Release 2022.9
Breaking changes
WORKERS
environment variable has been renamed to match other config options, see Configuration
New features
-
UI for Duo device Import
Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices.
-
Duo Admin API integration
When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info here.
API Changes
What's New
POST
/stages/authenticator/duo/{stage_uuid}/import_device_manual/
POST
/stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
What's Deleted
POST
/stages/authenticator/duo/{stage_uuid}/import_devices/
What's Changed
GET
/stages/authenticator/duo/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
admin_integration_key
(string)
- Added property
PUT
/stages/authenticator/duo/{stage_uuid}/
Request:
Changed content type : application/json
-
Added property
admin_integration_key
(string) -
Added property
admin_secret_key
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
admin_integration_key
(string)
- Added property
PATCH
/stages/authenticator/duo/{stage_uuid}/
Request:
Changed content type : application/json
-
Added property
admin_integration_key
(string) -
Added property
admin_secret_key
(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Added property
admin_integration_key
(string)
- Added property
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'xak-flow-error' component:
-
Property
type
(string)Enum values:
native
shell
redirect
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
title
(string) -
Property
background
(string) -
Property
cancel_url
(string) -
Property
layout
(string)Enum values:
stacked
content_left
content_right
sidebar_left
sidebar_right
-
-
Property
component
(string) -
Property
response_errors
(object) -
Property
pending_user
(string) -
Property
pending_user_avatar
(string) -
Property
request_id
(string) -
Property
error
(string) -
Property
traceback
(string)
-
POST
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Added 'xak-flow-error' component:
-
Property
type
(string)Enum values:
native
shell
redirect
-
Property
flow_info
(object)Contextual flow information for a challenge
-
Property
title
(string) -
Property
background
(string) -
Property
cancel_url
(string) -
Property
layout
(string)Enum values:
stacked
content_left
content_right
sidebar_left
sidebar_right
-
-
Property
component
(string) -
Property
response_errors
(object) -
Property
pending_user
(string) -
Property
pending_user_avatar
(string) -
Property
request_id
(string) -
Property
error
(string) -
Property
traceback
(string)
-
POST
/stages/authenticator/duo/
Request:
Changed content type : application/json
-
Added property
admin_integration_key
(string) -
Added property
admin_secret_key
(string)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Added property
admin_integration_key
(string)
- Added property
GET
/stages/authenticator/duo/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > AuthenticatorDuoStage Serializer
- Added property
admin_integration_key
(string)
- Added property
-
Minor changes/fixes
- *: cleanup stray print calls
- *: remove remaining default creation code in squashed migrations
- blueprint: fix EntryInvalidError not being handled in tasks
- blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
- blueprints: don't export events by default and exclude anonymous user
- blueprints: OCI registry support (#3500)
- blueprints: use correct log level when re-logging import validation logs
- core: fix custom favicon not being set correctly on load
- core: improve error template (#3521)
- crypto: add command to import certificates
- events: fix MonitoredTasks' save_on_success not behaving as expected
- events: reset task info when not saving on success
- events: save event to test notification transport
- flows: fix incorrect diagram for policies bound to flows
- flows: migrate FlowExecutor error handler to native challenge instead of shell
- internal: fix outposts not logging flow execution errors correctly
- internal: optimise outpost's flow executor to use less requests
- internal: use config system for workers/threads, document the settings (#3626)
- outposts: fix oauth state when using signature routing (#3616)
- outposts/proxy: fix redirect path when external host is a subdirectory (#3628)
- providers/oauth2: add x5c (#3556)
- providers/proxy: fix routing based on signature in traefik and caddy
- root: make redis persistent in docker-compose
- root: reuse custom log helper from config and cleanup duplicate functions
- root: shorten outpost docker healthcheck intervals
- sources/ldap: start_tls before binding but without reading server info
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
- sources/oauth: use UPN for username with azure AD source
- stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
- stages/authenticator_duo: improved import (#3601)
- stages/consent: default to expiring consent instead of always_require
- tenants: handle all errors in default_locale
- web: fix checkbox styling on applications form
- web: fix scrolling in modals in low-height views (#3596)
- web: use mermaidjs (#3623)
- web/admin: enable blueprint instances by default
- web/flows: fix ak-locale prompt being rendered without name attribute
- web/flows: update flow background
- web/user: justify content on user settings page on desktop
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.9 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.9.1