mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
Revert "website: Fix broken schema links, non-relative paths, unapplied redirect aliases" (#16902)
Revert "website: Fix broken schema links, non-relative paths, unapplied redir…"
This reverts commit 0e56195c82.
This commit is contained in:
Tana M Berry
@@ -56,5 +56,5 @@ Deployment is handled by a combination of [Netlify](https://www.netlify.com/) an
|
||||
## Additional Resources
|
||||
|
||||
- [Documentation Setup](https://docs.goauthentik.io/developer-docs/setup/website-dev-environment?utm_source=github)
|
||||
- [Writing Documentation](https://docs.goauthentik.io/developer-docs/writing-documentation?utm_source=github)
|
||||
- [Style Guide](https://docs.goauthentik.io/developer-docs/style-guide?utm_source=github)
|
||||
- [Writing Documentation](https://docs.goauthentik.io/developer-docs/docs/writing-documentation?utm_source=github)
|
||||
- [Style Guide](https://docs.goauthentik.io/developer-docs/docs/style-guide?utm_source=github)
|
||||
|
||||
@@ -4,7 +4,7 @@ sidebar_label: Golang
|
||||
description: A Golang client for the authentik API.
|
||||
---
|
||||
|
||||
The [Go API client](https://pkg.go.dev/goauthentik.io/api/v3) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the <a href="/schema.yml" download="schema.yml">OpenAPI v3 schema</a>.
|
||||
The [Go API client](https://pkg.go.dev/goauthentik.io/api/v3) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the [OpenAPI v3 schema](https://docs.goauthentik.io/schema.yml).
|
||||
|
||||
```shell
|
||||
go get goauthentik.io/api/v3
|
||||
|
||||
@@ -4,7 +4,7 @@ sidebar_label: Node.js
|
||||
description: A TypeScript client for the authentik API.
|
||||
---
|
||||
|
||||
The [Node.js API client](https://www.npmjs.com/package/@goauthentik/api) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the <a href="/schema.yml" download="schema.yml">OpenAPI v3 schema</a>.
|
||||
The [Node.js API client](https://www.npmjs.com/package/@goauthentik/api) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the [OpenAPI v3 schema](https://docs.goauthentik.io/schema.yml).
|
||||
|
||||
```shell
|
||||
npm install @goauthentik/api
|
||||
|
||||
@@ -4,7 +4,7 @@ sidebar_label: Python
|
||||
description: A Python client for the authentik API.
|
||||
---
|
||||
|
||||
The [Python API client](https://pypi.org/project/authentik-client/) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the <a href="/schema.yml" download="schema.yml">OpenAPI v3 schema</a>.
|
||||
The [Python API client](https://pypi.org/project/authentik-client/) is generated using the [OpenAPI Generator](https://openapi-generator.tech/) and the [OpenAPI v3 schema](https://docs.goauthentik.io/schema.yml).
|
||||
|
||||
```shell
|
||||
pip install authentik-client
|
||||
|
||||
@@ -57,7 +57,7 @@ await Promise.all(
|
||||
* Documentation site configuration for Docusaurus.
|
||||
*/
|
||||
export default createDocusaurusConfig({
|
||||
url: releaseEnvironment.apiReferenceOrigin,
|
||||
url: "https://api.goauthentik.io",
|
||||
|
||||
staticDirectories: [
|
||||
// ---
|
||||
@@ -102,8 +102,8 @@ export default createDocusaurusConfig({
|
||||
|
||||
beforeDefaultRemarkPlugins: [
|
||||
remarkLinkRewrite([
|
||||
["/integrations", releaseEnvironment.integrationsOrigin],
|
||||
["/docs", releaseEnvironment.currentReleaseOrigin],
|
||||
["/integrations/", "https://integrations.goauthentik.io/"],
|
||||
["/docs/", "https://docs.goauthentik.io/docs/"],
|
||||
]),
|
||||
],
|
||||
},
|
||||
|
||||
@@ -3,7 +3,7 @@ title: API Overview
|
||||
sidebar_label: Overview
|
||||
---
|
||||
|
||||
Our API reference documentation is generated from the <a href="/schema.yml" download="schema.yml">OpenAPI v3 schema</a>.
|
||||
Our API reference documentation is generated from the [OpenAPI v3 schema](https://docs.goauthentik.io/schema.yml).
|
||||
|
||||
You can also access your installation's own, instance-specific API Browser. Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at <code>https://<em>authentik.company</em>/api/v3/</code>.
|
||||
|
||||
|
||||
@@ -5,9 +5,6 @@
|
||||
# Note: The order of the rules defines the priority of the redirect.
|
||||
# i.e. The first rule that matches the URL will take precedence.
|
||||
|
||||
#region OpenAPI
|
||||
/schema.yaml /schema.yml 301!
|
||||
#endregion
|
||||
|
||||
#region api prefix
|
||||
/api/* /:splat 301!
|
||||
|
||||
@@ -5,7 +5,7 @@ title: Default
|
||||
This is the default, web-based environment that flows are executed in. All stages are compatible with this environment and no limitations are imposed.
|
||||
|
||||
:::info
|
||||
All flow executors use the same [API](/api/flow-executor), which allows for the implementation of custom flow executors.
|
||||
All flow executors use the same [API](/api/docs/flow-executor), which allows for the implementation of custom flow executors.
