Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

providers/radius: simple radius outpost #1796

Merged
merged 11 commits into from
Mar 20, 2023
Merged

providers/radius: simple radius outpost #1796

merged 11 commits into from
Mar 20, 2023

Conversation

BeryJu
Copy link
Member

@BeryJu BeryJu commented Nov 15, 2021
edited
Loading

A simple radius outpost that only supports username/password authentication (using the same flow executor as the ldap outpost), no support for CHAP as that would require reversible password storage, no support for TLS as there are multiple ways to implement that but none are supported by the current go library

@netlify
Copy link

netlify bot commented Nov 15, 2021

✔️ Deploy Preview for authentik ready!

🔨 Explore the source changes: 1ecb994

🔍 Inspect the deploy log: https://app.netlify.com/sites/authentik/deploys/619288d34f83ec0007a59ed9

😎 Browse the preview: https://deploy-preview-1796--authentik.netlify.app

@netlify
Copy link

netlify bot commented Nov 15, 2021
edited
Loading

Deploy Preview for authentik ready!

Name Link
🔨 Latest commit 173fae6
🔍 Latest deploy log https://app.netlify.com/sites/authentik/deploys/64187f8a7f58d30008577cdd
😎 Deploy Preview https://deploy-preview-1796--authentik.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@codecov
Copy link

codecov bot commented Nov 15, 2021
edited
Loading

Codecov Report

Patch coverage: 78.88% and project coverage change: -0.01 ⚠️

Comparison is base (84c2da8) 92.77% compared to head (02dde23) 92.75%.

❗ Current head 02dde23 differs from pull request most recent head 173fae6. Consider uploading reports for the commit 173fae6 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1796      +/-   ##
==========================================
- Coverage   92.77%   92.75%   -0.01%     
==========================================
  Files         501      505       +4     
  Lines       25617    25688      +71     
==========================================
+ Hits        23764    23825      +61     
- Misses       1853     1863      +10
Flag Coverage Δ
e2e 52.69% <74.65%> (-0.01%) ⬇️
integration 26.46% <28.17%> (+0.01%) ⬆️
unit 89.54% <78.88%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
authentik/providers/radius/controllers/docker.py 0.00% <0.00%> (ø)
...thentik/providers/radius/controllers/kubernetes.py 0.00% <0.00%> (ø)
authentik/root/settings.py 90.16% <ø> (ø)
authentik/providers/radius/models.py 95.66% <95.66%> (ø)
authentik/api/v3/urls.py 100.00% <100.00%> (ø)
authentik/outposts/api/outposts.py 86.75% <100.00%> (+0.17%) ⬆️
authentik/outposts/models.py 88.22% <100.00%> (+0.05%) ⬆️
authentik/providers/radius/api.py 100.00% <100.00%> (ø)

... and 5 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@BeryJu BeryJu force-pushed the master branch 3 times, most recently from 8c79a1a to 605ed94 Compare November 21, 2021 21:51
@BeryJu BeryJu force-pushed the master branch 4 times, most recently from ea3ce9b to b2d2e7c Compare November 23, 2021 20:19
samip5
samip5 reviewed Dec 2, 2021
View reviewed changes
authentik/providers/radius/models.py Outdated
)

client_networks = models.TextField(
default="0.0.0.0/0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that going to be both IPv6 and IPv4? or only IPv4?

@kylesferrazza kylesferrazza mentioned this pull request Jan 3, 2022
Closed
@BeryJu BeryJu closed this Mar 31, 2022
@BeryJu BeryJu deleted the outpost-radius-v2 branch March 31, 2022 20:31
@ferferga
Copy link

@BeryJu Care to explain why this has been closed? Was eagerly waiting for this :(

@BeryJu BeryJu restored the outpost-radius-v2 branch March 31, 2022 21:09
@BeryJu BeryJu reopened this Mar 31, 2022
@BeryJu
Copy link
Member Author

BeryJu commented Mar 31, 2022

@BeryJu Care to explain why this has been closed? Was eagerly waiting for this :(

I was just renaming some branches for cleanup, I forgot that closes the PR for it too.

Also this probably wont happen for a while since all radius implementations that use anything but the very basic features require access to unhashed passwords somewhere wihch I dont want to save.

@jflattery
Copy link

@BeryJu Pardon my ignorance, but isn't that the point behind FreeRADIUS' radcrypt?

@BeryJu BeryJu changed the title FreeRADIUS Outpost Simple Radius outpost Sep 3, 2022
@MrSuicideParrot
Copy link

@BeryJu could you share with us what is the status of the Radius outpost? What are the plans of authentik regarding it?

I've spend a week trying to configure freeradius and authentik with the ldap outpost for a VPN with DUO, and realized that working with ldap is two limiting. Even though you are only implementing clear text passwords, I think that it would be better than having to rely on the ldap outpost.

@cwildfoerster
Copy link

Would love to see radius support too.

@stale
Copy link

stale bot commented Mar 19, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status/wontfix This will not be worked on label Mar 19, 2023
@BeryJu
initial implementation
4e088fe 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu marked this pull request as ready for review March 20, 2023 10:39
@BeryJu BeryJu changed the title Simple Radius outpost providers/radius: simple radius outpost Mar 20, 2023
@stale stale bot removed the status/wontfix This will not be worked on label Mar 20, 2023
@BeryJu
cleanup
a132588 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add migrations
d9d87d7 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix web
d0e9365 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
minor fixes
f464961 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
use search-select
3c89814 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
update locale
9c9d45d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fixup
123487d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 20, 2023
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outpost-radius-v2-1679327525-4fd4a97
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outpost-radius-v2-1679327525-4fd4a97-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-outpost-radius-v2-1679327525-4fd4a97

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-outpost-radius-v2-1679327525-4fd4a97-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu
fix ip with port being sent to delegated ip
cf0e438 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add radius tests
d9c87dd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
update docs
173fae6 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu merged commit 3f5effb into main Mar 20, 2023
@BeryJu BeryJu deleted the outpost-radius-v2 branch March 20, 2023 15:54
@benedikt-bartscher benedikt-bartscher mentioned this pull request Mar 22, 2023
Closed
@BeryJu BeryJu added this to the Release 2023.4 milestone Mar 28, 2023
@BeryJu BeryJu self-assigned this Mar 28, 2023
@ekrekeler ekrekeler mentioned this pull request Jul 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samip5 samip5 samip5 left review comments

Assignees

@BeryJu BeryJu

Labels
None yet
Projects
None yet
Milestone
Release 2023.4
Development

Successfully merging this pull request may close these issues.
6 participants
@BeryJu @ferferga @jflattery @MrSuicideParrot @cwildfoerster @samip5