Commit graph

197 commits

Author SHA1 Message Date
Firstyear 82a883089f
Allow versioning of server configs ()
This allows our server configuration to be versioned, in preparation
for a change related to the proxy protocol additions.
2025-04-02 02:44:19 +00:00
Peter Todd Decker ("Todd") 638904f12c
Update developer_ethics.md () 2025-03-22 01:58:54 +00:00
Jeff Scrum e1b9063b99
Update examples.md ()
fix command in OAuth2 Proxy example
2025-03-21 23:18:16 +00:00
Jinna Kiisuo 1e91f244a2
packaging: Add kanidmd deb package, update documentation ()
* packaging: Use cargo-deb multiarch support

This allows building all platforms from one definition,
assuming the --multiarch=foreign flag is used.

* packaging: Use correct path naming for unixd service files

While cargo-deb works around the mistake, better to name them as per the
rules: https://github.com/kornelski/cargo-deb/blob/main/systemd.md#systemd-unit-file-naming

* docs: Update book chapter on Debian packaging

* packaging: Shift Debian builds to a separate build profile

* packaging: Add deb for kanidmd
2025-03-18 12:10:42 +10:00
Jason d6549077fb
Update Traefik config example to remove invalid label ()
Remove non-existent traefik label config
2025-03-13 04:36:02 +00:00
Firstyear 2c5ce227ae
Add uid/gid allocation table () 2025-03-11 06:42:08 +00:00
Tshepang Mbambo 7b2bd38ab2
book: fix english ()
* fix Python docs wording

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-03-04 21:16:00 +00:00
Firstyear 775dd520cb
Correct paths with Kanidm Tools Container () 2025-03-04 14:52:30 +10:00
Firstyear e98d60a962
Use lld by default on linux ()
* Use lld by default on linux

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-02-28 08:30:59 +00:00
Firstyear b6ffb31e4a
Fix incorrect credential generation in radius docs () 2025-02-26 12:03:10 +10:00
micolous 3edee485dd
address webfinger doc feedbacks () 2025-02-25 02:53:53 +00:00
micolous de506a5f53
Rewrite WebFinger docs () 2025-02-19 12:26:15 +10:00
micolous 7f3b1f2580
doc: fix formatting of URL table, remove Caddyfile instructions ()
There are many web servers, and this breaks the flow of the rest of the table.
2025-02-19 11:18:58 +10:00
Alex Martens 9bf17c4846
book: add OAuth2 Proxy example () 2025-02-16 05:14:47 +00:00
Firstyear d0b0b163fd
Book fixes () 2025-02-15 16:01:44 +10:00
CEbbinghaus ccde675cd2
feat: Added webfinger implementation ()
Adds WebFinger endpoints to every oauth2 client

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-02-10 06:10:12 +00:00
James Hodgkinson c89f0c011e
20250209 pre release ()
* fix: removing unused dependencies (assert_cmd, gethostname)
* chore: Release Notes
2025-02-09 10:06:01 +00:00
CEbbinghaus 7a9bb9eac2
Feat: Allowing spn query with non-spn structured data in LDAP ()
* Added Botch for fixing spn query

* Got Invalid filter working. spn can now be searched on

* Addressed review comments

* Resolved Invalid filter correctly for no index

* Cleaned comments and added tests (still 1 failing)

* Added comments and fixed unit test

* Formatting

* Made Clippy Happy
2025-02-08 06:37:28 +00:00
James Hodgkinson 3b3c029e30
- RADIUS Startup fixin's ()
* fix: outdated poetry.toml entries
* fix: better handling errors on startup in radius_entrypoint
* fix: radiusd eap config, removing dh_file per error message in freeradius startup
* fix: updating docs to be a little clearer and reflect new config
* fix: fixing up handling dhparam, trying to throw better errors
* fix: unified how the config path is found in pykanidm radius, new default config path

---------

Co-authored-by: Firstyear <william@blackhats.net.au>
2025-02-04 09:30:25 +00:00
Fabian Kammel 1453ba5d74
extend oauth2 examples with gitea ()
* extend oauth2 examples with gitea
* add myself to contributors

---------

Signed-off-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-01-29 05:41:03 +00:00
CEbbinghaus 12532ee32d
Book: Added small section on primary cred fallback () 2025-01-21 09:45:06 +00:00
Georg dd1d148543
Repair systemd reload notifications ()
In order for the RELOAD and the subsequent READY notifications to be
correctly processed, the RELOAD notification must be accompanied with a
MONOTONIC_USEC one.
2025-01-17 15:17:58 +10:00
Firstyear e7d91ed55d
20250110 eo fixes ()
While preparing for everything open, I found a small number of doc/book issues, some logging issues, and some minor performance wins. This pr is just small bits of various polish around the place.
2025-01-12 03:53:31 +00:00
Firstyear 1a29aa7301
Add ssh_publickeys as a claim for oauth2 ()
Allow ssh_publickeys to be exposed as a claim for oauth2 and oidc
applications so that they can consume these keys for various uses.
An example could be something like gitlab which can then associate
the public keys with the users account.
2025-01-08 08:21:28 +00:00
James Hodgkinson b6f63f3605
kanidm-unixd example config enfixening ()
* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes 

* fix(coverage): moving to using cargo-tarpaulin

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes 
2024-12-21 15:17:12 +10:00
Be c6432cad83
book: explain how to use fido-mds-tool ()
explain how to use fido-mds-tool  to configure Webauthn attestation
2024-12-20 03:18:52 +00:00
Peter Lehmann ac3cf1f363
grafana: update example to work with strict redirect uri checking () 2024-12-02 05:40:01 +00:00
James Hodgkinson c1ed939c28
Allow OAuth2 loopback redirects if the path matches () 2024-11-30 05:40:05 +00:00
George Wu 974fec1d93
s/idm_people_self_write_mail/idm_people_self_mail_write/g () 2024-11-30 09:13:34 +10:00
micolous fa77076a95
owncloud: Add SameSite=Lax config for cross-domain auth () 2024-11-28 17:44:12 +10:00
George Wu 155225c0f9
Add docs on customising Kanidm. ()
* Add docs on customising Kanidm.