|
||||
:::
|
||||
|
||||
## Layouts
|
||||
|
||||
@@ -16,7 +16,7 @@ Events in authentik that are tracked via SSF include when an MFA device is added
|
||||
|
||||
## Example use cases
|
||||
|
||||
One important use case for SFF is to [integrate Apple Business Manager](/integrations/device-management/apple/) or any of the Apple device management platforms with authentik, so that users can enroll their Apple devices using their authentik credentials. When a user signs in with their email address, Apple redirects them to authentik for authentication. Once authenticated, Apple enrolls the user's device and grants access to Apple services.
|
||||
One important use case for SFF is to [integrate Apple Business Manager](https://integrations.goauthentik.io/device-management/apple/) or any of the Apple device management platforms with authentik, so that users can enroll their Apple devices using their authentik credentials. When a user signs in with their email address, Apple redirects them to authentik for authentication. Once authenticated, Apple enrolls the user's device and grants access to Apple services.
|
||||
|
||||
Another use case for SSF is when an Admin wants to know if a user logs out of authentik, so that the user is then also automatically logged out of all other work-focused applications.
|
||||
|
||||
|
||||
@@ -125,7 +125,7 @@ This is documented in the [developer docs](./setup/frontend-dev-environment.md).
|
||||
|
||||
Contributions to the technical documentation are greatly appreciated. Open a PR if you have improvements to make or new content to add. If you have questions or suggestions about the documentation, open an Issue. No contribution is too small.
|
||||
|
||||
Please be sure to refer to our [Style Guide](../developer-docs/style-guide.mdx) for the docs, and use a [template](./templates/index.md) to make it easier for you. The style guidelines are also used for any Integrations documentation, and we have a template for Integrations as well, in our [Github repo](https://github.com/goauthentik/authentik) at `/website/integrations/template/service.md`.
|
||||
Please be sure to refer to our [Style Guide](../developer-docs/docs/style-guide.mdx) for the docs, and use a [template](./docs/templates/index.md) to make it easier for you. The style guidelines are also used for any Integrations documentation, and we have a template for Integrations as well, in our [Github repo](https://github.com/goauthentik/authentik) at `/website/integrations/template/service.md`.
|
||||
|
||||
### Pull requests
|
||||
|
||||
@@ -175,7 +175,7 @@ authentik runs on Python 3.13 at the time of writing this.
|
||||
|
||||
### Documentation Style Guide
|
||||
|
||||
Refer to the full [Style Guide](../developer-docs/style-guide.mdx) for details, but here are some important highlights:
|
||||
Refer to the full [Style Guide](../developer-docs/docs/style-guide.mdx) for details, but here are some important highlights:
|
||||
|
||||
- Our product name is authentik, with a lower-case "a" and a "k" on the end. Our company name is Authentik Security.
|
||||
|
||||
|
||||
@@ -343,8 +343,8 @@ When documenting errors, follow this structure:
|
||||
- **Heading hierarchy**: Use headings in order (H1 → H2 → H3) to support screen readers.
|
||||
- **Color usage**: Avoid using color as the sole method of conveying information (e.g., "Click the red button"). Instead, use descriptive labels to ensure accessibility.
|
||||
- **Descriptive link text**: Provide descriptive link text. Avoid using generic terms like "Click here". Be specific about where the link will take the user.
|
||||
- **DON'T:** `Click [here](/authentication-settings) for more details.`
|
||||
- **DO:** `See [Authentication Settings](/authentication-settings) for more details.`
|
||||
- **DON'T:** "Click here."
|
||||
- **DO:** "See the [Authentication Settings](/) for more details."
|
||||
|
||||
---
|
||||
|
||||
@@ -3,10 +3,10 @@ title: "Combination topic"
|
||||
---
|
||||
|
||||
:::info
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`combo.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`combo.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
|
||||
```shell
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/templates/combo.tmpl.md
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/docs/templates/combo.tmpl.md
|
||||
```
|
||||
|
||||
Edit your markdown file as you work, reading this page for the descriptions of each section. You can build out a "stub file" with just headers, then gradually add content to each section. Use screenshots sparingly, only for complex UIs where it is difficult to describe a UI element with words. Refer to our [Style Guide](../style-guide.mdx) for writing tips and authentik-specific rules.
|
||||
@@ -3,10 +3,10 @@ title: "Conceptual topic"
|
||||
---
|
||||
|
||||
:::info
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`conceptual.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`conceptual.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
|
||||
```shell
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/templates/conceptual.tmpl.md
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/docs/templates/conceptual.tmpl.md
|
||||
```
|
||||
|
||||
Edit your markdown file as you work, reading this page for the descriptions of each section. You can build out a "stub file" with just headers, then gradually add content to each section. Use screenshots sparingly, only for complex UIs where it is difficult to describe a UI element with words. Refer to our [Style Guide](../style-guide.mdx) for writing tips and authentik-specific rules.
|
||||
@@ -3,10 +3,10 @@ title: "Procedural topic"
|
||||
---
|
||||
|
||||
:::info
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`procedural.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`procedural.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
|
||||
```shell
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/templates/procedural.tmpl.md
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/docs/templates/procedural.tmpl.md
|
||||
```
|
||||
|
||||
Edit your markdown file as you work, reading this page for the descriptions of each section. You can build out a "stub file" with just headers, then gradually add content to each section. Use screenshots sparingly, only for complex UIs where it is difficult to describe a UI element with words. Refer to our [Style Guide](../style-guide.mdx) for writing tips and authentik-specific rules.
