From afb99c5ede9bcac7a736dad1e259ccc24c1ce565 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Wed, 14 Aug 2024 18:38:24 +0200 Subject: [PATCH] providers/radius: property mapping docs (#10908) * migrate protocols to table Signed-off-by: Jens Langhammer * add radius property mapping example Signed-off-by: Jens Langhammer * Apply suggestions from code review Co-authored-by: Tana M Berry Signed-off-by: Jens L. * add to release notes Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- website/docs/outposts/index.mdx | 2 +- website/docs/providers/radius/index.md | 37 ----------- website/docs/providers/radius/index.mdx | 70 ++++++++++++++++++++ website/docs/providers/radius/protocols.png | Bin 15690 -> 0 bytes website/docs/releases/2023/v2023.4.md | 2 +- website/docs/releases/2024/v2024.8.md | 4 ++ 6 files changed, 76 insertions(+), 39 deletions(-) delete mode 100644 website/docs/providers/radius/index.md create mode 100644 website/docs/providers/radius/index.mdx delete mode 100644 website/docs/providers/radius/protocols.png diff --git a/website/docs/outposts/index.mdx b/website/docs/outposts/index.mdx index 269a9b7b863d..2f9dec851e3c 100644 --- a/website/docs/outposts/index.mdx +++ b/website/docs/outposts/index.mdx @@ -8,7 +8,7 @@ An outpost is required if you use any of the following types of providers with y - [LDAP Provider](../providers/ldap/index.md) - [Proxy Provider](../providers/proxy/index.md) -- [RADIUS Provider](../providers/radius/index.md) +- [RADIUS Provider](../providers/radius/index.mdx) - [RAC Provider](../providers/rac/index.md) These types of providers use an outpost for increased flexibility and speed. Instead of the provider logic being implemented in authentik Core, these providers use an outpost to handle the logic, which provides improved performance. diff --git a/website/docs/providers/radius/index.md b/website/docs/providers/radius/index.md deleted file mode 100644 index f7966ef2f387..000000000000 --- a/website/docs/providers/radius/index.