goauthentik / authentik Goto Github PK
View Code? Open in Web Editor NEWThe authentication glue you need.
Home Page: https://goauthentik.io
License: Other
The authentication glue you need.
Home Page: https://goauthentik.io
License: Other
Create an Outpost in a Kubernetes cluster which is managed by passbook (updated, configured, etc). Initiall this might only support the Kubernetes cluster passbook is running in, but should in the future support external clusters too.
Dependabot couldn't authenticate with https://pypi.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
Is your feature request related to a problem? Please describe.
It's hard to navigate a non-alphabetised list when there's a lot of entries.
Describe the solution you'd like
Alphabetise the list.
Describe alternatives you've considered
Paying attention while I scroll through the list like a scrub.
Is your feature request related to a problem? Please describe.
Just as the title says, can we get analytics as an opt-in feature instead of being enabled by default ?
This is common for big open-source projects or for the becoming ones.
Flows depict which Factors are used in which order to Authenticate/Enrol/Recover the user account.
Sentry Issue: PASSBOOK-4W
KeyError: 'Provider Type github (type redirect) not found.'
(1 additional frame(s) were not displayed)
...
File "django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "passbook/sources/oauth/views/dispatcher.py", line 24, in dispatch
view = MANAGER.find(source, kind=RequestKind(self.kind))
File "passbook/sources/oauth/types/manager.py", line 57, in find
raise KeyError(
Is your feature request related to a problem? Please describe.
no
Describe the solution you'd like
Provides docs to intergrate Authentik with traefik behind non oauth/saml services.
Describe alternatives you've considered
The only doc I can find is Nginx, traefik is not avaiable
Additional context
See here for refference. Authelia is an example for this.
Describe the bug
When clicking the large passbook text in header (top, left) nothing happens, despite it appearing to be clickable.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect this to either be unclickable or take me to the home page.
Screenshots
N/A.
Logs
N/A.
Version and Deployment (please complete the following information):
Additional context
N/A.
Describe the bug
OAuth2 provider redirect URI is case sensitive.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Would expect redirect URI to not be case-sensitive.
Screenshots
N/A.
Logs
N/A.
Version and Deployment (please complete the following information):
Additional context
N/A.
Dependabot couldn't authenticate with https://pypi.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
It would be great if the cards in the overview (e.g. policies, users, etc.) would navigate to the relevant view (i.e. policies -> /administration/policies/
) when clicked.
Describe alternatives you've considered
None.
Additional context
N/A.
Make it possible to translate Authentik in other languages. Maybe I can help with the dutch language.
Is your feature request related to a problem? Please describe.
Setting a custom redirect URI scheme in the provider's settings throws a DisallowedRedirect exception during authentication with the following message:
"Unsafe redirect to URL with protocol 'com.example.app'"
Describe the solution you'd like
Support Private-Use URI Scheme Redirection that is commonly used by mobile apps.
Describe alternatives you've considered
I haven't, any suggestions?
Is your feature request related to a problem? Please describe.
My current OpenLDAP setup use the groupOfNames class as a group which contains a member attributes with a list of dn referencing users.
In that case, user don't have an attribute referencing groups.
Describe the solution you'd like
It would be nice to have an option to switch between user reference to group reference. The membership field will reference either a user attribute or a group attribute.
Describe alternatives you've considered
Changing my LDAP setup or removing it.
Additional context
This probably add some complexity in the sync process.
On everything but the first Stage, autofocus is not respected.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
A refresh button for tables would be nice. For example to refresh the status of outposts, sources, etc.
Describe alternatives you've considered
Hitting F5 like a pleb.
Additional context
N/A.
Describe the bug
In the edit page of a proxy provider, the HTTP-Basic password is shown in plaintext.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
This should be obfuscated.
Screenshots
N/A.
Logs
N/A.
Version and Deployment (please complete the following information):
Additional context
N/A.
Sentry Issue: PASSBOOK-4Z
ValueError: Cannot query "AnonymousUser": Must be "Group" instance.
(20 additional frame(s) were not displayed)
...