|
||||
@@ -3,10 +3,10 @@ title: "Reference topic"
|
||||
---
|
||||
|
||||
:::info
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`reference.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
**How to use this template**: start with the markdown version of the template, either by copying the [`reference.tmpl.md`](https://github.com/goauthentik/authentik/tree/main/website/docs/developer-docs/docs/templates) file from our GitHub repo or downloading the template file using the following command:
|
||||
|
||||
```shell
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/templates/reference.tmpl.md
|
||||
wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/docs/developer-docs/docs/templates/reference.tmpl.md
|
||||
```
|
||||
|
||||
Edit your markdown file as you work, reading this page for the descriptions of each section. You can build out a "stub file" with just headers, then gradually add content to each section. Use screenshots sparingly, only for complex UIs where it is difficult to describe a UI element with words. Refer to our [Style Guide](../style-guide.mdx) for writing tips and authentik-specific rules.
|
||||
@@ -7,7 +7,7 @@ import Tabs from "@theme/Tabs";
|
||||
|
||||
Writing documentation for authentik is a great way for both new and experienced users to improve and contribute to the project. We appreciate contributions to our documentation; everything from fixing a typo to adding additional content to writing a completely new topic.
|
||||
|
||||
Our technical documentation and integration guides are built, formatted, and tested using [NPM](https://www.npmjs.com/). The commands to build the content locally are defined in the `Makefile` in the root of the repository. Each command is prefixed with `docs-` or `integrations-` and corresponds to an NPM script within the `website` directory.
|
||||
The technical documentation (https://docs.goauthentik.io/docs/) and our integration guides (https://integrations.goauthentik.io/) are built, formatted, and tested using npm. The commands to build the content locally are defined in the `Makefile` in the root of the repository. Each command is prefixed with `docs-` or `integrations-` and corresponds to an NPM script within the `website` directory.
|
||||
|
||||
## Guidelines
|
||||
|
||||
@@ -21,7 +21,7 @@ Adhering to the following guidelines will help us get your PRs merged much easie
|
||||
|
||||
- Remember to use our templates when possible; they are already set up to follow our style guidelines, they make it a lot easier for you (no blank page frights!), and they keep the documentation structure and headings consistent.
|
||||
- [docs templates](./templates/index.md)
|
||||
- [integration guide template](/integrations/applications#add-a-new-application)
|
||||
- [integration guide template](https://integrations.goauthentik.io/applications#add-a-new-application)
|
||||
|
||||
:::tip
|
||||
If you encounter build check fails, or issues you with your local build, you might need to run `make docs-install` in order to get the latest build tools and dependencies; we do occasionally update our build tools.
|
||||
@@ -76,14 +76,14 @@ Installs or updates the build dependencies such as Docusaurus, Prettier, and ESL
|
||||
|
||||
## Writing or modifying technical docs
|
||||
|
||||
In addition to following the [Style Guide](./style-guide.mdx) please review the following guidelines about our technical documentation:
|
||||
In addition to following the [Style Guide](./style-guide.mdx) please review the following guidelines about our technical documentation (https://docs.goauthentik.io/docs/):
|
||||
|
||||
- For new entries, make sure to add any new pages to the `/docs/sidebar.mjs` file.
|
||||
Otherwise, the new page will not appear in the table of contents to the left.
|
||||
|
||||
- Always be sure to run the `make docs` command on your local branch _before_ pushing the PR to the authentik repo. This command does important linting, and the build check in our repo will fail if the linting has not been done. In general, check on the health of your build before pushing to the authentik repo, and also check on the build status of your PR after you create it.
|
||||
|
||||
For our technical documentation, the following commands are used:
|
||||
For our technical documentation (https://docs.goauthentik.io/docs/), the following commands are used:
|
||||
|
||||
### Build locally
|
||||
|
||||
@@ -103,7 +103,7 @@ Starts a local development server for the documentation site and opens a preview
|
||||
|
||||
## Writing or modifying integration guides
|
||||
|
||||
In addition to following the [Style Guide](./style-guide.mdx) please review the following guidelines about our integration guides (/integrations/).
|
||||
In addition to following the [Style Guide](./style-guide.mdx) please review the following guidelines about our integration guides (https://integrations.goauthentik.io/).
|
||||
|
||||
- For new integration documentation, please use the Integrations template in our [Github repo](https://github.com/goauthentik/authentik) at `/website/integrations/template/service.md`.
|
||||
|
||||
@@ -139,10 +139,10 @@ Every documentation page you see on our website starts as a simple Markdown file
|
||||
|
||||
### Converting file paths to URLs
|
||||
|
||||
Let's take a look at the file path of the [Style Guide page](./style-guide.mdx):
|
||||
Let's take a look at the file path of the [Style Guide page](https://docs.goauthentik.io/developer-docs/docs/style-guide/):
|
||||
|
||||
```text
|
||||
/website/docs/developer-docs/style-guide.mdx
|
||||
/website/docs/developer-docs/docs/style-guide.mdx
|
||||
```
|
||||
|
||||
Compared to the URL path of this page, there are a few differences:
|
||||
@@ -154,7 +154,7 @@ Compared to the URL path of this page, there are a few differences:
|
||||
This results in the following URL path:
|
||||
|
||||
```text
|
||||
https://docs.goauthentik.io/developer-docs/style-guide/
|
||||
https://docs.goauthentik.io/developer-docs/docs/style-guide/
|
||||
```
|
||||
|
||||
The final published URL is made possible with a combination of [Docusaurus's routing system](https://docusaurus.io/docs/advanced/routing) and [Netlify's redirects](https://docs.netlify.com/routing/redirects/).
