-
-
Notifications
You must be signed in to change notification settings - Fork 571
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Webfinger (RFC 7033) #5440
Comments
Hello everyone, Thank you for raising this as an issue, I am unsure how helpful this is for you but I had issues setting up Tailscale so I have made a bodge attempt to work around this and it worked The Challenge: Implemented Integration: Here's a snippet of the code illustrating the integration, which leverages Python's http.server module:
Acknowledging Solution Scope: Before we proceed further, I want to acknowledge that while this workaround effectively solves the challenge some face, it may not be universally applicable to all systems and use cases. However, based on my personal experience, this solution has proven to be effective. Request for Official Integration: Your insights, feedback, and suggestions on my workaround would be invaluable as I am new to SSO/IDP development |
This would also require some way to select which Provider should be used for the issuer URL |
We'll probably add this once we add full tenancy support and allow configuring this on a per tenant setting |
Hi, |
I wonder if it would be better as a per-brand setting. (Note: current tenants are being renamed into brands). That way a single tenant can still have multiple webfinger endpoints |
Hi - I'm just curious about the status of this as Authentik is listed on Tailscale as an official Integration. Edit: Never mind, I tried Tailscale's WebFinger Tool and pointed it to my Authentik instance and it came up with a 404. @billyprice1 - where did you place that file? |
The snippet that @billyprice1 graciously provided is a simple python http server with one endpoint - To serve this endpoint it would be probably be easiest to use a reverse proxy like nginx or Caddy A sample Caddyfile (please keep in mind this should be modified to server other traffic): :443 {
handle /.well-known/webfinger {
#This should point to the port that the Python script is running on, default is 8000
reverse_proxy localhost:8000
}
# Other reverse proxies go here
handle {
reverse_proxy other_backend_servers
}
} You can run every part of this in If you have nothing else on the domain you want to server the webfinger at then you might as well run the python script in the background: python3 ./path/to/the/script |
Hi |
Is your feature request related to a problem? Please describe.
Currently it's not possible to implement a custom provider for tailscale due to the requirement of having the web finger endpoint https://tailscale.com/kb/1240/sso-custom-oidc/ at
https://${domain}/.well-known/webfinger
Describe the solution you'd like
I'd like for the Webfinger endpoint to be implemented as per rfc7033
Describe alternatives you've considered
None, as the endpoint is needed to configure tailscale
Additional context
None
The text was updated successfully, but these errors were encountered: