Skip to content

sources/kerberos: authenticate with the user's username instead of the first username in authentik#12497

Merged
rissson merged 3 commits intogoauthentik:mainfrom
natural-hair:kerberos_source_fix
Jan 6, 2025
Merged

sources/kerberos: authenticate with the user's username instead of the first username in authentik#12497
rissson merged 3 commits intogoauthentik:mainfrom
natural-hair:kerberos_source_fix

Conversation

@natural-hair
Copy link
Contributor

@natural-hair natural-hair commented Dec 27, 2024

Details

bugfix: kerberos source authentication attempts all passwords against the first username in Authentik. Now it filters the Authentik user list with the user's username so that more than the first user can authenticate via kerberos source.

How you can tell if it works: check your kerberos server logs to confirm that the user's username is being used; create more than one user and try to log in with additional users.

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@natural-hair
Update auth.py
29cea59 
bugfix: previously attempted all passwords against the first user in Authentik.  Now it matches the username.

Signed-off-by: natural-hair <github@natural-hair.net>
@natural-hair natural-hair requested a review from a team as a code owner December 27, 2024 02:23
@netlify
Copy link

netlify bot commented Dec 27, 2024
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 26bf16c
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/677bd0de9e819400086d7a94

@netlify
Copy link

netlify bot commented Dec 27, 2024
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 26bf16c
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/677bd0ded5f1db0008dbac54

@BeryJu BeryJu requested a review from rissson December 28, 2024 21:24
@rissson
Copy link
Member

rissson commented Dec 28, 2024

On PTO but we should also filter to potentially find users where the entered username is their principal (i.e. the identifier in the usersourceconnection)

rissson added 2 commits January 6, 2025 13:44
@rissson
Merge branch 'main' into kerberos_source_fix
9760eb8
@rissson
fix returned user
26bf16c 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson rissson enabled auto-merge (squash) January 6, 2025 12:47
@rissson
Copy link
Member

rissson commented Jan 6, 2025

/cherry-pick version-2024.12

@rissson rissson merged commit afb1686 into goauthentik:main Jan 6, 2025
gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Jan 6, 2025
@natural-hair @rissson
sources/kerberos: authenticate with the user's username instead of th…
bfb8165 
…e first username in authentik (#12497)

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Jan 6, 2025
Merged
@codecov
Copy link

codecov bot commented Jan 6, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.70%. Comparing base (6b18026) to head (26bf16c).
Report is 8 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #12497      +/-   ##
==========================================
- Coverage   92.76%   92.70%   -0.06%     
==========================================
  Files         770      770              
  Lines       38873    38873              
==========================================
- Hits        36059    36038      -21     
- Misses       2814     2835      +21
Flag Coverage Δ
e2e 48.66% <50.00%> (-0.05%) ⬇️
integration 24.58% <0.00%> (ø)
unit 90.38% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

BeryJu pushed a commit that referenced this pull request Jan 6, 2025
@gcp-cherry-pick-bot @natural-hair @rissson
sources/kerberos: authenticate with the user's username instead of th…
9a1c76e 
…e first username in authentik (cherry-pick #12497) (#12579)

sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497)

Co-authored-by: natural-hair <github@natural-hair.net>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2025
@kensternberg-authentik
Merge branch 'main' into dev
854427e 
* main:
  core: bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#12571)
  website: bump the docusaurus group in /website with 9 updates (#12569)
  core: bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#12572)
  core: bump ruff from 0.8.5 to 0.8.6 (#12573)
  ci: release: fix AWS cfn template permissions (#12576)
  translate: Updates for file web/xliff/en.xlf in fr (#12578)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#12577)
  sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497)
  website/integrations: Fix deprecated terraform ressource authentik_scope_mapping in docs (#12554)
  website/user-sources Fix Free IPA docs page (#12549)
  core: bump aws-cdk-lib from 2.173.4 to 2.174.0 (#12574)
  website/integrations: semaphore: fix formatting (#12567)
  website: bump aws-cdk from 2.173.4 to 2.174.0 in /website (#12570)
  website/integrations: Update Frappe Application index.md (#12527)
  website: add api reference docs to redirect file (#12551)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rissson rissson rissson approved these changes

Assignees

@rissson rissson

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@natural-hair @rissson