sources/kerberos: authenticate with the user's username instead of the first username in authentik #12497
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bugfix: previously attempted all passwords against the first user in Authentik. Now it matches the username. Signed-off-by: natural-hair <[email protected]>
✅ Deploy Preview for authentik-docs canceled.
|
✅ Deploy Preview for authentik-storybook canceled.
|
|
On PTO but we should also filter to potentially find users where the entered username is their principal (i.e. the identifier in the usersourceconnection) |
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
rissson
approved these changes
Jan 6, 2025
|
/cherry-pick version-2024.12 |
gcp-cherry-pick-bot bot
pushed a commit
that referenced
this pull request
Jan 6, 2025
…e first username in authentik (#12497) Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #12497 +/- ##
==========================================
- Coverage 92.76% 92.70% -0.06%
==========================================
Files 770 770
Lines 38873 38873
==========================================
- Hits 36059 36038 -21
- Misses 2814 2835 +21
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
BeryJu
pushed a commit
that referenced
this pull request
Jan 6, 2025
…e first username in authentik (cherry-pick #12497) (#12579) sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497) Co-authored-by: natural-hair <[email protected]> Co-authored-by: Marc 'risson' Schmitt <[email protected]>
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2025
* main: core: bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#12571) website: bump the docusaurus group in /website with 9 updates (#12569) core: bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#12572) core: bump ruff from 0.8.5 to 0.8.6 (#12573) ci: release: fix AWS cfn template permissions (#12576) translate: Updates for file web/xliff/en.xlf in fr (#12578) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#12577) sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497) website/integrations: Fix deprecated terraform ressource authentik_scope_mapping in docs (#12554) website/user-sources Fix Free IPA docs page (#12549) core: bump aws-cdk-lib from 2.173.4 to 2.174.0 (#12574) website/integrations: semaphore: fix formatting (#12567) website: bump aws-cdk from 2.173.4 to 2.174.0 in /website (#12570) website/integrations: Update Frappe Application index.md (#12527) website: add api reference docs to redirect file (#12551)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
bugfix: kerberos source authentication attempts all passwords against the first username in Authentik. Now it filters the Authentik user list with the user's username so that more than the first user can authenticate via kerberos source.
How you can tell if it works: check your kerberos server logs to confirm that the user's username is being used; create more than one user and try to log in with additional users.
Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)If applicable
make website)