Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

providers/saml: fix ecdsa support #9537

Merged
merged 4 commits into from
May 2, 2024
Merged

providers/saml: fix ecdsa support #9537

merged 4 commits into from
May 2, 2024

Conversation

BeryJu
Copy link
Member

@BeryJu BeryJu commented May 1, 2024

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

BeryJu added 3 commits May 1, 2024 17:46
@BeryJu
crypto: add option to select which alg to use to generate
88bd894 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix missing ecdsa options for XML signing
c47e0c0 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
bump xml libraries and remove disclaimer
a804da9 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested review from a team as code owners May 1, 2024 18:19
@netlify Netlify
Copy link

netlify bot commented May 1, 2024
edited

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit c3eb126
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/663292ef73938e00085b20dd

@netlify Netlify
Copy link

netlify bot commented May 1, 2024
edited

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit c3eb126
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/663292ef6647ee000815e96b

@BeryJu
lock djangoframework
c3eb126 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@codecov Codecov
Copy link

codecov bot commented May 1, 2024
edited

Codecov Report

Attention: Patch coverage is 97.82609% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 92.45%. Comparing base (d2b8bd3) to head (c3eb126).

Files Patch % Lines
authentik/crypto/builder.py 91.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9537      +/-   ##
==========================================
- Coverage   92.45%   92.45%   -0.01%     
==========================================
  Files         669      669              
  Lines       32712    32742      +30     
==========================================
+ Hits        30245    30272      +27     
- Misses       2467     2470       +3
Flag Coverage Δ
e2e 50.63% <58.69%> (-0.02%) ⬇️
integration 25.99% <39.13%> (+<0.01%) ⬆️
unit 89.75% <97.82%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-c3eb126c3d4a2639c566723187a9c84d95803f27
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-c3eb126c3d4a2639c566723187a9c84d95803f27-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-c3eb126c3d4a2639c566723187a9c84d95803f27

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-c3eb126c3d4a2639c566723187a9c84d95803f27-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit e33ca93 into main May 2, 2024
68 checks passed
@BeryJu BeryJu deleted the providers/saml/fix-ecdsa-support branch May 2, 2024 13:18
@BeryJu
Copy link
Member Author

BeryJu commented May 2, 2024

/cherry-pick version-2024.4

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request May 2, 2024
@BeryJu
providers/saml: fix ecdsa support (#9537)
978368f 
* crypto: add option to select which alg to use to generate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing ecdsa options for XML signing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump xml libraries and remove disclaimer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lock djangoframework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request May 2, 2024
Merged
This was referenced May 2, 2024
Closed
Closed
BeryJu added a commit that referenced this pull request May 2, 2024
@gcp-cherry-pick-bot @BeryJu
providers/saml: fix ecdsa support (cherry-pick #9537) (#9544)
2900f01 
* providers/saml: fix ecdsa support (#9537)

* crypto: add option to select which alg to use to generate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing ecdsa options for XML signing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump xml libraries and remove disclaimer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lock djangoframework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump api client