|
||||
10
website/docs/developer-docs/setup/index.mdx
Normal file
10
website/docs/developer-docs/setup/index.mdx
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
title: Development environment
|
||||
description: Choose how you want to run and work on authentik.
|
||||
---
|
||||
|
||||
import DocCardList from "@theme/DocCardList";
|
||||
|
||||
Pick the setup that fits your workflow: full stack, frontend-only, or just the docs and grab some debugging tips along the way.
|
||||
|
||||
<DocCardList />
|
||||
@@ -7,7 +7,7 @@ Translation in authentik is done in two places. Most of the text is defined in t
|
||||
The frontend uses [@lit/localize](https://lit.dev/docs/localization/overview/), and the backend uses the built-in django translation tools.
|
||||
|
||||
:::info
|
||||
Please review the [Writing documentation](./writing-documentation.md) guidelines as they apply to documentation too.
|
||||
Please review the [Writing documentation](./docs/writing-documentation.md) guidelines as they apply to documentation too.
|
||||
:::
|
||||
|
||||
## Online translation
|
||||
|
||||
@@ -59,7 +59,7 @@ export default createDocusaurusConfig(
|
||||
experimental_faster: true,
|
||||
},
|
||||
|
||||
url: releaseEnvironment.currentReleaseOrigin,
|
||||
url: "https://docs.goauthentik.io",
|
||||
//#region Preset
|
||||
|
||||
presets: [
|
||||
@@ -85,8 +85,8 @@ export default createDocusaurusConfig(
|
||||
|
||||
beforeDefaultRemarkPlugins: [
|
||||
remarkLinkRewrite([
|
||||
["/api", releaseEnvironment.apiReferenceOrigin],
|
||||
["/integrations", releaseEnvironment.integrationsOrigin],
|
||||
["/api", "https://api.goauthentik.io"],
|
||||
["/integrations", "https://integrations.goauthentik.io"],
|
||||
]),
|
||||
],
|
||||
},
|
||||
|
||||
@@ -54,7 +54,7 @@ server {
|
||||
|
||||
# Proxy site
|
||||
# Location can be set to a subpath if desired, see documentation linked below:
|
||||
# https://docs.goauthentik.io/install-config/configuration/#authentik_web__path
|
||||
# https://docs.goauthentik.io/docs/install-config/configuration/#authentik_web__path
|
||||
location / {
|
||||
proxy_pass https://authentik;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
@@ -63,7 +63,7 @@ Previously, sessions were stored by default in the cache. Now, they are stored i
|
||||
|
||||
- **Reputation score limit**
|
||||
|
||||
Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](../../install-config/configuration/configuration.mdx#authentik_reputation__expiry).
|
||||
Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](https://docs.goauthentik.io/docs/install-config/configuration/#authentik_reputation_expiry).
|
||||
|
||||
<!-- - **Support for PostgreSQL Connection Pools**: See [description](#highlights) under Highlights. Refer to our [documentation](../../install-config/configuration/configuration.mdx). -->
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ slug: "/releases/2025.6"
|
||||
- **LDAP source sync forward deletions**: With this option enabled, users or groups created in authentik via LDAP sources will also be removed from authentik if they are deleted from the LDAP source. For more information, please refer to our [LDAP source documentation](../../users-sources/sources/protocols/ldap/index.md).
|
||||
- **Provider sync performance**: We have implemented parallel scheduling for outgoing syncs to provide faster synchronization.
|
||||
- **Branding**: Custom branding should now be more consistent on initial load, without flickering.
|
||||
- **Remote Access Control (RAC) improved [documentation](../../add-secure-apps/providers/rac/index.md)**: Added content about how to authenticate using a public key and improved the wording and formatting throughout the topic.
|
||||
- **Remote Access Control (RAC) improved [documentation](https://docs.goauthentik.io/docs/add-secure-apps/providers/rac/)**: Added content about how to authenticate using a public key and improved the wording and formatting throughout the topic.
|
||||
|
||||
## New integration guides
|
||||
|
||||
|
||||
@@ -148,13 +148,13 @@ From this point on, we recommend using the bundled PostgreSQL dependency for dem
|
||||
|
||||
An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
|
||||
|
||||
- [1Password](/integrations/security/1password/)
|
||||
- [Bitwarden](/integrations/security/bitwarden/)
|
||||
- [Papra](/integrations/documentation/papra/)
|
||||
- [Planka](/integrations/chat-communication-collaboration/planka/)
|
||||
- [Seafile](/integrations/media/seafile/)
|
||||
- [Vaultwarden](/integrations/security/vaultwarden/)
|
||||
- [Zoho](/integrations/platforms/zoho/)
|
||||
- [1Password](https://integrations.goauthentik.io/security/1password/)
|
||||
- [Bitwarden](https://integrations.goauthentik.io/security/bitwarden/)
|
||||
- [Papra](https://integrations.goauthentik.io/documentation/papra/)
|
||||
- [Planka](https://integrations.goauthentik.io/chat-communication-collaboration/planka/)
|
||||
- [Seafile](https://integrations.goauthentik.io/media/seafile/)
|
||||
- [Vaultwarden](https://integrations.goauthentik.io/security/vaultwarden/)
|
||||
- [Zoho](https://integrations.goauthentik.io/platforms/zoho/)
|
||||
|
||||
## Upgrading
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ Overall, we are pleased with the report's findings and grateful for the opportun
|
||||
|
||||
> Cobalt reported "The pentesters found that the Authentik Security team implemented robust and up-to-date security practices throughout the application."