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Radius Provider ---- - -You can configure a Radius Provider for applications that don't support any other protocols or require Radius. - -:::info -This provider requires the deployment of the [RADIUS Outpost](../../outposts/) -::: - -Currently, only authentication requests are supported. - -### Authentication flow - -Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. - -The following stages are supported: - -- [Identification](../../flow/stages/identification/index.md) -- [Password](../../flow/stages/password/index.md) -- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) - - Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. - - For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the code `123456`, the input must be `example-password;123456`. - - SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind. - -- [User Logout](../../flow/stages/user_logout.md) -- [User Login](../../flow/stages/user_login/index.md) -- [Deny](../../flow/stages/deny.md) - -### Limitations - -The RADIUS provider only supports the [PAP](https://en.wikipedia.org/wiki/Password_Authentication_Protocol) (Password Authentication Protocol) protocol: - -![](./protocols.png) diff --git a/website/docs/providers/radius/index.mdx b/website/docs/providers/radius/index.mdx new file mode 100644 index 000000000000..a8601371e8f9 --- /dev/null +++ b/website/docs/providers/radius/index.mdx @@ -0,0 +1,70 @@ +--- +title: RADIUS Provider +--- + +import { Check, X, AlertTriangle } from "react-feather"; + +You can configure a Radius provider for applications that don't support any other protocols or that require Radius. + +:::info +This provider requires the deployment of the [RADIUS outpost](../../outposts/) +::: + +Currently, only authentication requests are supported. + +### Authentication flow + +Authentication requests against the Radius Server use a flow in the background. This allows you to use the same flows, stages, and policies as you do for web-based logins. + +The following stages are supported: + +- [Identification](../../flow/stages/identification/index.md) +- [Password](../../flow/stages/password/index.md) +- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) + + Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators. + + For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the