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
kensternberg-authentik added a commit that referenced this pull request May 2, 2024
@kensternberg-authentik
Merge branch 'main' into web/enhance/search-select
3e5c484 
* main:
  web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
  web: bump ejs from 3.1.9 to 3.1.10 in /tests/wdio (#9542)
  web: bump API Client version (#9543)
  providers/saml: fix ecdsa support (#9537)
  website/integrations: nextcloud: connect to existing user (#9155)
kensternberg-authentik added a commit that referenced this pull request May 3, 2024
@kensternberg-authentik
Merge branch 'main' into dev
9acebec 
* main:
  web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
  web: bump ejs from 3.1.9 to 3.1.10 in /tests/wdio (#9542)
  web: bump API Client version (#9543)
  providers/saml: fix ecdsa support (#9537)
  website/integrations: nextcloud: connect to existing user (#9155)
kensternberg-authentik added a commit that referenced this pull request May 6, 2024
@kensternberg-authentik
Merge branch 'dev' into web/revision/more-dual-select-uses
a7b321d 
* dev: (83 commits)
  website/docs: fix openssl rand commands (#9554)
  web: bump @sentry/browser from 7.112.2 to 7.113.0 in /web in the sentry group (#9549)
  core, web: update translations (#9548)
  core: bump goauthentik.io/api/v3 from 3.2024041.1 to 3.2024041.2 (#9551)
  core: bump django-model-utils from 4.5.0 to 4.5.1 (#9550)
  providers/scim: fix time_limit not set correctly (#9546)
  web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
  web: bump ejs from 3.1.9 to 3.1.10 in /tests/wdio (#9542)
  web: bump API Client version (#9543)
  providers/saml: fix ecdsa support (#9537)
  website/integrations: nextcloud: connect to existing user (#9155)
  stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#9535)
  web: bump the rollup group across 1 directory with 3 updates (#9532)
  website/developer-docs: Add note for custom YAML tags in an IDE (#9528)
  lifecycle: close database connection after migrating (#9516)
  web: bump the babel group in /web with 3 updates (#9520)
  core: bump node from 21 to 22 (#9521)
  web: bump @codemirror/lang-python from 6.1.5 to 6.1.6 in /web (#9523)
  providers/rac: bump guacd to 1.5.5 (#9514)
  core: only prefetch related objects when required (#9476)
  ...
kensternberg-authentik added a commit that referenced this pull request May 6, 2024
@kensternberg-authentik
Merge branch 'web/revision/more-dual-select-uses' into web/revision/m…
e6b0088 
…ore-dual-select-uses-2

* web/revision/more-dual-select-uses: (83 commits)
  website/docs: fix openssl rand commands (#9554)
  web: bump @sentry/browser from 7.112.2 to 7.113.0 in /web in the sentry group (#9549)
  core, web: update translations (#9548)
  core: bump goauthentik.io/api/v3 from 3.2024041.1 to 3.2024041.2 (#9551)
  core: bump django-model-utils from 4.5.0 to 4.5.1 (#9550)
  providers/scim: fix time_limit not set correctly (#9546)
  web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
  web: bump ejs from 3.1.9 to 3.1.10 in /tests/wdio (#9542)
  web: bump API Client version (#9543)
  providers/saml: fix ecdsa support (#9537)
  website/integrations: nextcloud: connect to existing user (#9155)
  stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#9535)
  web: bump the rollup group across 1 directory with 3 updates (#9532)
  website/developer-docs: Add note for custom YAML tags in an IDE (#9528)
  lifecycle: close database connection after migrating (#9516)
  web: bump the babel group in /web with 3 updates (#9520)
  core: bump node from 21 to 22 (#9521)
  web: bump @codemirror/lang-python from 6.1.5 to 6.1.6 in /web (#9523)
  providers/rac: bump guacd to 1.5.5 (#9514)
  core: only prefetch related objects when required (#9476)
  ...
kensternberg-authentik added a commit that referenced this pull request May 6, 2024
@kensternberg-authentik
Merge branch 'dev' into web/enhance/better-empty-app-search
7cb0cd4 
* dev: (83 commits)
  website/docs: fix openssl rand commands (#9554)
  web: bump @sentry/browser from 7.112.2 to 7.113.0 in /web in the sentry group (#9549)
  core, web: update translations (#9548)
  core: bump goauthentik.io/api/v3 from 3.2024041.1 to 3.2024041.2 (#9551)
  core: bump django-model-utils from 4.5.0 to 4.5.1 (#9550)
  providers/scim: fix time_limit not set correctly (#9546)
  web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
  web: bump ejs from 3.1.9 to 3.1.10 in /tests/wdio (#9542)
  web: bump API Client version (#9543)
  providers/saml: fix ecdsa support (#9537)
  website/integrations: nextcloud: connect to existing user (#9155)
  stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#9535)
  web: bump the rollup group across 1 directory with 3 updates (#9532)
  website/developer-docs: Add note for custom YAML tags in an IDE (#9528)
  lifecycle: close database connection after migrating (#9516)
  web: bump the babel group in /web with 3 updates (#9520)
  core: bump node from 21 to 22 (#9521)
  web: bump @codemirror/lang-python from 6.1.5 to 6.1.6 in /web (#9523)
  providers/rac: bump guacd to 1.5.5 (#9514)
  core: only prefetch related objects when required (#9476)
  ...
@BeryJu BeryJu mentioned this pull request May 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@BeryJu