|
||||
|
||||
In total, there were 5 low-level and one info-level vulnerabilities reported. By early November 2024, all 6 vulnerabilities were addressed and released in the [2024.10.4 patch release](../../releases/2024/v2024.10.md#fixed-in-2024103).
|
||||
In total, there were 5 low-level and one info-level vulnerabilities reported. By early November 2024, all 6 vulnerabilities were addressed and released in the [2024.10.4 patch release](https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024103).
|
||||
|
||||
## Responses to specific findings
|
||||
|
||||
@@ -54,10 +54,10 @@ The absence of Content Security Policy (CSP) headers means that the application
|
||||
|
||||
**Issue**: Finally, the only informational level finding was the potential for the unauthenticated download of private key and certificate values via a direct URL. (Guessing the URL required the knowledge of the UUID of an object.) We had already fixed this issue in 2024.8.0, but the instance tested against was the immediately preceding version.
|
||||
|
||||
**Fix**: For more details, refer to [CVE-2024-42490](../cves/CVE-2024-42490.md).
|
||||
**Fix**: For more details, refer to [CVE-2024-42490](https://docs.goauthentik.io/docs/security/cves/CVE-2024-42490).
|
||||
|
||||
## Retest results
|
||||
|
||||
The subsequent retest conducted by Cobalt deemed all issues resolved. See page 17 of the [report](https://goauthentik.io/resources/fullReport_authentik-cobalt-test-instance-august-2024-pt26135.pdf) for the mitigation status ("fixed") for each of the issues discovered in September.
|
||||
|
||||
We are pleased to share this pentest and the final results of the retest. We encourage an open and ongoing communication with our users and community. For more information abut our security stance, read our [Security Policy](../policy.mdx), [Hardening authentik](../security-hardening.md), and our other [security-related documentation](../../). If you have any questions or feedback you can reach us on [GitHub](https://github.com/goauthentik/authentik), [Discord](https://discord.com/channels/809154715984199690/809154716507963434), or via email to [hello@goauthentik.io](mailto:hello@goauthentik.io).
|
||||
We are pleased to share this pentest and the final results of the retest. We encourage an open and ongoing communication with our users and community. For more information abut our security stance, read our [Security Policy](https://docs.goauthentik.io/docs/security/policy), [Hardening authentik](https://docs.goauthentik.io/docs/security/security-hardening), and our other [security-related documentation](https://docs.goauthentik.io/docs/security). If you have any questions or feedback you can reach us on [GitHub](https://github.com/goauthentik/authentik), [Discord](https://discord.com/channels/809154715984199690/809154716507963434), or via email to [hello@goauthentik.io](mailto:hello@goauthentik.io).