MFA token `123456`, the input must be `example-password;123456`. + + SMS-based authenticators are not supported because they require a code to be sent from authentik, which is not possible during the bind. + +- [User Logout](../../flow/stages/user_logout.md) +- [User Login](../../flow/stages/user_login/index.md) +- [Deny](../../flow/stages/deny.md) + +### RADIUS attributes + +Starting with authentik 2024.8, you can create RADIUS provider property mappings, which make it possible to add custom attributes to the RADIUS response packets. + +For example, to add the Cisco AV-Pair attribute, this snippet can be used: + +```python +define_attribute( + vendor_code=9, + vendor_name="Cisco", + attribute_name="AV-Pair", + attribute_code=1, + attribute_type="string", +) +packet["Cisco-AV-Pair"] = "shell:priv-lvl=15" +return packet +``` + +After creation, make sure to select the RADIUS property mapping in the RADIUS provider. + +### Limitations + +The RADIUS provider only supports the [PAP](https://en.wikipedia.org/wiki/Password_Authentication_Protocol) (Password Authentication Protocol) protocol: + +| | Clear-text | NT hash | MD5 hash | Salted MD5 hash | SHA1 hash | Salted SHA1 hash | Unix Crypt | +| ------------ | --------------- | --------------- | --------------- | --------------- | --------------- | ---------------- | --------------- | +| PAP | | | | | | | | +| CHAP | | | | | | | | +| Digest | | | | | | | | +| MS-CHAP | | | | | | | | +| PEAP | | | | | | | | +| EAP-MSCHAPv2 | | | | | | | | +| Cisco LEAP | | | | | | | | +| EAP-GTC | | | | | | | | +| EAP-MD5 | | | | | | | | +| EAP-PWD | | | | | | | | diff --git a/website/docs/providers/radius/protocols.png b/website/docs/providers/radius/protocols.png deleted file mode 100644 index 2a4a1b6fe2deaca24c9a2bd346604a6371230959..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15690 zcmdUWcU)81+OAVxv|KbJHUAw-+?%MSYV&5L{&HLI>eelnI*Na!(ckN>5hW>u@aR5W#wd;pn z`WJq>?EPtGfPfT+6Y3YPM_fT1=D#IcbMx|H^~2hd1v>j`Lh=rnj5j(iid}fY-Y+wM z`E6-f!rrb|SfTW5yN~eQyL|80f&tA#KXM~n`CM((;Ia<5q9Qw6yVbSUO08gpo}8}j zc0ap`%C#i*C7nZD%-2=2|D)=WA;xy8seyFH6YzoK#Z^^_2*6p#AKARuW^9;{WsWgl zvhvsgO=%Tf{TWY7RC4d<u*hnEy99rp1Fz3=B=Y&(zka1rAtor11aG`MXQ zv7lpcxwSDGZ^bydQ2E*^JMday;BV?