Skip to content

outposts: Refactor session end signal and add LDAP support#14539

Merged
BeryJu merged 30 commits intomainfrom
outposts/refactor-session-end
Jun 10, 2025
Merged

outposts: Refactor session end signal and add LDAP support#14539
BeryJu merged 30 commits intomainfrom
outposts/refactor-session-end

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented May 17, 2025
edited
Loading

Details

  • Promote session_end signal to not be provider specific
  • improve implementations in various places
  • Add support for LDAP

This will be in a separate PR to keep this one readable

#14724
#2023

closes #10474

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

BeryJu added 10 commits May 17, 2025 01:24
@BeryJu
outpost: promote session end signal to non-provider specific
d71b177 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
implement server-side logout in ldap
a9887f8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix previous import
31cbf12 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
use better retry logic
94a960a 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
log
35a93cd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
make more generic if we switch from ws to something else
2f0909e 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
make it possible to e2e test WS
1f30a22 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix ldap session id
a737e86 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
ok I actually need to go to bed this took me an hour to fix
7ca472a 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
format; add ldap test
62fde4d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested review from a team as code owners May 17, 2025 01:17
@netlify
Copy link

netlify bot commented May 17, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 85548b8
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/6843978a4dd2730008446125

@netlify
Copy link

netlify bot commented May 17, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 85548b8
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6843978a1cb56000089d1f28

@codecov
Copy link

codecov bot commented May 17, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 92.30769% with 2 lines in your changes missing coverage. Please review.

Project coverage is 92.79%. Comparing base (b7417e7) to head (85548b8).
Report is 36 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
authentik/outposts/consumer.py 66.66% 1 Missing ⚠️
authentik/outposts/signals.py 91.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14539      +/-   ##
==========================================
- Coverage   92.85%   92.79%   -0.07%     
==========================================
  Files         818      816       -2     
  Lines       42196    42193       -3     
==========================================
- Hits        39180    39151      -29     
- Misses       3016     3042      +26
Flag Coverage Δ
e2e 47.53% <80.76%> (-0.14%) ⬇️
integration 24.43% <53.84%> (-0.02%) ⬇️
unit 90.68% <92.30%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

BeryJu added 5 commits May 17, 2025 03:37
@BeryJu
fix leftover state
e1ab16f 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
remove thread
6d1aa56 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
use ws base for radius
87846e3 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
separate test utils
3fc2ad6 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
rename
213ad3b 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@github-actions
Copy link
Contributor

github-actions bot commented May 17, 2025
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-85548b82d125241d97c2d86189e736eaebcb6d4b
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-85548b82d125241d97c2d86189e736eaebcb6d4b

Afterwards, run the upgrade commands from the latest release notes.

BeryJu added 9 commits May 17, 2025 14:57
@BeryJu
fix missing super calls
1f54fb4 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
websocket tests with browser 🎉
9ea37eb 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add proxy test for sign out
7e94158 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix install_id issue with channels tests
3a3640f 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix proxy basic auth test
f23eadd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
big code dedupe
1aa04c0 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
allow passing go build args
3be2695 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
improve waiting for outpost
1df3899 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
rewrite ldap tests
4499fc4 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
ok actually fix the tests
2a48004 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu added a commit that referenced this pull request May 17, 2025
@BeryJu
tests: better ws support
b41662d 
cherry-picked from #14539

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu mentioned this pull request May 17, 2025
Open
6 tasks
BeryJu added a commit that referenced this pull request May 17, 2025
@BeryJu
tests: better ws support
d45222a 
cherry-picked from #14539

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu added a commit that referenced this pull request May 17, 2025
@BeryJu
tests: better ws support
4b0d641 
cherry-picked from #14539