|
||||
|
||||
@@ -644,16 +644,24 @@ const items = [
|
||||
{
|
||||
type: "link",
|
||||
href: releaseEnvironment.apiReferenceOrigin,
|
||||
label: "API Reference",
|
||||
className: "api-reference",
|
||||
label: "API Overview",
|
||||
className: "api-overview",
|
||||
},
|
||||
{
|
||||
type: "doc",
|
||||
id: "developer-docs/contributing",
|
||||
label: "Contributing",
|
||||
},
|
||||
|
||||
{
|
||||
//#endregion
|
||||
|
||||
//#region Development environment
|
||||
type: "category",
|
||||
label: "Development setup",
|
||||
label: "Development environment",
|
||||
link: {
|
||||
type: "doc",
|
||||
id: "developer-docs/setup/full-dev-environment",
|
||||
id: "developer-docs/setup/index",
|
||||
},
|
||||
items: [
|
||||
"developer-docs/setup/full-dev-environment",
|
||||
@@ -661,52 +669,34 @@ const items = [
|
||||
"developer-docs/setup/debugging",
|
||||
],
|
||||
},
|
||||
|
||||
{
|
||||
//#endregion
|
||||
|
||||
//#region Writing documentation
|
||||
type: "category",
|
||||
label: "Contributing",
|
||||
label: "Writing documentation",
|
||||
link: {
|
||||
type: "doc",
|
||||
id: "developer-docs/contributing",
|
||||
id: "developer-docs/docs/writing-documentation",
|
||||
},
|
||||
items: [
|
||||
{
|
||||
type: "doc",
|
||||
id: "developer-docs/contributing",
|
||||
label: "Overview",
|
||||
},
|
||||
{
|
||||
type: "doc",
|
||||
id: "developer-docs/writing-documentation",
|
||||
},
|
||||
{
|
||||
type: "doc",
|
||||
label: "Style guide",
|
||||
id: "developer-docs/style-guide",
|
||||
},
|
||||
|
||||
"developer-docs/docs/style-guide",
|
||||
{
|
||||
type: "category",
|
||||
label: "Templates",
|
||||
link: {
|
||||
type: "doc",
|
||||
id: "developer-docs/templates/index",
|
||||
id: "developer-docs/docs/templates/index",
|
||||
},
|
||||
items: [
|
||||
{
|
||||
type: "doc",
|
||||
id: "developer-docs/templates/index",
|
||||
label: "Overview",
|
||||
},
|
||||
"developer-docs/templates/procedural",
|
||||
"developer-docs/templates/conceptual",
|
||||
"developer-docs/templates/reference",
|
||||
"developer-docs/templates/combo",
|
||||
"developer-docs/docs/templates/procedural",
|
||||
"developer-docs/docs/templates/conceptual",
|
||||
"developer-docs/docs/templates/reference",
|
||||
"developer-docs/docs/templates/combo",
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
||||
{
|
||||
type: "doc",
|
||||
id: "developer-docs/releases/index",
|
||||
|
||||
18
website/docs/static/_redirects
vendored
18
website/docs/static/_redirects
vendored
@@ -6,15 +6,13 @@
|
||||
# i.e. The first rule that matches the URL will take precedence.
|
||||
|
||||
#region API
|
||||
/schema.yml https://api.goauthentik.io/schema.yml 301!
|
||||
/schema.yaml https://api.goauthentik.io/schema.yml 301!
|
||||
/api https://api.goauthentik.io 301!
|
||||
/docs/api https://api.goauthentik.io 301!
|
||||
/docs/developer-docs/api/ https://api.goauthentik.io 301!
|
||||
/api/* https://api.goauthentik.io/:splat 301!
|
||||
/docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
/docs/developer-docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
/developer-docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
/api https://api.goauthentik.io 301!
|
||||
/docs/api https://api.goauthentik.io 301!
|
||||
/docs/developer-docs/api/ https://api.goauthentik.io 301!
|
||||
/api/* https://api.goauthentik.io/:splat 301!
|
||||
/docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
/docs/developer-docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
/developer-docs/api/* https://api.goauthentik.io/:splat 301!
|
||||
#endregion
|
||||
|
||||
#region Applications
|
||||
@@ -76,7 +74,5 @@
|
||||
#endregion
|
||||
|
||||
#region Docs prefix
|
||||
/developer-docs/docs/* /developer-docs/:splat 301!
|
||||
/docs/developer-docs/docs/* /developer-docs/:splat 301!
|
||||
/docs/* /:splat 301!
|
||||
#endregion
|
||||
|
||||
@@ -314,8 +314,10 @@ Now bind this policy to the chosen authentication flows for the Discord OAuth so
|
||||
|
||||
:::info
|
||||
Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds.members.read` scopes added under **Protocol settings**.
|
||||
:::
|
||||
|
||||
In order to use the created attribute in authentik you will also have to configure authentik's [avatar settings](../../../../sys-mgmt/settings.md#avatars).
|
||||
:::info
|
||||
In order to use the created attribute in authentik you will have to set authentik configuration arguments found at: https://docs.goauthentik.io/docs/core/settings#avatars
|
||||
:::
|
||||
|
||||
Create a new **Expression Policy** with the content below, adjusting the variables where required:
|
||||
|
||||
@@ -77,7 +77,6 @@ export function createReleaseSidebarEntries(releaseFiles) {
|
||||
* @property {string} currentReleaseOrigin The URL to the current release documentation.
|
||||
* @property {string} preReleaseOrigin The URL to the pre-release documentation.
|
||||
* @property {string} apiReferenceOrigin The URL to the API reference documentation.
|
||||
* @property {string} integrationsOrigin The URL to the integrations documentation.
|
||||
*/
|
||||
|
||||
/**
|
||||
@@ -91,7 +90,5 @@ export function prepareReleaseEnvironment() {
|
||||
currentReleaseOrigin: process.env.CURRENT_RELEASE_ORIGIN || "https://docs.goauthentik.io",
|
||||
preReleaseOrigin: process.env.PRE_RELEASE_ORIGIN || "https://next.goauthentik.io",
|
||||
apiReferenceOrigin: process.env.API_REFERENCE_ORIGIN || "https://api.goauthentik.io",
|
||||
integrationsOrigin:
|
||||
process.env.INTEGRATIONS_ORIGIN || "https://integrations.goauthentik.io",
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
import styles from "./styles.module.css";
|
||||
|
||||
import { useCachedVersionPluginData } from "@goauthentik/docusaurus-theme/components/VersionPicker/utils.ts";
|
||||
|
||||
import Translate from "@docusaurus/Translate";
|
||||
import Admonition from "@theme/Admonition";
|
||||
import type { Props } from "@theme/EditMetaRow";
|
||||
@@ -16,12 +14,6 @@ const EditMetaRow: React.FC<Props> = ({
|
||||
lastUpdatedAt,
|
||||
lastUpdatedBy,
|
||||
}: Props) => {
|
||||
const versionPluginData = useCachedVersionPluginData();
|
||||
const currentReleaseOrigin =
|
||||
versionPluginData?.env.currentReleaseOrigin ?? "https://docs.goauthentik.io";
|
||||
|
||||
const contributorURL = new URL("/developer-docs/contributing/", currentReleaseOrigin);
|
||||
|
||||
return (
|
||||
<>
|
||||
<hr className={styles.divider} />
|
||||
@@ -64,7 +56,7 @@ const EditMetaRow: React.FC<Props> = ({
|
||||
|
||||
<li>
|
||||
<a
|
||||
href={contributorURL.toString()}
|
||||
href="https://docs.goauthentik.io/docs/developer-docs/"
|
||||
target="_blank"
|
||||
rel="noreferrer noopener"
|
||||
>
|
||||
|
||||
@@ -45,7 +45,7 @@ To support the integration of Mastodon with authentik, you need to create an app
|
||||
Configure Mastodon `OIDC_` settings by editing the `.env.production` and add the following:
|
||||
|
||||
:::warning
|
||||
When using `preferred_username` as the user identifier, ensure that the [Allow users to change username setting](/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues.