(if}|*DrE|1O>eCuw23XX^evJ#TroGvRW>Q3 z78qg^m{-~AtynQsa@%SaLz)PiUe9nOC!9Hy;w4N`h2cNn<9|)#qYX4bS5hL!RSfsO zbeK7%FDH!+r9`KUk}3kok6M;Xx{ugY2?dC(lkc#R6V^&)e9C{FXb49&D%OS~z{urnI~L;1IT}U{>GImEr^D`1VCX;j#9u+6 zZ|YK=%8Hd?b3wsY?{=6=phO+oxi57)>k$0)Xq-V9a(Y+wK9rHiMfM16)YQ+1;8#U3 z4NkId(%A@o5o?6IX0_5G()OHHRVIq4LiM^S?QY$dI^&W%p7}cL=VT3k%ZlA0 z$k3(Whe{`_h_I(oLmPHys0sCx?)~J{p-E#tQ3`!Al!$wI<*5~HonE#o-u6h-4GAr% zTeKsA+4FZwwYN;5SW*BB=(mKL;$5gn(U-T<3kLcM^Y_OS&MBf|>pYY6EE~r+i^QnE z^Na3ooEx^4pLbhXk1MS!U3)EHmv9entL-&c_L!E@Q(X%lP~z%p+=9CG`j2PIcZ*QuuyiRcekJ68$oTgIYC5l zof?7&N4r#$Ej)JjdZ* z-*Z$;F-Sr5c^|B`E$hU0qxo<25gBZ>wqw>Q;{hL3Hx1vck5{@WzT^F<5teg#d>xKS zw0MD!npNO|r~1c_L}?>o^@B67!kZOd<0mYUPE!pQd#vlPzT+b$Nq3B1BAoQp8YyHy zj*9JFXqxU{Ey?exam&!`ee|g05yiIp7`8;4tdYOnuU4Plzr9FzubO-Ic3O!nV~8G( zvgGx1rTl~l&1u#{?A0tjpWGA5UwIU?=o{Ka7!x@Ep>=S>&P9kUl&Gum++DrZo(siC z){s&c?zNW0YHbw${+-ubj@x&?bAN*`McxoKJF*ho3)T=PY z`lTpu{~jp;Qm3cN#DZE?eyEcl1P$PE-cFQRx_U%o@SuMbPn&AHLNiyJ{$^8yVX%#8 zMKG=BySb5hwb8>@C%g?2HeFuA8S)B0k`)jB^3BN-p7#k;S3G}-s^lU)&v$=W`x|aJ zgbN;@jZX=b&o8Op-c4=eGDX@g_nuuPulk<%@ zJk=I^xL2f#%L>oan#q-Zh}X=R6A_Q+j~a}eC11!25CGVjQ3-3GfSu~f~> zDx)Mlt@Ef+m%3$SIJxayz2UBF)T}Bf8$=N2mU~DI@h^%hv3b z!94;7L|6#2AAjJ#sTGkl{=D014}(*8(dCSDSQ z*|@UML2k^2|Afd8)r`__Ly6cG+Yn33iug%4lYcG7>sqm+Vg*B}Z_0k0bn>WiM@VTN zjyv@J^O7AMlUW({%m!ypp7P|$ z_*ZY~YSHR6-`DL{T-sp2bH6q}7~dGNo*ej4*ZQgLJuXtSQ*l4qI!hia5mjGCyPHGf zf(yo3dj{qceR6m%@eK|rkcN_`U~1UtnNZTB^88mdH|x0?5%suIrT0UJlsF6EM{IoW zrf+|9W;Ji_K{$5I!-LE?4`6h&;!m>xOQ*j`oqhMZffd7T5F9ZBofNJin!c8nV%Pa&l?+_ipxq+-12Y6Y8Ei)jwFU zp^~jA{j2zAqt+941)Ys=AEicanx44z>BdBH|F^k@`){X>qPj0r7Hsa}pN^Mqwq1K* zz3eWw(SPYUHpYs>&SGmk7jtcvCNlTYO+HvWmLGog1|~zd)#FJP1G6;eLd%%~&?>^X zy+9A!x4KRm5#bMUlWjLXebb5)m4^&#t9&+RcMl)-U1{?Z>on>F|HV~x?yl(*CM#Rj z4OZqupmAutXHU;dSojM|7lzIMYDh;bMuy=vstyL;9EDh zBstE#8hX9O1t(9fOPNimy2X-~W^My8)U2~7u4+}eKM6(Jm|fQi1nY{fWfD6YN4RB( z&NbURyj~;z+9mv!$arOal;ydbkBwJfl2o66r+9o#V#sC6zu*JON_d*yv+Z~c8{Y?y zZ*y%8xJ40ty6#W5qvgcm`C~htvpa|c-@kY4R2e>V^_$%azwq+?9x3D2kY{Sr`M$n-zqE_eB%?YG!8RB1ed(J8D|ndIUeymbRfTH&VtV( zBuCAa9hH0+Z)+uU^D0qg!H*b=e@8@*+2P-3)P>}XiebtM)hY)fRLMd|UY|Ucv2=*k zY?#4|ul)F#8psVliY331BcjisBCTfYLvnI|!