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the outposts/refactor-session-end branch from f9dd0d0 to e9bf006 Compare May 17, 2025 23:17
@BeryJu BeryJu changed the title outposts: Refactor session end signal outposts: Refactor session end signal and add LDAP support May 17, 2025
@BeryJu
undo a couple things that need more time to cook
398189c 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the outposts/refactor-session-end branch from e9bf006 to 398189c Compare May 17, 2025 23:22
@BeryJu
remove unused lockfile-lint dependency since we use a shell script an…
61652d2 
…d SFE does not have a lockfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu mentioned this pull request May 27, 2025
Merged
6 tasks
@BeryJu BeryJu force-pushed the outposts/refactor-session-end branch from cc38d43 to 2edce63 Compare June 7, 2025 01:06
@BeryJu
Merge branch 'main' into outposts/refactor-session-end
4c76e2c 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/providers/proxy/tasks.py
#	cmd/ldap/main.go
#	cmd/proxy/main.go
#	cmd/rac/main.go
#	cmd/radius/main.go
#	cmd/server/server.go
#	package-lock.json
#	web/package-lock.json
#	web/packages/sfe/package.json
@BeryJu BeryJu force-pushed the outposts/refactor-session-end branch from 2edce63 to 4c76e2c Compare June 7, 2025 01:08
@BeryJu
fix session id for ldap
a06dd8d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the outposts/refactor-session-end branch from 04876f3 to a06dd8d Compare June 7, 2025 01:30
@BeryJu
fix missing createTimestamp and modifyTimestamp ldap attributes
85548b8 
closes #10474

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu merged commit 88fa7e3 into main Jun 10, 2025
100 of 101 checks passed
@BeryJu BeryJu deleted the outposts/refactor-session-end branch June 10, 2025 10:11
kensternberg-authentik added a commit that referenced this pull request Jun 10, 2025
@kensternberg-authentik
Merge branch 'main' into web/streamline/slugs
053420a 
* main: (21 commits)
  web/admin: fix language in certificate import  (#14953)
  website/integrations: add new categories and update sidebar info (#14995)
  brands: fix custom_css being escaped (#14994)
  web/admin: show selected policy engine mode on bindings pages, allow setting it on sources (#12963)
  website/integrations: add bitwarden (#14922)
  core: bump goauthentik.io/api/v3 from 3.2025061.1 to 3.2025061.2 (#14986)
  website: bump @types/node from 22.15.30 to 24.0.0 in /website (#14988)
  website: bump the eslint group in /website with 3 updates (#14987)
  web: bump the eslint group across 2 directories with 3 updates (#14991)
  website/integrations: fix typos, update language and styling (#14978)
  website/integrations: add 1password (#14815)
  website/integrations: add nextcloud ldap config and update doc to new styling (#14866)
  outposts: Refactor session end signal and add LDAP support (#14539)
  core: bump cryptography from 45.0.3 to 45.0.4 (#14989)
  core: bump goauthentik/fips-python from 3.13.3-slim-bookworm-fips to 3.13.4-slim-bookworm-fips (#14990)
  web: bump API Client version (#14985)
  core, web: update translations (#14984)
  events: rework metrics endpoint (#14934)
  website/integrations: replaces all kbd and em tags (#14980)
  internal/outpost: fix incorrect usage of golang SHA API (#14981)
  ...
cavefire pushed a commit to cavefire/authentik that referenced this pull request Jun 24, 2025
@BeryJu @cavefire
outposts: Refactor session end signal and add LDAP support (goauthent…
27d1c52 
…ik#14539)

* outpost: promote session end signal to non-provider specific

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement server-side logout in ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix previous import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use better retry logic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* log

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make more generic if we switch from ws to something else

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it possible to e2e test WS

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap session id

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok I actually need to go to bed this took me an hour to fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format; add ldap test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix leftover state

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove thread

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use ws base for radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* separate test utils

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing super calls

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* websocket tests with browser 🎉

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add proxy test for sign out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix install_id issue with channels tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy basic auth test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* big code dedupe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow passing go build args

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve waiting for outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rewrite ldap tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok actually fix the tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* undo a couple things that need more time to cook

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix session id for ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing createTimestamp and modifyTimestamp ldap attributes

closes goauthentik#10474

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add partial Support for 389-DS

1 participant

@BeryJu