|
||||
When using `preferred_username` as the user identifier, ensure that the [Allow users to change username setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues.
|
||||
:::
|
||||
|
||||
:::info
|
||||
|
||||
@@ -116,7 +116,7 @@ To enable OIDC functionality in ownCloud, follow these steps:
|
||||
Add the necessary configuration settings to this file. Ensure it includes at least the minimal requirements for your setup:
|
||||
|
||||
:::warning
|
||||
You can configure ownCloud to use either the `sub` or `preferred_username` as the UID field under `search-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
You can configure ownCloud to use either the `sub` or `preferred_username` as the UID field under `search-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
:::
|
||||
|
||||
```php
|
||||
|
||||
@@ -11,7 +11,7 @@ support_level: community
|
||||
> -- https://thelounge.chat/
|
||||
|
||||
:::note
|
||||
This guide assumes you already deployed an LDAP Provider, if not check [here](/docs/add-secure-apps/providers/ldap/generic_setup).
|
||||
This guide assumes you already deployed an LDAP Provider, if not check [here](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup).
|
||||
If you made any changes, e.g. using a different name for the user, make sure to apply them here as well.
|
||||
:::
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ support_level: community
|
||||
>
|
||||
> -- https://github.com/causefx/Organizr
|
||||
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
|
||||
## Preparation
|
||||
|
||||
@@ -78,5 +78,5 @@ LDAP Backend Type: `OpenLDAP`
|
||||
Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group.
|
||||
:::
|
||||
:::tip
|
||||
Consider front-ending your application with a [forward auth provider](/docs/add-secure-apps/providers/proxy/forward_auth) for an SSO experience.
|
||||
Consider front-ending your application with a [forward auth provider](https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/forward_auth) for an SSO experience.
|
||||
:::
|
||||
|
||||
@@ -53,7 +53,7 @@ Then, under the **Configuration Settings** section, update the **oauth** and **o
|
||||
For **oauth**: - Select the following option: `plugin»oauth»register-on-auth`
|
||||
|
||||
:::warning
|
||||
When using `preferred_username` as the user identifier, ensure that the [Allow users to change username setting](/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. You can configure DocuWiki to use either the `sub` or `preferred_username` as the UID field under `plugin»oauthgeneric»json-user`. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
When using `preferred_username` as the user identifier, ensure that the [Allow users to change username setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. You can configure DocuWiki to use either the `sub` or `preferred_username` as the UID field under `plugin»oauthgeneric»json-user`. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
:::
|
||||
|
||||
For **oauthgeneric**:
|
||||
|
||||
@@ -26,7 +26,7 @@ The following placeholders are used in this guide:
|
||||
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
|
||||
:::
|
||||
|
||||
Also set up your proxy server to use forward auth with paperless.company: /docs/add-secure-apps/providers/proxy/forward_auth/
|
||||
Also set up your proxy server to use forward auth with paperless.company: https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/forward_auth/
|
||||
|
||||
## Paperless
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ To support the integration of YouTrack with authentik, you need to create an app
|
||||
- Set the **Entity ID** to `https://youtrack.company/admin/hub/`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available signing key and make sure **Sign assertions** is toggled.
|
||||
- Then, also under **Advanced protocol settings**, make sure **NameID Property Mapping** is set to `authentik default SAML Mapping: username`. Make sure the [Allow users to change username](/docs/sys-mgmt/settings#allow-users-to-change-username) setting is disabled to prevent authentication issues.
|
||||
- Then, also under **Advanced protocol settings**, make sure **NameID Property Mapping** is set to `authentik default SAML Mapping: username`. Make sure the [Allow users to change username](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) setting is disabled to prevent authentication issues.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
/**
|
||||
* @file Docusaurus Integrations config.