}D(+pfpfJ9Q=u03!H>b)DICPPY%zxJcsA9o~8Wn z%`_2-J=jqLL^$S`$6JD}XIz|ym2^PJ%r^~K8RQ8IZ(MyRkp6nq`H{OpxG>FN|5&?( zbL*Ofk6DLWZp%0VDruK2y+Y^FTT$iq8JQTwSf%p1IaB7M7L+IJr z)<>s4gx=r?pg4~8H|q08vcPfZOI<_|-qDi|8aOcDU_!`_S!v)n>x{3*ch0zRk=0=5 z^pPws_#@wNs+}f=K7Z{5p$%LY41OfoTCQ&8HUsv#^8L%LwRp1Px?las?XiF`?UF+z zn>&$lGX*Q>WtBrXG3zaa0Q;a-!lyJexItF)E(9XF=523RBv69JCO@tXKI}N^{IJN_)Vos4sSO@B_y|E-$eVCRD~>O2daVvV zyuUR)Su@JK9uk=^2Dc4!5b>g~=XulCqv!GG%w8}X&DZ8*=@UPaHN5@YvgcYy>hFFa zU3x3G*>esN=N$HK#+A{ldSk0Cdro=2)PvMn7Gh zO;sCGLAN^gLU-$tjwS?%lwhilIA6wO-4(+$tvfBnjZm{VYX?le%(NJ)m#MZtASoMn@xQqwwrwuj54qQ zS>14v9(Q=gq-O}CPX+WmxlS&>H!~r2N4?pv_Gc zcD&&vNZ1b`yUq?AI3lGgpXsB$(dNXOeJI|Z#x_m6Uo8?12JQKTOW9kjPuEVEM4zKo zthnZ!W3?1)fAjT`n<8{VkXt(|99lY1oMiVdAi*kUMgmynN3jVa z+F-U=fuRdp$z@fU9Yaumz5cM3PjpQ>U^V=jC7KKz0e05DR8;?nBkZ%?4y{Bgz+oYwwn z<}X3#BUxY_5@dcn4xmnjJoP4T#}ESHFAG4Z@$NMc?u7jSa&(~ZCBoEQN3)pcgyif4 zCwRW#=x4&wpH7fv8A|`A&lj`g&3L@bUT5a=0sVyYkW}l_mdIT{&j@2GtD71ybF1mD zuBX?jKH3%Ud;1Dv7VuZs1al+mfx^n__U`4lrd@pQ{-3*8;wMFqTvw0`uIi(e8Xd!C z1?$~ER=##RX(E)mO?!Wf0Gy+X;wa01&|DRYQ%lZMn?rKkhRvA|pG{lE3uVM+bBWDl zHR~u=U%j==`XQd9UzEq{D7Huhc`$FTv}TlqY(>GKVM0%1Bx^zeJ6Ai4yC@nQ!&RtQ zf|n$^uN5%n(k5%Jk`w%s!7klemRE&A#7oz}1V|m`njRX-1s#qD`Z0^YyJP$`g_VWz z3$-q`UH$lBl23bt+kg|934LH8#)Kj>PZ+}yG;L}l>gKYFT$+w9g1yrCD7NET#H1&l zF`ZbjodpYm8)7yeyKgWeUCBr6=<|u!DAe*8^a5kbfAUvmKn*nlHIz}Oa>~MYML51A zMlWU5@vbCUgYuz!s2WV-&_PuMhh4^$+k;tzr(Tw(oL;ER{GNxjyCgC2&V!cO#J)A^>8d#(jL|ut;y77Xm%E54${+m{^I@S*1s-s&M9?y5Fiz*9bf^Q85e29{g;?n-c~nq0x!8oc`W2d9_V&v<}^og z?2_ka@?l-wQ`W{dt`D%PGw;SP1B4cpz4=bTZp=-Xc@t=g>RA-uQ7q0uet3o%Sr9^m z0q)YZvjmxuM3y1K#Ic^603kqNjbyO`3yM4tn_#^GDGZN^#06A0p%Cx8fn zZt(zwV3FX-%Chc-7n%eJIRG$#oiZpD;#Df-Y!C*J`^<|WqD@f&?!v$Xw(M*j(c7bk zph{pre+)$F~VcU13;RDqD8 zR*yc3k}DWC%dE6w$b`NSoy|0bfX1tr@lvV#^p^8EezvCp-p({U9kkC3` zAAwtAmaJjk#LFXN-x`*g1sPh~N_mRPfgY6b=G3Lgc6u>?HGM%J&%h>_{f<1M&l1sf@BR*U@R1^#S|3a=St-@IH8+hcrz+79Js;wlQR>2EjTfnF$J~QH?54>U;pm>%*QcGzpdo?}e7M^}vSFNo>)j!0aF6kN-8q;*1f= zfd;H70?QwYBF9jo3UX?$y%X$RtaxPx1z;3$HrWL`7y>q4hzzhI@Xy=*13Wi;oCQ(< zhTQo`Gcz;ceNPfzfMgIeN3^u|27uAK8&@vwsEiBzd|y&ZISM-|r7XMkGdnQG#2-P6 zBz;@aa3vTLB^k&Sj+71$Kfz=NIc)3@3hE+aqXd|!