File "django/db/models/sql/query.py", line 1354, in add_q
clause, _ = self._add_q(q_object, self.used_aliases)
File "django/db/models/sql/query.py", line 1381, in _add_q
child_clause, needed_inner = self.build_filter(
File "django/db/models/sql/query.py", line 1288, in build_filter
self.check_related_objects(join_info.final_field, value, join_info.opts)
File "django/db/models/sql/query.py", line 1123, in check_related_objects
self.check_query_object_type(value, opts, field)
File "django/db/models/sql/query.py", line 1104, in check_query_object_type
raise ValueError(
Describe the bug
In OpenLDAP the distinguished name attribute is not distinguishedName
but dn
. The consequences are that empty groups and users are imported.
To Reproduce
Sync with an OpenLDAP.
Expected behavior
Automatically find the good attribute or throw an error.
Screenshots
Logs
worker_1 | {"app": "authentik", "app_environment": "customer", "event": "To merge new User with existing user, set the User's Attribute 'ldap_uniq' to '95060448-a628-103a-9b54-9f0becc82f14'", "level": "warning", "logger": "authentik.sources.ldap.sync", "pid": 18, "timestamp": 1612431775.4070318}
worker_1 | {"app": "authentik", "app_environment": "customer", "event": "Failed to create user", "exc": "IntegrityError('duplicate key value violates unique constraint \"authentik_core_user_username_key\"\\nDETAIL: Key (username)=() already exists.\\n')", "level": "warning", "logger": "authentik.sources.ldap.sync", "pid": 18, "timestamp": 1612431775.4130397}
Version and Deployment (please complete the following information):
Additional context
Is your feature request related to a problem? Please describe.
I'm unable to scan a QR code with my desktop TOTP app, but I can enter a code.
Describe the solution you'd like
After clicking "Enable Time-Based OTP", I would like the raw code to be shown as well as QR code.
Describe alternatives you've considered
None.
Additional context
None.
Add support for Unraid so it can be installed easily. As an interim, support to install with Docker Hub/docker create.
Describe the bug
This is not really a but but more of a documentation detail request.
When following along with the nextcloud integration I ran into an issue where authentik reported an error because a request was made from http -> https. The documentation makes note about requiring ssl to be configured in the nextcloud deployment. While this ended up being a hint that pointed me in the right direction it was challenging to find the solution.
In the official apache based nextcloud docker image from docker hub it has a section about using it behind a reverse proxy. The key to overcome the issue mentioned from http -> https was making use of the OVERWRITEPROTOCOL
environment variable on the nextcloud:stable-apache
image and setting it to https
. From there I was able to successfully integrate nextcloud.
Version and Deployment (please complete the following information):
Additional context
Is there a place where pull requests can be made for the project documentation? On initial glance the source for the docs didn't appear to be in this repo.
Describe the bug
The outpost version column shows only a green tick when unknown. Perhaps this could just show "Unknown".
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I'm not sure exactly how this should show, perhaps as suggested above? Not fussed, it just isn't great in its current state.
As a stretch, it would also be good if it showed the actual version when it is known, rather than simply a tick.
Logs
N/A.
Version and Deployment (please complete the following information):
Additional context
N/A.
After upgrading to V. 2021.4.4 a persistent alert message appears stating "A newer version of the frontend is available". Clicking the reload button causes a 404 error.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
The possibility to integrate Tautulli with passbook would be great, whether this is just a matter of documenting it or adding support in passbook.
Describe alternatives you've considered
Logging in manually with a local account like a pleb ๐
Additional context
N/A.
AUTHENTIK_AUTHENTIK__BRANDING__TITLE does not modify site title after rebuild.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
It's be great if there were a backup/restore function in passbook. For instance a section of the web interface which can generate a ZIP of the configuration to be downloaded. Support for uploading backups for restore would also be useful.
The sort of functionality I have in mind is already present in Sonarr/Radarr/Lidarr, so perhaps it could be modelled on that?
As a stretch, scheduled backups would also be great, ร la Sonarr/Radarr/Lidarr.
Describe alternatives you've considered
Backing up the volume like a pleb.
Additional context
N/A.
