109 Commits

Author SHA1 Message Date
3c20d31a13
adjust for release 3.0.0 2023-11-07 10:18:49 +01:00
14a1cb8ea3
fix 3.0.0-beta3 v3.0.0-beta2 2023-11-07 10:06:15 +01:00
506fdc56ad
changes v3.0.0-beta1 2023-11-07 10:02:31 +01:00
2ddbb8576f
documentation 2023-11-07 09:59:46 +01:00
e41e8e1a17
ignore ci script for docker 2023-11-07 09:10:16 +01:00
86894f72ed
add ci script 2023-11-07 09:08:20 +01:00
3f9d70e87b
tidied up 2023-11-07 08:54:40 +01:00
fb24320552
role added to configuration 2023-11-06 22:25:00 +01:00
f6120640d2
evaluate role in higher layer 2023-11-06 22:09:29 +01:00
ab2d527dbd
we get closer 2023-11-06 19:59:31 +01:00
5828a9a5a2
debugging for analyzing token 2023-11-06 18:15:03 +01:00
Thom Seddon
c4317b7503
Allow to be run without middleware + improve request reading consistency (#217)
Prior to this change, the request URI was only ever read from the
X-Forwarded-Uri header which was only set when the container was
accessed via the forwardauth middleware. As such, it was necessary
to apply the treafik-forward-auth middleware to the treafik-forward-auth
container when running auth host mode.
This is a quirk, unnecessary complexity and is a frequent source of
configuration issues.
2021-06-24 21:45:28 +01:00
em0lar / Leo
4ffb6593d5
Add GitHub Actions workflow for creating binaries for releases (#184) (#199)
* Add GitHub Actions workflow for creating binaries for releases
* Add sentence about binary files to README
* Cleanup + nicer way querying GitHub API
2021-02-01 20:28:00 +00:00
hesstobi
6c6f75e80d
Make listen port configurable (#230)
Co-authored-by: Tobias Hess <tobias.hess@energiekoppler.com>
2021-02-01 20:10:50 +00:00
Thom Seddon
8be8244b13
Switch to Github Actions for CI (#219) 2021-01-03 13:44:40 +00:00
Thom Seddon
f96a3fb332
Remove double brackets typo in readme (#218) 2020-12-10 21:39:49 +00:00
Thom Seddon
c19f622fbd
Create codeql-analysis.yml 2020-10-01 09:29:36 +01:00
Thom Seddon
04f5499f0b
Allow override of domains and whitelist in rules (#169)
Co-authored-by: Mathieu Cantin <mcantin@petalmd.com>
Co-authored-by: Pete Shaw <lozlow@users.noreply.github.com>
2020-09-23 14:50:15 +01:00
Thom Seddon
41560feaa7
Support concurrent CSRF cookies by using a prefix of nonce (#187)
* Support concurrent CSRF cookies by using a prefix of nonce.
* Move ValidateState out and make CSRF cookies last 1h
* add tests to check csrf cookie nam + minor tweaks

Co-authored-by: Michal Witkowski <michal@cerberus>
2020-09-23 14:48:04 +01:00
Ricardo Sousa
1743537438
Fix simple-separate-pod url path (#148)
There is a missing slash in the `kubernetes/simple-separate-pod` example link, leading to a 404. This change fixes that url in the README.md file.
2020-07-17 14:14:27 +01:00
Thom Seddon
9e5994b959
Add Generic OAuth Provider (#138) v2.2.0 2020-06-29 21:04:42 +01:00
Thom Seddon
870724c994
Fail if there is an error retrieving the user + extra test (#142)
Previously this would fail, but permit the request, which isn't
normally what you'd want.