#uOZ2ap!zoFa^VzHzUHJTLQo* zqQKgBSvUwNNWCHR62O9xA;zu`>w!Mvn1W^pSGeFAqma5`LMLgXq>ad@P0seHWPwjY z1wLh(z?Lik#{rU%iSg=e1GIfp+oXG&_E={5l<>5UD5VaiHaRdp?bOrYORr3=8#G)* zDa|QO`W?f<9KT8sSqu?2=?$$+Hf`KLP-pW8R2%%NIV%(jfm$!R+eiCWWBrP{kGpVO z?chvRpCmV_)33ohV2e->GF{ce zyDA9RE+LA(S34TnaftLnn9{ExgWWx-fXZ9GV)+%h{&GWCP-i(RX!zdm5mh!cLXlNO^vud=G`SgS_48fya;q4MiO2Jg6>p@h8Y>`&y?;K2PtKLryw16E3KD@TijN#Nc zL$xN9>wfH%zol29{I+$nf(VNcT;oSoX=&qBH$PR$`N_Dv4vJ9Zw=Cb>=pk=DUq5EB z_2J{7JFkz4AO&yn`zv#D`D!2O29;7V@~~+HtPP5JoOmv!&?4r(XVvBxLCL!gzgGOmh7&9D!D{?K45`@O=HFzMU$;s%O}1iqT= zyA&N+&}-?lT072gp>G#FPDjJ|NE%Byh4?A&JkNUBfNK7)y#%1-ilc$G%CCztdE zDzjZzpBpStB(N(fGXAK%Hp-E-4F@^@jnNoahNVhYI~jyICfl`w&$xp^`|O?9ez`Q# z^&>uM${eR4wlk6HD3Mcgs!Iz75g%7?d)z^_#F3x9;3k!)j`}Jo2lgIF)IQ5LGuK_4 z_YcH^IF?=AKC8{EYXLkjosZ$jtHOJjvWE~9id^-{tJAaSXt+X@-bk{kQ#nffK;q@H zB|D-r6}GE+s(rin4{ck(W;VXnCYN`{)d~vVm@!IpQ%{0jfB-lFH~^v^$YRL7 z_yQ*XFDQ~0zum`^tuIc>LspP9{Ru3HDUQUk8dmn7O1|B-OL!it1%RNo1{gty;N<&a zD42#7lOgRe!2dD!q3Nsfc<|gI2xXE-cL7q&7Cdd~So-P^r&fF7=rrx!Y+y=9Z8|X^ z3J@dWJvXs6wWRqA~#xRTupS#_~&G_rE&hcf`||j0fnb`@K75{?<2D z8zAexM@MKgmq@+>COwSD$NR>0^NDx{PsBW!d7Wps&0 z{@4phVoBKV&?vjFG|B=FL**$EWWsZzNRD2AVNy-f*!Z=kXWP&`D_T;QHgxSV7VOsB z>&N>8;Vsg|;PM%%GX2g$9m^Y98dkE(T~6Xj%JNy|u$iX4OeRm45yx&&GL3KHZXU%d z{gdM&dk8#a>N$>2lS`K9N^^VEqh+!Me=sQj0Bv3Fk`vUoygDWBJl3AG?1%-9jg4dA z(2nDhm%ZwLR}5u2)iiP-s$ezKs7$yuJ2ym-ko2et#YFC|`WMd;*h1J z0Qb?bVlpCDpvhu5`k}}J8*3Od6akoIjAr~vTm2KK0BQ`{*Z~Ov+#F}{x2)IOD|I+O zsSL?iv&#p*XfX)1ROHWxD>XFVLWzYdIY9bK0GbG1Ok;KpQwwpyMHHBvMGyExvI}pS zG07xrJH87vOm+xPIM1_&$+|^IyRifr3r?6gz(PNOpkR~`fd}6}#$iGqAqQs7S9j}7C1=G4(xJeC z`*U)uc(K~IR^7DswBB#GJ%a}OyrbcI3l5ccg7d^I(ti5OHFQFe4=)^)khY7%0plb**z|%hzSCLN7U(tVS)QFf{9dwEbp(ZgrPu(2~)c%Gh z6iyBHOWP_Iv9QzqOW)%Hq~eRZw-v8do2G~E50%;WZy>3kN${0>*)SAdRXsZ=>D>;&%ZT7_yI3>Wy>6Rxh?7-%Kji-G9k!7-X%3*1VeMN;_71T zlhViJ@}fZhjk&=&%d_>ZgC7o)6OKMfpVhpJH{NoI+bF$M8CAJv_Eg8H?tem`l7LZD z6VIKM##Qlc`okdI4bwK%hOa`#Jb8$6(~~=y`^*`+(&c@W%XR3}ffZT=;u4>*zQ{9M zBZLzFQrTB2cmo6+eGI4YDvmLjxB%o4WWKo@U^e1P*=9_no}S_ z`%`Oa!i`c*n{3IwGgAx52lqXtG-i&lz;tslF&%GfX)bv_yU}>R{7G!>P4f$gQ8%BJ z6gx~5^$x?6G{+$0)>3nx5i5j^^9Sg+#P4{*Q?^_;7)J=&xnuU0usU2TJ^LisyK@E> z3{vwU1`fnmz($J+LdnK)nYY^^9GMa#k=0~7pnZB%y#p3xw_QqYnA$*UpK0Zrcesd* z&0@1g{I?