Describe the bug
A clear and concise description of what the bug is.
When following the instructions for the kubernetes deployment via helm chart against my k3s homelab I've run into a few issues. The first is that the helm install authentik/authentik --devel -f values.yaml
command failed for me without the addition of --generate-name
at the end.
The second issue I ran into was that the helm chart seems to assume that prometheus is installed. It failed for me with the following error Error: unable to build kubernetes objects from release manifest: [unable to recognize "": no matches for kind "PrometheusRule" in version "monitoring.coreos.com/v1", unable to recognize "": no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"]
.
I was able to overcome the no matches for kind "PrometheusRule"
error by installing prometheus via the following helm commands:
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-prom-release bitnami/prometheus-operator
Additionally I'm seeing the following warning on both of my static and web pods error while running "VolumeBinding" prebind plugin for pod "authentik-1618536529-static-7bbb74bcd7-fs754": Failed to bind volumes: timed out waiting for the condition
. I'm hoping this is just related to my cluster and will try restarting the pods to see if that gets things going.
To Reproduce
Steps to reproduce the behavior:
I followed the steps as they're written in https://goauthentik.io/docs/installation/kubernetes
Expected behavior
A clear and concise description of what you expected to happen.
I'd like to see these details either handled by the helm chart if that's appropriate, or documented as requirements.
Logs
Output of docker-compose logs or kubectl logs respectively
Logs were mentioned in the section at the top.
Version and Deployment (please complete the following information):
Additional context
Other than this I just wanted to mention how excited I am about this project. I believe this project fills a major whole in the selfhosted community. Keep up the awesome work and looking forward to how the project develops!
Is your feature request related to a problem? Please describe.
High memory usage
Describe the solution you'd like
Add the special __slots__
class variable to all or most classes.
Describe alternatives you've considered
Using an alternative Python interpreter such as PyPy can also reduce memory usage as PyPy does some optimisations like this already. However, PyPy lacks some features of CPython (especially the C API).
Additional context
If you're not familiar with __slots__
, see here.
I'm working on a PR already, but I thought I'd create an issue first to track progress.
I just installed this but when I want to do the initial setup I get
API request failed
GET /api/v2beta/flows/executor/initial-setup/?query=: 500
Health checks in Traefik are up.
I did notice this in the logs alog with a lot of other errors:
2021/04/18 11:16:22 [error] 32#32: *7 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.90.254, server: _, request: "GET /favicon.ico HTTP/1.1", host: "authentik.mydomain.com", referrer: "https://authentik.mydomain.com/"
{"timestamp":"18/Apr/2021:11:16:22 +0000","host":"192.168.90.254","request_username":"","event":"GET /favicon.ico HTTP/1.1","status": "404","size":"186","runtime":"0.000","logger":"nginx","request_useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.39"}
my config=
authentik-server:
image: beryju/authentik
restart: unless-stopped
container_name: authentik-server
command: server
environment:
AUTHENTIK_REDIS__HOST: authentik-redis
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# WORKERS: 2
volumes:
- $DOCKERDIR/authentik/server/media:/media
- $DOCKERDIR/authentik/server/custom-templates:/templates
# - geoip:/geoip
networks:
- t2_proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=Host(`authentik.mydomain.com`) && PathPrefix(`/`)"
# - "traefik.http.routers.authentik.middlewares=chain-authelia@file"
- "traefik.http.routers.authentik.service=authentik-service"
- "traefik.http.routers.authentik.tls=true"
- "traefik.http.services.authentik-service.loadbalancer.healthcheck.path=/-/health/live/"
- "traefik.http.services.authentik-service.loadbalancer.server.port=8000"
# traefik.docker.network: internal
# traefik.http.routers.app-router.rule: PathPrefix(`/`)
# traefik.http.routers.app-router.service: app-service
# traefik.http.routers.app-router.tls: 'true'
# traefik.http.services.app-service.loadbalancer.healthcheck.path: /-/health/live/
# traefik.http.services.app-service.loadbalancer.server.port: '8000'
env_file:
- .env
authentik-worker:
image: beryju/authentik
restart: unless-stopped
container_name: authentik-worker
