Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add Authentik #72

Merged
merged 4 commits into from
Sep 11, 2024
Merged

feat: add Authentik #72

merged 4 commits into from
Sep 11, 2024

Conversation

MJZLOTR
Copy link
Contributor

@MJZLOTR MJZLOTR commented Aug 13, 2024

No description provided.

@MJZLOTR MJZLOTR linked an issue Aug 13, 2024 that may be closed by this pull request
blueprint: federation authentik/iam #29
Closed
@MJZLOTR MJZLOTR requested a review from akyriako August 13, 2024 12:16
@akyriako akyriako force-pushed the 29-blueprint-federation-authentikiam branch from 429c65e to 2b198f4 Compare August 14, 2024 06:28
akyriako
akyriako reviewed Aug 14, 2024
View reviewed changes
Copy link
Member

@akyriako akyriako left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

conversion rules in 3_authentik-as-identity-provider-iam.md are assuming github_groups. shouldn't be two different cases, one for federation and one for using plain authentik users?

akyriako
akyriako requested changes Aug 14, 2024
View reviewed changes
Copy link
Member

@akyriako akyriako left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you need to describe in 3_authentik-as-identity-provider-iam.md how/where is he going to get thejwks_uri value in authentik

akyriako
akyriako requested changes Aug 14, 2024
View reviewed changes
Copy link
Member

@akyriako akyriako left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adjust conversion rules for authentik users to inherit groups , aka "groups": "{1]"

@MJZLOTR
Copy link
Contributor Author

MJZLOTR commented Aug 14, 2024

Add conversion rules to booth documents

@MJZLOTR
Copy link
Contributor Author

MJZLOTR commented Aug 14, 2024

add screen shot of url page and box out urls

@akyriako
Copy link
Member

akyriako commented Aug 15, 2024
edited by MJZLOTR
Loading

identity-federation-github: TBD

  • Configuring Authentik: Link to user with identical email address or with identical user name?
    write as note to their options based on their requirements
  • Step 2: Modifying Enrollment flow: I cannot find Stage default-user-settings-write
    firstly state this is only needed if you want to add group/ to select with user type
  • Step 2: Modifying Enrollment flow: Is that necessary? The external user was created anyway! (related with previous)
  • Checking GitHub Organization Membership: That should not be optional, it poses a big security threat unless they want to offer a B2C Auth for a SaaS scenario of their own, but in our OTC-Federation case should be strictly prohibited.
    add causion/risk that without this policy tennant is open to the public - remove optional flag
    tip create oauth github app either in organization or give this oauth app access in the organization oauth section

@akyriako akyriako merged commit 1add5a2 into main Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akyriako akyriako akyriako approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

blueprint: federation authentik/iam
3 participants
@MJZLOTR @akyriako @mjztsystem