+VsRbe&`}Bxrn;VKO6kr{nFH6I4!vPs$a+BZpXhz(c%?a zJtWN1&yf-PVfZ)HAwG4;tmpT{}!PDE<>abKpJ3m7XMdW@7MU~x_ISqC7?f{{ew+=$JP2X zXFT?w#Uxa{2=P$XE&i2;vJmy_{?o;ju#m5H2ek#LlT}b_xU)zw&#W$jdO|BT^e==- z4On0P5*haaK%#aNal=SWK);U7EtG>KQU@2IgW-4kY~bL~Z+NU5^50^tPdL)F9HMud zt7A@038#o?MnIaL*4Z;ca-~<>Qt67n4=-_%B%H)%gH}5{?UM!n!uTfSvHGX_0+ddk zkfNdaNj(=Gr{^B6(63sv9U}1^$zlKMfd82$vMliM=N*AO+)qW(&ChJloTw4(aM=63 z;)ZYICBu|Qc*$9UUk_t#zH?}rqTMTn%^74FV;ve{NRf5e_;t@uj={!RJf0Sjcl%64 zJz8B{g6}_!BALS7NAFoveo|^gmxi(eF?qvC5}R>BULG58>Ii=c5_Puew`%PCYKrPn z0*T-i(05`oF%r*FT`G)HP$paC?ap%)*GhHyI}-CMswJjOaq;PjnvQ6oZ@ALIs27sD zf%)5~dpolAQb#RtyA!64X(9jc$~eHobw;b#_{!&~sN2IMhgRY^Tg-c2^<4Z0TE1eK z*u$un$8T&d{r|~jmjgqb%wj8L8tu_hBsL>--#)3x zrdQ4|+9E3jM%W#S9F({wuP3rZ#L0TUdR6c`=$ZK)R3;)mT5As~FN(YWz@M{l|CtlY zkS&%UpS}t{D_eamIix5n5m%BN>>sFY_MiG7g^m4qk1+QjKLuS=N-&4{RlkYG%dd>P z?$NvA*O3X588CBVgmvrtaWy6=O|`oCLc|E!@&6-3gwls#5eZ>F-DbM!U-E$Ooi&Z|bE%cqlfc5i>dS?< zoP>>1&b;<*xMp!H%ZUJeCxjy({>m|aOReV!Z)I|AbQ$>*!)MVeTx-aub?{;Gf%xf$ zI}4=WYfD|_v{MPslLJ>5v0(8aH9ncFj5nEMhGB;wfJI*QVde8gj} zetaezY83IrR_c^cg37nP+s|%=A{VQOR)*c91}&b#k?k5o4nT&Qk1+GP8}=K4TjIIU zd^0B<6yoAn^-e_BzFi@R6A~pN({H~X4zW**I7AvNCigtCKZ+eFS=~h0WIpRg)khD7 zl}0o6MawGdfIWe=^cr1S$q9$IrVZ@QoeL%wya_>aami`Nmc7JFX30f+waTIL-bRfs z{ny!j3I0$hTLFS=zrFSRH}=-R!e}XZX3n<9yPEHlLVm06wukB&I^43_ zi3Mz&gsG*(RJ^Uh^>^>bpAgYMKMTL4R{{nmLa@voT=f@M*3Ju32=wQkCFC?QNB28A zAGYS9bSJ4F|7>DwOuO{UY6WA|MJ#1?>1MH;7$G|1hNX|z^MDG&wF)B6nSvku3lRP1 zasV@4lDB2Z=a-Kf#@hTy7Rj0TDDS-ZXzO*A+n4UkqvYjLc|U(O@u_)2Gf;JgPqjaO zX~^VUy}(Wi5_noMI~sK-6hZhwCU(oe#x67nX1*Up_c_E2h-GE)hNAgP1J?0_+92P; zth-^B(LihVlT0Xeb#=AQ31sxXr1LiXh5^YM{qf}SouYta;h6zT>_-pWZ>(U zcPM?a_92Z3e*PiXdR!?wW;6$V(|?`JjyuPcpAZ>_-QD3nAaM`*>cPzXL8$CbR-A4G zsZ5qCZM=H~5~(I&@DSz0iK9WPo%IWoFDF111yCpd+UGH}0IBWIiNdd5eJ_q?d&R<- zGn#u%oo%ljSCNl<(h|OYEsi<&QFfb7m!|K+x8>)5>)M!-_V=873z}!@c{`>L) z^Pdp3n_j{ki^mlV5i!RsOc7qI(F%+KT2&6Er&m)(8hc+H*DwS!rYZyf-CUx2IP&I$ zBH3vDSC>o#>{W;)+#@xZlDY`2EaSK_%Wcl5U$aDs%)Ui3Q7|t+aN_ zZs@^^cAiY7#bQTXQWL}F0nd;cNYM9dSd)@-!x?aj;g0q5)DxB2dCXvcZv`)LY~y+F zT4d_zrwYcrdeL`^@lQtwcdD{Gq{EQgm&duo4Y){-5hdGyXh&ICoVW+2&@3id3l!Ik z{}X+ZRV05RxL6MtzBuIt8#!k7KuH&|w+&h4-vWMr)9H6o+29faZe|)yI!