Commit Graph

20 Commits (f79db588be089909e8b430a928213eb104ae2972)

Author SHA1 Message Date
James Elliott f79db588be
feat(authentication): ldap memberof group search (#5418)
Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.

Closes #2161

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-06-18 14:40:38 +10:00
James Elliott 4577fce95b
refactor: path from address (#5492)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-30 18:21:19 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott 6c472d8627
refactor(configuration): umask from query (#5416)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-09 21:25:56 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott 8319778b5d
docs: adjust key generators (#4825) 2023-01-26 11:24:06 +11:00
James Elliott 65705a646d
feat(server): customizable authz endpoints (#4296)
This allows users to customize the authz endpoints.

Closes #2753, Fixes #3716

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
James Elliott a566c16d08
feat(web): privacy policy url (#4625)
This allows users to customize a privacy policy URL at the bottom of the login view.

Closes #2639
2023-01-22 19:58:07 +11:00
Manuel Nuñez 8b29cf7ee8
feat(session): multiple session cookie domains (#3754)
This adds support to configure multiple session cookie domains.

Closes #1198

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
James Elliott 6b2f713e10
fix(configuration): certificate_chains can't be defined as secrets (#4302)
This fixes an issue where certificate_chain values can't be defined as secrets. While not expressly needed for certificates, it's more convenient and less prone to error than defining a environment variable with the contents.
2022-10-31 11:52:14 +11:00
James Elliott 69c4c02d03
feat(storage): tls connection support (#4233)
This adds support to PostgreSQL and MySQL to connect via TLS via the standard TLS configuration options.
2022-10-22 19:27:59 +11:00
James Elliott 9532823a99
feat(configuration): mtls clients (#4221)
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.

Closes #4044
2022-10-21 19:41:33 +11:00
James Elliott a0b2e78e5d
feat(authentication): file case-insensitive and email search (#4194)
This allows both case-insensitive and email searching for the file auth provider.

Closes #3383
2022-10-18 11:57:08 +11:00
James Elliott 84cb457cb0
feat(authentication): file provider hot reload (#4188)
This adds hot reloading to the file auth provider.
2022-10-17 22:31:23 +11:00
James Elliott 3a70f6739b
feat(authentication): file password algorithms (#3848)
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
James Elliott 3f39914c8f
refactor: private key decoding and generators (#4116) 2022-10-03 11:52:29 +11:00
James Elliott 66ea374227
feat(authentication): permit feature detection failures (#4061)
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
2022-10-02 07:44:18 +11:00
James Elliott 9c72bc8977
ci: gen github tmpl locales and commitlint (#3759)
This adds several automatic generators for Authelia docs etc.
2022-09-16 14:21:05 +10:00