Skip to content

enterprise/stages/mtls: fix traefik certificate parsing#18607

Merged
BeryJu merged 3 commits intomainfrom
enterprise/stages/mtls/fix-traefik-parsing
Dec 5, 2025
Merged

enterprise/stages/mtls: fix traefik certificate parsing#18607
BeryJu merged 3 commits intomainfrom
enterprise/stages/mtls/fix-traefik-parsing

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Dec 4, 2025

closes #15189

@BeryJu
enterprise/stages/mtls: fix traefik certificate parsing
8be2624 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@netlify
Copy link

netlify bot commented Dec 4, 2025
edited
Loading

Deploy Preview for authentik-integrations canceled.

Name Link
🔨 Latest commit d0c394b
🔍 Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/69330ebcecdd7b0008dfb636

@netlify
Copy link

netlify bot commented Dec 4, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit d0c394b
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/69330ebcf1cde10007e0bbc7

@netlify
Copy link

netlify bot commented Dec 4, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit d0c394b
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/69330ebc7bf39a0008922fb0

@codecov
Copy link

codecov bot commented Dec 4, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.22%. Comparing base (d05ad44) to head (d0c394b).
⚠️ Report is 43 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #18607      +/-   ##
==========================================
- Coverage   93.24%   93.22%   -0.02%     
==========================================
  Files         932      933       +1     
  Lines       51095    51227     +132     
==========================================
+ Hits        47641    47755     +114     
- Misses       3454     3472      +18
Flag Coverage Δ
e2e 44.73% <33.33%> (-0.04%) ⬇️
integration 22.81% <30.30%> (+0.02%) ⬆️
unit 91.44% <100.00%> (-0.02%) ⬇️
unit-migrate 91.49% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

BeryJu added 2 commits December 5, 2025 17:52
@BeryJu
fix tests
281fcf1 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add links for relevant docs
d0c394b 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu marked this pull request as ready for review December 5, 2025 16:56
@BeryJu BeryJu requested a review from a team as a code owner December 5, 2025 16:56
@github-actions
Copy link
Contributor

github-actions bot commented Dec 5, 2025
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-d0c394b8dd98eb26f2a54088267f8af0e3913c59
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-d0c394b8dd98eb26f2a54088267f8af0e3913c59

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit 6d7249e into main Dec 5, 2025
98 checks passed
@BeryJu BeryJu deleted the enterprise/stages/mtls/fix-traefik-parsing branch December 5, 2025 18:06
This was referenced Dec 5, 2025
Closed
Closed
@BeryJu BeryJu added area:backend backport/version-2025.10 Add this label to PRs to backport changes to version-2025.10 labels Dec 6, 2025
authentik-automation bot pushed a commit that referenced this pull request Dec 6, 2025
@BeryJu @authentik-automation
Cherry-pick #18607 to version-2025.10 (with conflicts)
2f62fad 
This cherry-pick has conflicts that need manual resolution.

Original PR: #18607
Original commit: 6d7249e
@authentik-automation authentik-automation bot mentioned this pull request Dec 6, 2025
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Dec 6, 2025

⚠️ Cherry-pick to version-2025.10 has conflicts: #18645

BeryJu added a commit that referenced this pull request Dec 6, 2025
@authentik-automation @BeryJu
enterprise/stages/mtls: fix traefik certificate parsing (cherry-pick #…
c0e5ac3 
…18607 to version-2025.10) (#18645)

* Cherry-pick #18607 to version-2025.10 (with conflicts)

This cherry-pick has conflicts that need manual resolution.

Original PR: #18607
Original commit: 6d7249e

* resolve conflict

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
kensternberg-authentik added a commit that referenced this pull request Dec 11, 2025
@kensternberg-authentik
Merge branch 'main' into dev
2cd358d 
* main: (40 commits)
  enterprise/stages/mtls: fix traefik certificate parsing (#18607)
  wed/admin: change s to S in "Stage" (#18632)
  flows: refresh unauthenticated tabs (#18621)
  flows: keep ?next url when using cancel (#18619)
  core, web: update translations (#18620)
  ci: bump actions/setup-node from 6.0.0 to 6.1.0 (#18552)
  core: bump goauthentik/fips-debian from `cf233be` to `a80dbbd` (#18594)
  web: bump @sentry/browser from 10.28.0 to 10.29.0 in /web in the sentry group across 1 directory (#18623)
  website/docs: adds note about ak_create_jwt function (#18614)
  api: fix IPC auth (#18612)
  web: bump mermaid from 11.12.1 to 11.12.2 in /web (#18602)
  web: Codemirror fixes (#18610)
  web: bump packages in /web (#18604)
  website/docs: expressions: fix markdown (#18613)
  website/docs: add missing API sidebar entry (#18586)
  web: bump yaml from 2.8.1 to 2.8.2 in /web (#18605)
  web/elements: update AppIcon story with files change (#18608)
  api: test action decorator (#18583)
  crypto: separate permissions for certificate and private keydownload (#18588)
  core: bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#18592)
  ...
@elbandi
Copy link

elbandi commented Feb 11, 2026

After review the code: i think traefik base64 cert data are not quoted. if yes, the unquote_plus break the base64 pem format.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area:backend backport/version-2025.10 Add this label to PRs to backport changes to version-2025.10

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Traefik mtls client cert parse issue

2 participants

@BeryJu @elbandi