command: worker
networks:
- t2_proxy
environment:
AUTHENTIK_REDIS__HOST: authentik-redis
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
volumes:
- $DOCKERDIR/authentik/worker/backups:/backups
- /var/run/docker.sock:/var/run/docker.sock
- $DOCKERDIR/authentik/worker/custom-templates:/templates
# - geoip:/geoip
env_file:
- .env
authentik-static:
image: beryju/authentik-static
restart: unless-stopped
container_name: authentik-static
networks:
- t2_proxy
labels:
- "traefik.enable=true"
# - "traefik.docker.network=t2_proxy"
# - "traefik.http.routers.authentik-static.middlewares=chain-authelia@file"
- "traefik.http.routers.authentik-static.rule=Host(`authentik.mydomain.com`) && PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`)"
- "traefik.http.routers.authentik-static.tls=true"
- "traefik.http.routers.authentik-static.service=static-service"
- "traefik.http.services.static-service.loadbalancer.healthcheck.path=/"
- "traefik.http.services.static-service.loadbalancer.healthcheck.interval=30s"
- "traefik.http.services.static-service.loadbalancer.server.port=80"
volumes:
- $DOCKERDIR/authentik/static/media:/usr/share/nginx/html/media
Currently, on enrollment via a Source, a decision is made whether to create a new user or authenticate an existing user.
This decision is made using the following criteria:
The goal is for the admin to be able to configure if and on which criteria a user is created or merged, and if the enduser has a choice.
If the enduser can select between merging and creating a new account, they will have to authenticate their existing account in some form.
Is your feature request related to a problem? Please describe.
Yes, but it isn't passbook's fault.
The icon URL for my vCenter application in passbook points to the favicon of my vCenter, which means the icon doesn't load if the browser doesn't trust vCenter's certificate.
My suggestion would fix this and similar issues, such as icon URLs pointing at external locations not working when the client has local network access but no internet access.
Describe the solution you'd like
I'd like to be able to upload an icon for applications.
I don't want to be able to upload an icon and provide an icon URL, I just want to have the ability to choose between the two.
Describe alternatives you've considered
N/A.
Additional context
N/A.
Add Plex as Login provider,
see: https://github.com/Dmbob/plex-oauth/tree/master/src and https://github.com/Tautulli/Tautulli
Describe the bug
When changing the password, the error "Pending user has no backend is shown".
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No deny page must be presented.
Logs
Version and Deployment (please complete the following information):
Additional context
Maybe additional documentation is required.
Sentry Issue: PASSBOOK-57
KeyError: 'passbook.core.tasks.clean_tokens'
File "celery/worker/consumer/consumer.py", line 562, in on_task_received
strategy = strategies[type_]
Received unregistered task of type KeyError('passbook.core.tasks.clean_tokens').
The message has been ignored and discarded.
Did you remember to import the module containing this task?
Or maybe you're using relative imports?
Please see
http://docs.celeryq.org/en/latest/internals/protocol.html
for more information.
The full contents of the message body was:
b'[[], {}, {"callbacks": null, "errbacks": null, "chain": null, "chord": null}]' (77b)
Describe the bug
I set up a fresh instance of authentik. After setting up traefik, I wanted to hide the traefik dashboard behind an outpost.
However, when I try to deploy the output to my Docker swarm, it crashes on startup with the following error
time="2021-04-19T16:09:26Z" level=panic msg="Failed to fetch configuration" error="response status code does not match any response statuses defined for this endpoint in the swagger spec (status 401): {}" logger=authentik.outpost.ak-api-controller,
panic: (*logrus.Entry) 0xc00010a460,
,
goroutine 1 [running]:,
github.com/sirupsen/logrus.(*Entry).log(0xc00010a3f0, 0x0, 0xc0003998a0, 0x1d),
/go/pkg/mod/github.com/sirupsen/[email protected]/entry.go:259 +0x2e5,
github.com/sirupsen/logrus.(*Entry).Log(0xc00010a3f0, 0xc000000000, 0xc00041fc28, 0x1, 0x1),
/go/pkg/mod/github.com/sirupsen/[email protected]/entry.go:293 +0x86,
github.com/sirupsen/logrus.(*Entry).Panic(...),
/go/pkg/mod/github.com/sirupsen/[email protected]/entry.go:331,
goauthentik.io/outpost/pkg/ak.NewAPIController(0xc00004400f, 0x5, 0x0, 0x0, 0x0, 0xc000044017, 0x11, 0xc000044028, 0x1, 0x0, ...),
/work/pkg/ak/api.go:59 +0x4ae,
main.main(),
/work/cmd/proxy/server.go:48 +0x2b8,
Version and Deployment (please complete the following information):
docker-stack.yml
services:
