Skip to main content

Release 2022.9

Breaking changes

  • WORKERS environment variable has been renamed to match other config options, see Configuration

New features

  • UI for Duo device Import

    Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices.

  • Duo Admin API integration

    When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info here.

API Changes

What's New


POST /stages/authenticator/duo/{stage_uuid}/import_device_manual/
POST /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/

What's Deleted


POST /stages/authenticator/duo/{stage_uuid}/import_devices/

What's Changed


GET /stages/authenticator/duo/{stage_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property admin_integration_key (string)
PUT /stages/authenticator/duo/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property admin_integration_key (string)

  • Added property admin_secret_key (string)

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property admin_integration_key (string)
PATCH /stages/authenticator/duo/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property admin_integration_key (string)

  • Added property admin_secret_key (string)

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property admin_integration_key (string)
GET /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Added 'xak-flow-error' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property pending_user (string)

    • Property pending_user_avatar (string)

    • Property request_id (string)

    • Property error (string)

    • Property traceback (string)

POST /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Added 'xak-flow-error' component:

    • Property type (string)

      Enum values:

      • native
      • shell
      • redirect
    • Property flow_info (object)

      Contextual flow information for a challenge

      • Property title (string)

      • Property background (string)

      • Property cancel_url (string)

      • Property layout (string)

        Enum values:

        • stacked
        • content_left
        • content_right
        • sidebar_left
        • sidebar_right
    • Property component (string)

    • Property response_errors (object)

    • Property pending_user (string)

    • Property pending_user_avatar (string)

    • Property request_id (string)

    • Property error (string)

    • Property traceback (string)

POST /stages/authenticator/duo/
Request:

Changed content type : application/json

  • Added property admin_integration_key (string)

  • Added property admin_secret_key (string)

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property admin_integration_key (string)
GET /stages/authenticator/duo/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > AuthenticatorDuoStage Serializer

      • Added property admin_integration_key (string)

Minor changes/fixes

  • *: cleanup stray print calls
  • *: remove remaining default creation code in squashed migrations
  • blueprint: fix EntryInvalidError not being handled in tasks
  • blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
  • blueprints: don't export events by default and exclude anonymous user
  • blueprints: OCI registry support (#3500)
  • blueprints: use correct log level when re-logging import validation logs
  • core: fix custom favicon not being set correctly on load
  • core: improve error template (#3521)
  • crypto: add command to import certificates
  • events: fix MonitoredTasks' save_on_success not behaving as expected
  • events: reset task info when not saving on success
  • events: save event to test notification transport
  • flows: fix incorrect diagram for policies bound to flows
  • flows: migrate FlowExecutor error handler to native challenge instead of shell
  • internal: fix outposts not logging flow execution errors correctly
  • internal: optimise outpost's flow executor to use less requests
  • internal: use config system for workers/threads, document the settings (#3626)
  • outposts: fix oauth state when using signature routing (#3616)
  • outposts/proxy: fix redirect path when external host is a subdirectory (#3628)
  • providers/oauth2: add x5c (#3556)
  • providers/proxy: fix routing based on signature in traefik and caddy
  • root: make redis persistent in docker-compose
  • root: reuse custom log helper from config and cleanup duplicate functions
  • root: shorten outpost docker healthcheck intervals
  • sources/ldap: start_tls before binding but without reading server info
  • sources/oauth: use GitHub's dedicated email API when no public email address is configured
  • sources/oauth: use UPN for username with azure AD source
  • stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
  • stages/authenticator_duo: improved import (#3601)
  • stages/consent: default to expiring consent instead of always_require
  • tenants: handle all errors in default_locale
  • web: fix checkbox styling on applications form
  • web: fix scrolling in modals in low-height views (#3596)
  • web: use mermaidjs (#3623)
  • web/admin: enable blueprint instances by default
  • web/flows: fix ak-locale prompt being rendered without name attribute
  • web/flows: update flow background
  • web/user: justify content on user settings page on desktop

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.9 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
repository: ghcr.io/goauthentik/server
tag: 2022.9.1