAP filters which allow {0} or {1} placeholders. The new aliases are documented. Additionally it refactors the keys validator to use uniform messages for most replaced keys.
2021-04-16 11:44:37 +10:00
Clément Michaud c9b853d736
docs: Add a page listing supported proxies. (#1907)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-04-13 10:41:49 +02:00
Clément Michaud 42cee0ed6c
docs(proxy): clarify the workflow of a client request payload. (#1838)
Fix #1836
2021-04-13 07:47:30 +10:00