_&FN&C?4 z7g!cWoq|DbSwAa(*#!G%zs#MNG!pciTTt=zli?b2f_DqNO*IN{%jUIjH~gX`7RE#R zKdw;N0CgIbHkSla((n_JA;u-y^JPhTy4HsJ@+iwKBu?wkg-hA$yUY2_jQa9i6SS;} zAU^05|HeuKI?%nT|>O-W7Q%2A@iUlA+v61N5su6FEIaG3+e#406N9~Yh3^U07w?Hpo`e` zwa3o?yUbgg^HtI z3^MDRMC>5cv{N{jN^ZSV)4;R>-`NRmHG0R=+^*@Br%@Y z=60S6AL(6_XU}FDpAhi=z>PsQZ&(9bJKIbk?mRUDPlgMkS`M|R`9s)tTmCDyNo2S) z0xsk8B~&((972r^+{r7)ADrG+6&%I!kl1FFAze5%tL$Oxk;Df*CX2d9jiHXLlX5t0t*{LDW9YIXDzI+B)IQP zE$|W?Tli`Dfe&zv2ArU*Qfg}wfcEg_(4(OiZqiApGjR!=YT>7t7Vz_}K;?B`?)+2g zIJG&K$Lb>Sc=M9~Tu0@R^sjYPsAS|$h2 zr=)X8+74iRaVv*0!^^jnjQ8r{ zM@!X+=mwj)o)MH}u*v#9POBdG>-9N;QOMMAo9AluUOij(Fi;krBl|^+{q8t}$v#lE_T5rmJH`hmRG(EbGD4VAvQSNIwH0>N(-*kB2T z=6u+>%Ol}keJL&vCbDqzIPc0OdAHR?d=Qlv(mj0!w|ussepw`FZ+p;k=~fWpb`gvZAQ_G8z%g*h9q0 z%-Gs*7Yd#Z^yU3Dlox#ME*^U)3#4RUL@7ZfW~fvsePIW(d96+pJxh8cAJ&Ga7)XCr=?* zMN;GNK1-KRiA}FS5%L-H7m<*1bp;c&w7$628mPTLStwv3%DM%rg6PhNF@*CRL6Q%` zudYBa5-6jXy%VkgyqF3PxNBgpAv>;%S-Z*1D*(8HxEWL_0?9^DImra4FbJ*0S!Gxt vil9@n8TYIQ{#GH`z8y-*6@LN25R2PoqmQ{FGY@_oy-Q!m_yYFa^?Uyd%We69 diff --git a/website/docs/releases/2023/v2023.4.md b/website/docs/releases/2023/v2023.4.md index b0baaf95979a..5b80dd5829d1 100644 --- a/website/docs/releases/2023/v2023.4.md +++ b/website/docs/releases/2023/v2023.4.md @@ -23,7 +23,7 @@ slug: "/releases/2023.4" The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../../docs/providers/ldap/index.md). - Documentation: [RADIUS Provider](../../../docs/providers/radius/index.md) + Documentation: [RADIUS Provider](../../../docs/providers/radius/index.mdx) - Decreased CPU usage for workers diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index 4346bd056255..ffc410636568 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -66,6 +66,10 @@ To try out the release candidate, replace your Docker image tag with the latest - **Source property mappings for SCIM, OAuth, SAML and Plex sources** +- **RADIUS provider custom attribute support** + + With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../providers/radius/index.mdx#radius-attributes) + - **SAML Source encryption support** It is now possible to configure a SAML Source to decrypt and validate encrypted assertions. This can be configured by certaing a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML Source.