* Add more info about images that can be used.

* s/set-display-name/set-displayname/g
2024-11-19 01:37:44 +00:00
CEbbinghaus 1b58e4169a
chore: Made oauth2 scopes required in CLI () 2024-11-01 01:59:27 +00:00
micolous cc7530aa65
More "choosing a domain" revision ()
* More "choosing a domain" revision:

* Link to the domain rename process
* Add some hyphens to make things easier to read
* Move the OAuth 2.0 domain sharing guidance into the origin section
* Add DNS -> IP as a potential issue
* Discourage requesting public suffix list inclusion as a workaround

* Add "own hostname" section
2024-10-30 01:48:46 +00:00
George Wu d2c329f330
Change to text input and use numeric mode for TOTP prompts. ()
* Change to text input and use inputmode numeric for TOTP prompts.

* Fix some typos.
2024-10-27 23:57:28 +00:00
Firstyear a76a0f5a6e
Begin 1.5.0 Development Cycle () 2024-10-27 01:53:24 +00:00
Firstyear 2e6d940691
Remove WASM ()
liberal party took over, more cuts
2024-10-26 17:19:13 +10:00
micolous 5c9eb87a75
Rewrite "choosing a domain", add other considerations ()
Co-authored-by: Firstyear <william@blackhats.net.au>
2024-10-26 05:31:01 +00:00
James Hodgkinson 5a709520dc
OAuth2 Device flow foundations () 2024-10-26 12:08:48 +10:00
Firstyear 4c2eeeb135
Update docs, improve locking () 2024-10-25 09:42:52 +10:00
Matthew Wilks e530cde361
Diagram Improvements in Book ()
* Bump mermaid to 11.3.0
* Mermaid theme changes based on mdbook theme
* Replace old use cases diagram with mermaid one
* Change out ASCII git art with mermaid git graph
* Remove old theme.css file from book
2024-10-19 23:46:29 +00:00
Jinna Kiisuo 99a799d72a
docs: Update kanidm_ppa instructions for new repo logic ()
Anyone that had the alpha version of the kanidm_ppa repo in use
will need to follow the guidance under "Installing stable on top of nightly"
to migrate.
2024-10-18 01:17:21 +00:00
Firstyear 2075125439
Working scim entry get for person () 2024-10-15 04:29:45 +00:00
Jinna Kiisuo 03645c8bf2
Improve deb packaging, add aarch64 ()
* feat: Rebuild the deb packaging flow
fix: Add more sudo, GHA likes sudo
fix: Give build_debs.sh only the triplet argument
fix: Work around more GHA weirdness in apt sources
Drop crossbuild as it was only used by debian packaging
docs: Update book and other docs for packaging flow
feat: package kanidm_tools aka kanidm cli
docs: Update packaging docs for latest process and clarity
fix: use full triple in sdynlib variants
fix: Correct kanidm.pam asset placement
fix: Give pam & nss modules a description so the debs get it
fix: Work around wonky libssl3 naming in Ubuntu 24.04
fix: Place kanidm bin correctly :3
feat: Pin all blame on @yaleman :3
WIP: Swap out the submodule reference. Still not the final one though.
refactor: Switch kanidm-pam & kanidm-nss to mandatory deps
While in theory unixd will start and run without them, it also won't do
anything useful.
fix: explicit depends for nss & pam libs without versions
We build the debs on the ubuntu24.04 GHA runner so automatic pins
versions that are too new for 22.04. Ideally we'd run cargo-deb also on
the target images but that'll have to be a future improvement.
* refactor: Switch nss_kanidm & pam_kanidm package naming closer to debian guidance
* feat: Attempt enabling unixd by default with secure defaults
* fix: Relax config permissions so the kanidm user can read
Also, update postinst config instructions
2024-10-15 02:27:48 +00:00
micolous 00ab55f2d6
Fix landing and redirect URLs for GitLab, add some useful links () 2024-10-03 05:12:40 +00:00
micolous c904af2966
Add example Outline config () 2024-10-03 04:31:17 +00:00
micolous 30a04f9b8b
Add instructions for unlinking Homebrew Rust on macOS () 2024-10-03 13:28:31 +10:00
Firstyear cf63c6b98b
Complete the implementation of the posix account cache ()
Allow caching and checking of shadow entries (passwords)
    Cache and serve system id's
    improve some security warnings
    prepare for multi-resolver
    Allow the kanidm provider to be not configured
    Allow group extension
2024-10-02 02:12:13 +00:00
micolous 983135e353
reformat oauth2 URL list, highlight legacy bits ()
Co-authored-by: Firstyear <william@blackhats.net.au>
2024-09-26 03:34:07 +00:00
micolous 400dfc7e5c
Add ownCloud example config () 2024-09-26 12:53:51 +10:00
micolous ace7d2781b
Add example config for JetBrains Hub / YouTrack () 2024-09-25 13:04:41 +10:00