| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This adjusts the passkey logins to have a wholly unique metric.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds several new features to the regulation functionality including IP banning and the ability to unban users.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This implements optional LDAP connection pooling to optimize the speed of LDAP transactions.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Add support for passkeys, granular attachment modality, granular authenticator selection, and authenticator filtering which is commonly used in an enterprise environment. This also adds metadata verification elements utilizing the MDS3 to the project, including saving attestation statements, verification of attestation statements, etc. This also makes a significant change to the authentication level logic to purely use RFC8176 authentication method references to ensure the future-proof nature of the implementation. This change paves the way for the future of Authelia ensuring we can add custom policies in the future to allow administrators to very deliberately decide what authentication methods are sufficient for a given resource as well as the ability to clearly communicate these authentication methods to third parties via OpenID Connect 1.0 and SAML 2.0. It should be noted that at the time of this commit Passkey authentication is considered a single factor and we will at a later stage add the customizable policies described here to handle other use cases, though we've included a flag that considers properly implemented passkeys as if they were MFA.
Closes #2827, Closes #2761
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds RFC7516 JSON Web Encryption (JWE) support and the relevant machinery within OAuth 2.0 and OpenID Connect 1.0. Support is available for egress JWT's (such as egress ID Tokens, JWT Profile Access Tokens, Introspection Responses, etc) and for ingress JWT's (such as client assertions, token hints, etc).
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This facilitates adding additional attributes to the Authelia authentication backends as well as custom attributes based on the Common Expression Language. This will be utilized in the future to facilitate additional features.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This includes a file parameter for the authelia crypto rand command which allows exporting unique random values to multiple files.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds the missing glob, walk, fromYaml, toYaml, toYamlPretty, and toYamlCustom functions; as well as several time based functions similar to the helm function equivalents.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
* docs: fix missing link
* docs: fix misspelled docker-compose
---------
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
To not leave lingering containers, it's best to pass `--rm` to the container when generating passwords.
Signed-off-by: Bram <git@ceulemans.dev>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
* Remove docker containers after generating secrets
Signed-off-by: Mad Scientist <67949699+madscientist16@users.noreply.github.com>
* Add --rm argument to some other docker commands
Signed-off-by: Mad Scientist <67949699+madscientist16@users.noreply.github.com>
---------
Signed-off-by: Mad Scientist <67949699+madscientist16@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Uses callouts instead of markdown formatting.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
|
Remove a curly brace that breaks a command
Signed-off-by: Glich440 <76230780+Glich440@users.noreply.github.com>
|
|
Signed-off-by: showipintbri <40892800+showipintbri@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
After changes to the metrics endpoint in v4.38, the current Grafana dashboard example stopped working (reported in #7003). To address this, I created a new dashboard designed to monitor the Authelia endpoints across multiple instances. Grafana can also be configured to send alerts if certain request thresholds are reached. I tried to make this dashboard as future-proof as possible by minimizing overrides and using only basic Grafana features. A few people have tested the dashboard over the past few months, and I’ve incorporated their feedback.
Signed-off-by: Hendrik Sievers <89412959+hendrik1120@users.noreply.github.com>
|
|
Signed-off-by: cuiweiyuan <cuiweiyuan@aliyun.com.>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds ADR1.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
`fitlers` should be `filters`
Signed-off-by: John Nicholls <github-john@intobikes.co.uk>
|
|
The hash-password command was removed due to a number of issues related to the original implementation which lead to quite a lot of confusion, however we should have introduced a help topic to help users finding the correct command which was not done.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This fixes an issue where the build-info command is too verbose.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds some fairly helpful template information for secrets.
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
* docs: fix meta
* docs: fix generators
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
---------
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Update the look of the documentation.
|