2020-06-29 21:02:45 +01:00
Thom Seddon
be2b4ba9f4
Remove unused user fields (#141)
These aren't actually used anywhere and can result in a parse error
if the ID field isn't a string
2020-06-29 21:01:59 +01:00
Thom Seddon
529e28d83b
Add FUNDING.yml (#135) 2020-06-26 15:41:33 +01:00
Thom Seddon
2937b04fdb
Add support for resource indicator to OIDC provider (#131) 2020-06-11 12:24:51 +01:00
Thom Seddon
fb8b216481
Optionally match emails against *either* whitelist or domains when both are provided (#106)
The previous behaviour would ignore domains if the whitelist parameter was provided, however if both parameters are provided then matching either is more likely the intent.
2020-06-03 14:11:59 +01:00
Thom Seddon
8b3a950162
Add logout endpoint (#107)
Add logout endpoint that clears the auth cookie + optional "logout-redirect" config option, to which, when set, the user will be redirected.
2020-06-03 14:00:47 +01:00
Thom Seddon
655eddeaf9 Add note on using auth host mode with selective auth 2020-05-26 14:55:23 +01:00
Thom Seddon
c63fd738d6
Rename selective auth + fix selective auth examples (#130) 2020-05-26 14:47:14 +01:00
Leland Sindt
00b5d9e031
standardize on 'traefik-forward-auth-secrets' for kubernetes examples (#127) 2020-05-26 14:12:26 +01:00
Thom Seddon
8902cf8735 Use Traefik v2 in README examples and links + use consistent images in examples 2020-05-23 16:42:18 +01:00
Thom Seddon
3345f8ec69 Add traefik v2 swarm examples 2020-05-23 14:43:52 +01:00
Thom Seddon
60604ad3db Always prompt user to select account on google login
This closes #103 and as discussed in that issue, hopefully fixes a
common source of error discussed in #31
2020-05-12 13:50:05 +01:00
Thom Seddon
a668454a11 Warn when using http without insecure cookie
Closes #114
2020-05-12 13:20:51 +01:00
Thom Seddon
eec62eb03a Improve logging detail and consistency
Closes #114
2020-05-11 14:42:53 +01:00
Thom Seddon
7381450015 Improve internal function docs 2020-05-11 14:42:33 +01:00
Thom Seddon
f7a94e7db9 Add traefik v2 kubernetes examples
Ref #72 #89 #92
2020-05-07 15:47:58 +01:00
Thom Seddon
f802a366de Add note on avoiding rules that might break redirect flow
Tracked in #101
2020-05-07 15:28:00 +01:00
Thom Seddon
07f9587bc1 Modify references from Universal Authentication to Global Authentication 2020-05-07 15:22:48 +01:00
Thom Seddon
1ac0ca9732 traefik v1.7 kubernetes doc fixes 2020-04-28 17:15:53 +01:00
Thom Seddon
9abf5645b7 Add kubernetes examples + better document methods of applying authentication
Closes #33
2020-04-24 14:22:29 +01:00
Thom Seddon
3a66191314 Document ARM releases on docker hub
This is now confirmed to be working so fixes #38
2020-04-23 14:35:06 +01:00
Pierre Kisters
c3b4ba8244
Allow multiple cookie domains, domains and whitelists with environment variable (#98)
* comma env-delim for array flags
* tests for env-delim flags
2020-04-14 07:48:55 +01:00
Thiago Pinto
b413c60d42 Update golang arm versions 2020-04-13 18:03:46 +01:00
Sandro Jäckel
e678a33016 Add .git to .dockerignore 2020-04-13 18:01:07 +01:00
Thom Seddon
3652a0b244 Add OIDC docs + examples v2.1.0 2020-02-10 17:09:09 +00:00
Thom Seddon
68c329901a Update go1.12 -> go1.13 + update dependencies + mod tidy 2020-02-10 17:09:09 +00:00
Thom Seddon
ffa5afbf22 Simplify oauth server testing 2020-02-10 17:09:09 +00:00
Thom Seddon
5a9c6adedf Multiple provider support + OIDC provider 2020-02-10 17:09:09 +00:00
Thom Seddon
5dfd4f2878 Add arm builds. Fixes #38 2019-09-30 10:53:01 +01:00