# ...
traefikOutpost:
image: beryju/authentik-proxy
ports:
- 4180:4180
- 4443:4443
environment:
AUTHENTIK_HOST: https://sso.mydomain.com/
AUTHENTIK_INSECURE: "false" # Let's Encrypt certificate provided
AUTHENTIK_TOKEN: "TOKEN"
LOG_LEVEL: debug
deploy:
placement:
constraints:
- node.labels.hostname == mydomain.com
labels:
- traefik.enable=true
- traefik.http.routers.traefikOutpost.rule=Host(`traefik.mydomain.com`)
- traefik.http.routers.traefikOutpost.service.loadbalancer.server.port=4180
Describe the bug
User names are case sensitive upon login.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect usernames to not be case sensitive.
Screenshots
N/A.
Logs
N/A.
Version and Deployment (please complete the following information):
Additional context
N/A.
Sentry Issue: PASSBOOK-4E
UniqueViolation: duplicate key value violates unique constraint "passbook_core_user_username_key"
DETAIL: Key (username)=(pbadmin) already exists.
File "django/db/backends/utils.py", line 86, in _execute
return self.cursor.execute(sql, params)
IntegrityError: duplicate key value violates unique constraint "passbook_core_user_username_key"
DETAIL: Key (username)=(pbadmin) already exists.
(23 additional frame(s) were not displayed)
...
File "django/db/backends/utils.py", line 68, in execute
return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
File "django/db/backends/utils.py", line 77, in _execute_with_wrappers
return executor(sql, params, many, context)
File "django/db/backends/utils.py", line 86, in _execute
return self.cursor.execute(sql, params)
File "django/db/utils.py", line 90, in __exit__
raise dj_exc_value.with_traceback(traceback) from exc_value
File "django/db/backends/utils.py", line 86, in _execute
return self.cursor.execute(sql, params)
Describe the bug
Creating a new property mapping shows an empty modal dialog
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Some way to actually define the property mapping
Logs
Nothing is logged starting from reproduction step 2 and forward
Version and Deployment (please complete the following information):
Additional context
I followed the installation guide to the letter. Even a clean install didn't resolve it.
Describe the bug
When deploying Authentic via Helm onto a Kubernetes cluster the authentic-web deployment fails to provision as it cannot connect to the Postgresql server. When reviewing the logs, it appears it's attempting to use an incorrect password.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Authentik to deploy.
Screenshots
If applicable, add screenshots to help explain your problem.
Logs
2021-04-16 20:51:40.437 GMT [1347] FATAL: password authentication failed for user "postgres"
2021-04-16 20:51:40.437 GMT [1347] DETAIL: Password does not match for user "postgres".
Connection matched pg_hba.conf line 1: "host all all 0.0.0.0/0 md5"
Version and Deployment (please complete the following information):
Helm Chart Version: authentik:2021.4.1
Additional context
Add any other context about the problem here.
Currently, enabling re_evaluate_policies
on a StageBinding does nothing.
Is your feature request related to a problem? Please describe.
An issue that I encountered using ldap, is that every attribute may change : uid (username), sn (last name), cn (full name), mail... In order to keep some stability, it might be useful to use the entryUUID as uniqueness field but operational attributes are not available.
Describe the solution you'd like
attributes=ldap3.ALL_ATTRIBUTES
replaced by
attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES]
Describe alternatives you've considered
Not using the entryUUID.
Additional context
I'm using OpenLDAP.