|
||||
*
|
||||
* @import { AKReleasesPluginOptions } from "@goauthentik/docusaurus-theme/releases/plugin"
|
||||
* @import { UserThemeConfig, UserThemeConfigExtra } from "@goauthentik/docusaurus-config";
|
||||
* @import { Options as RedirectsPluginOptions } from "@docusaurus/plugin-client-redirects";
|
||||
* @import { AKRedirectsPluginOptions } from "@goauthentik/docusaurus-theme/redirects/plugin"
|
||||
@@ -18,11 +17,8 @@ import {
|
||||
} from "@goauthentik/docusaurus-theme/config";
|
||||
import { RewriteIndex } from "@goauthentik/docusaurus-theme/redirects";
|
||||
import { parse } from "@goauthentik/docusaurus-theme/redirects/node";
|
||||
import { prepareReleaseEnvironment } from "@goauthentik/docusaurus-theme/releases/node";
|
||||
import { remarkLinkRewrite } from "@goauthentik/docusaurus-theme/remark";
|
||||
|
||||
const releaseEnvironment = prepareReleaseEnvironment();
|
||||
|
||||
const __dirname = fileURLToPath(new URL(".", import.meta.url));
|
||||
|
||||
const packageStaticDirectory = resolve(__dirname, "static");
|
||||
@@ -39,7 +35,7 @@ export default createDocusaurusConfig(
|
||||
experimental_faster: true,
|
||||
},
|
||||
|
||||
url: releaseEnvironment.integrationsOrigin,
|
||||
url: "https://integrations.goauthentik.io",
|
||||
|
||||
//#region Preset
|
||||
|
||||
@@ -54,8 +50,9 @@ export default createDocusaurusConfig(
|
||||
|
||||
beforeDefaultRemarkPlugins: [
|
||||
remarkLinkRewrite([
|
||||
["/api", releaseEnvironment.apiReferenceOrigin],
|
||||
["/docs", releaseEnvironment.currentReleaseOrigin],
|
||||
// ---
|
||||
["/api", "https://api.goauthentik.io"],
|
||||
["/docs", "https://docs.goauthentik.io"],
|
||||
]),
|
||||
],
|
||||
},
|
||||
@@ -67,14 +64,6 @@ export default createDocusaurusConfig(
|
||||
//#region Plugins
|
||||
|
||||
plugins: [
|
||||
[
|
||||
"@goauthentik/docusaurus-theme/releases/plugin",
|
||||
/** @type {AKReleasesPluginOptions} */ ({
|
||||
docsDirectory: __dirname,
|
||||
environment: releaseEnvironment,
|
||||
}),
|
||||
],
|
||||
|
||||
// Inject redirects for later use during runtime,
|
||||
// such as navigating to non-existent page with the client-side router.
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ To support the integration of Apache Guacamole with authentik, you need to creat
|
||||
It is recommended to create an admin account in Guacamole before configuring Single Sign-On to simplify the process. Create a user in Guacamole using the same username as in authentik and grant them admin permissions. This step is important to avoid losing access to the Guacamole admin settings, as you may need to revert your changes without it.
|
||||
|
||||
:::warning
|
||||
You can configure Apache Guacamole to use either the `sub` or `preferred_username` as the UID field under `user-name-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
You can configure Apache Guacamole to use either the `sub` or `preferred_username` as the UID field under `user-name-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
:::
|
||||
|
||||
<Tabs
|
||||
|
||||
@@ -10,7 +10,7 @@ support_level: community
|
||||
>
|
||||
> -- From http://www.proftpd.org
|
||||
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
|
||||
## Preparation
|
||||
|
||||
@@ -109,7 +109,7 @@ In this example, every user shares a single folder. If you want to have separate
|
||||
|
||||
Additionally, note that each file will have Linux user and group ID `1000`. Beforehand, make sure that the respective Linux user exists (usually the first Linux user created receives ID `1000`). Check `/etc/passwd` and create a user if necessary.
|
||||
|
||||
If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](/docs/add-secure-apps/providers/ldap).
|
||||
If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap).
|
||||
|
||||
Make sure to read ProFTPD's [available LDAP options](http://www.proftpd.org/docs/contrib/mod_ldap.html).
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ This documentation lists only the settings that you need to change from their de
|
||||
:::
|
||||
|
||||
Create an LDAP Provider if you don't already have one setup.
|
||||
This guide assumes you will be running with TLS. See the [ldap provider docs](/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side.
|
||||
This guide assumes you will be running with TLS. See the [ldap provider docs](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side.
|
||||
|
||||
Remember the `ldap.baseDN` you have configured for the provider as you'll
|
||||
need it in the sssd configuration.
|
||||
@@ -47,7 +47,7 @@ Max password length \<= 66 characters.
|
||||
|
||||
## Deployment
|
||||
|
||||
Create an outpost deployment for the provider you've created above, as described [here](/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access.
|
||||
Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access.
|
||||
|
||||
The outpost will connect to authentik and configure itself.
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ All configuration options can be found in [Komga's OAuth2 Advanced configuration
|
||||
:::
|
||||
|
||||
:::warning
|
||||
You can configure Komga to use either the `sub` or `preferred_username` as the UID field under `user-name-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
You can configure Komga to use either the `sub` or `preferred_username` as the UID field under `user-name-attribute`. When using `preferred_username` as the user identifier, ensure that the [**Allow users to change username** setting](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) is disabled to prevent authentication issues. The `sub` option uses a unique, stable identifier for the user, while `preferred_username` uses the username configured in authentik.
|
||||
:::
|
||||
|
||||
```yml
|
||||
|
||||
@@ -41,7 +41,7 @@ Create an application in authentik and select the provider you've created above.
|
||||
|
||||
## Deployment
|
||||
|
||||
Create an outpost deployment for the provider you've created above, as described [here](/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr.
|
||||
Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr.
|
||||
|
||||
The outpost will connect to authentik and configure itself.
|
||||
|
||||
|
||||
@@ -113,7 +113,7 @@ To support the integration of Home Assistant using `hass-auth-headers` with auth
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
4. Create an outpost deployment for the provider you've created above, as described [here](/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself.
|
||||
4. Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself.
|
||||
|
||||
## Home Assistant configuration
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ The steps to configure authentik include creating an application and provider pa
|
||||
- Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
|
||||
- Set a `Strict` redirect URI to `https://beszel.company/api/oauth2-redirect`.
|
||||
- Select any available signing key.
|
||||
- **Configure Bindings** _(optional):_ you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user’s \***\*My applications** \*_page_.\*
|
||||
- **Configure Bindings** _(optional):_ you can create a [binding](https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user’s \***\*My applications** \*_page_.\*
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user