Release 2022.9
Breaking changes
WORKERSenvironment variable has been renamed to match other config options, see Configuration
New features
UI for Duo device Import
Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices.
Duo Admin API integration
When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info here.
API Changes
What's New
POST /stages/authenticator/duo/{stage_uuid}/import_device_manual/
POST /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/
What's Deleted
POST /stages/authenticator/duo/{stage_uuid}/import_devices/
What's Changed
GET /stages/authenticator/duo/{stage_uuid}/
Return Type:
Changed response : 200 OK
Changed content type :
application/json- Added property
admin_integration_key(string)
- Added property
PUT /stages/authenticator/duo/{stage_uuid}/
Request:
Changed content type : application/json
Added property
admin_integration_key(string)Added property
admin_secret_key(string)
Return Type:
Changed response : 200 OK
Changed content type :
application/json- Added property
admin_integration_key(string)
- Added property
PATCH /stages/authenticator/duo/{stage_uuid}/
Request:
Changed content type : application/json
Added property
admin_integration_key(string)Added property
admin_secret_key(string)
Return Type:
Changed response : 200 OK
Changed content type :
application/json- Added property
admin_integration_key(string)
- Added property
GET /flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
Changed content type :
application/jsonAdded 'xak-flow-error' component:
Property
type(string)Enum values:
nativeshellredirect
Property
flow_info(object)Contextual flow information for a challenge
Property
title(string)Property
background(string)Property
cancel_url(string)Property
layout(string)Enum values:
stackedcontent_leftcontent_rightsidebar_leftsidebar_right
Property
component(string)Property
response_errors(object)Property
pending_user(string)Property
pending_user_avatar(string)Property
request_id(string)Property
error(string)Property
traceback(string)
POST /flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
Changed content type :
application/jsonAdded 'xak-flow-error' component:
Property
type(string)Enum values:
nativeshellredirect
Property
flow_info(object)Contextual flow information for a challenge
Property
title(string)Property
background(string)Property
cancel_url(string)Property
layout(string)Enum values:
stackedcontent_leftcontent_rightsidebar_leftsidebar_right
Property
component(string)Property
response_errors(object)Property
pending_user(string)Property
pending_user_avatar(string)Property
request_id(string)Property
error(string)Property
traceback(string)
POST /stages/authenticator/duo/
Request:
Changed content type : application/json
Added property
admin_integration_key(string)Added property
admin_secret_key(string)
Return Type:
Changed response : 201 Created
Changed content type :
application/json- Added property
admin_integration_key(string)
- Added property
GET /stages/authenticator/duo/
Return Type:
Changed response : 200 OK
Changed content type :
application/jsonChanged property
results(array)Changed items (object): > AuthenticatorDuoStage Serializer
- Added property
admin_integration_key(string)
- Added property
Minor changes/fixes
- *: cleanup stray print calls
- *: remove remaining default creation code in squashed migrations
- blueprint: fix EntryInvalidError not being handled in tasks
- blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
- blueprints: don't export events by default and exclude anonymous user
- blueprints: OCI registry support (#3500)
- blueprints: use correct log level when re-logging import validation logs
- core: fix custom favicon not being set correctly on load
- core: improve error template (#3521)
- crypto: add command to import certificates
- events: fix MonitoredTasks' save_on_success not behaving as expected
- events: reset task info when not saving on success
- events: save event to test notification transport
- flows: fix incorrect diagram for policies bound to flows
- flows: migrate FlowExecutor error handler to native challenge instead of shell
- internal: fix outposts not logging flow execution errors correctly
- internal: optimise outpost's flow executor to use less requests
- internal: use config system for workers/threads, document the settings (#3626)
- outposts: fix oauth state when using signature routing (#3616)
- outposts/proxy: fix redirect path when external host is a subdirectory (#3628)
- providers/oauth2: add x5c (#3556)
- providers/proxy: fix routing based on signature in traefik and caddy
- root: make redis persistent in docker-compose
- root: re-use custom log helper from config and cleanup duplicate functions
- root: shorten outpost docker healthcheck intervals
- sources/ldap: start_tls before binding but without reading server info
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
- sources/oauth: use UPN for username with azure AD source
- stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
- stages/authenticator_duo: improved import (#3601)
- stages/consent: default to expiring consent instead of always_require
- tenants: handle all errors in default_locale
- web: fix checkbox styling on applications form
- web: fix scrolling in modals in low-height views (#3596)
- web: use mermaidjs (#3623)
- web/admin: enable blueprint instances by default
- web/flows: fix ak-locale prompt being rendered without name attribute
- web/flows: update flow background
- web/user: justify content on user settings page on desktop
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.9 from here. Afterwards, simply run docker-compose up -d.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.9.1