I can make a pull request if necessary.
Describe the bug
The oauth2/oidc provider endpoint /application/o/token/
seems not to provide an Access-Control-Allow-Origin
header.
The commit f328b21e897590ae09f5b0487341feb63ac68e5a didn't change any significantly concerning the header - it should have worked already in previous versions but it didn't so I assume the line response["Access-Control-Allow-Origin"] = origin
seems not to have any effect on the actual response header.
To Reproduce
Steps to reproduce the behavior:
/application/o/token/
-> No 'Access-Control-Allow-Origin' header is present on the requested resource.
Expected behavior
Access-Control-Allow-Origin
header should be available in the response so applications from other domains then the authentik's one can be authenticated
Screenshots
/application/o/token
header missing -> not working
Logs
server_1 | {"event": "/api/v2beta/flows/executor/default-provider-authorization-implicit-consent/?query=client_id%3Dclient-id-removed%26redirect_uri%3Dhttps%253A%252F%252Furl-removed%252Fauthentication%252Flogin-callback%26response_type%3Dcode%26scope%3Dopenid%2Bprofile%2Bopenid%2Bemail%2Bprofile%26state%3Db5d9516b8ec54bbfaa8d42d80f74c356%26code_challenge%3DfgLh0GJUdj_rzt-b61g0-JfwNNKhwoPwy5JdsvIPCdI%26code_challenge_method%3DS256%26response_mode%3Dquery", "host": "172.20.0.16", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 33, "request_id": "194a5b0fb72847d1889eedc2325d6d42", "runtime": 164, "scheme": "http", "size": 1.787, "status": 200, "timestamp": "2021-04-22T20:50:11.905080"}
server_1 | {"event": "/application/o/application-name-changed/.well-known/openid-configuration", "host": "172.20.0.16", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 33, "request_id": "e5cb6bf5b2784151aa4113df2ddb8ea5", "runtime": 1259, "scheme": "http", "size": 0.056, "status": 200, "timestamp": "2021-04-22T20:50:13.813167"}
server_1 | {"event": "/application/o/token/", "host": "172.20.0.16", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 33, "request_id": "50472bef52de4190833b38c5395673e4", "runtime": 2489, "scheme": "http", "size": 1.544, "status": 200, "timestamp": "2021-04-22T20:50:15.399354"}
The log doesn't show any problems with the origin as I would expect if there were any.
Version and Deployment (please complete the following information):
Sentry Issue: AUTHENTIK-CJ
ValueError: None is not instance of PolicyBindingModel
(10 additional frame(s) were not displayed)
...
File "django/views/generic/base.py", line 98, in dispatch
return handler(request, *args, **kwargs)
File "/authentik/sources/oauth/views/callback.py", line 100, in get
return self.handle_enroll(self.source, connection, info)
File "/authentik/sources/oauth/views/callback.py", line 237, in handle_enroll
plan = planner.plan(self.request, context)
File "/authentik/flows/planner.py", line 125, in plan
engine = PolicyEngine(self.flow, user, request)
File "/authentik/policies/engine.py", line 71, in __init__
raise ValueError(f"{pbm} is not instance of PolicyBindingModel")
Documentation for stages can mostly be updated form Factors. Docs for stages needs to be done from scratch
Is your feature request related to a problem? Please describe.
LDAP is tricky to set up, and I'd rather my single source of truth be something like this,
Describe the solution you'd like
Embed a glauth configuration generator in authentik, similar to how glauth-ui works. Include glauth examples in the docker compose files.
Describe alternatives you've considered
This is more an ease of use thing, there are definitely alternative solutions but they don't let you mention "LDAP server" in your list of features.
Would be great for the community if we had ARM builds (both 32 and 64bit)
Is your feature request related to a problem? Please describe.
With no way to search, it can take longer than necessary to find users, groups, property mappings, and anything else with multi-page lists.
Describe the solution you'd like
A search field for users, groups, property mappings, flows, stages, and any other list which is likely to exceed a single page.
Describe alternatives you've considered
Paging through the list and searching with my eyes like a pleb.
Additional context
N/A.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.