providers/proxy: improve SLO by backchannel logging out sessions #7099

BeryJu · 2023-10-08T15:44:40Z

Details

Improve provider SLO by sending a ws message when a user logs out/a session expires

#2023

Checklist

Local tests pass (ak test authentik/)
The code has been formatted (make lint-fix)

If an API change has been made

The API schema has been updated (make gen-build)

If changes to the frontend have been made

The code has been formatted (make web)
The translation files have been updated (make i18n-extract)

If applicable

The documentation has been updated
The documentation has been formatted (make website)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

netlify · 2023-10-08T15:44:44Z

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	`f2226ce`
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/6522cfd1341e560008b43af3

codecov · 2023-10-08T15:49:15Z

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (b90ed6b) 92.68% compared to head (f2226ce) 92.67%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7099      +/-   ##
==========================================
- Coverage   92.68%   92.67%   -0.00%     
==========================================
  Files         567      568       +1     
  Lines       28014    28039      +25     
==========================================
+ Hits        25961    25982      +21     
- Misses       2053     2057       +4

Flag	Coverage Δ
e2e	`51.19% <84.62%> (+0.04%)`	⬆️
integration	`26.35% <61.54%> (+0.05%)`	⬆️
unit	`89.56% <84.62%> (-<0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
authentik/outposts/tasks.py	`75.27% <100.00%> (ø)`
authentik/providers/proxy/signals.py	`100.00% <100.00%> (ø)`
authentik/outposts/channels.py	`92.21% <66.67%> (-1.03%)`	⬇️
authentik/providers/proxy/tasks.py	`66.67% <70.00%> (+4.17%)`	⬆️

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

github-actions · 2023-10-08T16:07:44Z

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-providers-proxy-better-slo-p1-1696780916-f2226ce
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-providers-proxy-better-slo-p1-1696780916-f2226ce-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-providers-proxy-better-slo-p1-1696780916-f2226ce

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-providers-proxy-better-slo-p1-1696780916-f2226ce-arm64

Afterwards, run the upgrade commands from the latest release notes.

* main: (22 commits) lifecycle: fix install_id migration not running (#7116) core: bump Go from 1.20 to 1.21 (#7117) providers/ldap: add windows adsi support (#7098) web: bump API Client version (#7113) translate: Updates for file web/xliff/en.xlf in zh-Hans on branch main (#7112) translate: Updates for file web/xliff/en.xlf in zh_CN on branch main (#7111) web: bump the wdio group in /tests/wdio with 4 updates (#7108) core/api: add uuid field to core api user http response (#7110) core: bump goauthentik.io/api/v3 from 3.2023083.4 to 3.2023083.5 (#7105) core: bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#7106) web: bump the eslint group in /tests/wdio with 1 update (#7107) providers/proxy: improve SLO by backchannel logging out sessions (#7099) web: bump @rollup/plugin-node-resolve from 15.2.2 to 15.2.3 in /web (#7104) web: bump the eslint group in /web with 1 update (#7103) web: bump the storybook group in /web with 1 update (#7102) web: bump API Client version (#7101) providers/saml: add default RelayState value for IDP-initiated requests (#7100) lifecycle: improve reliability of system migrations (#7089) sources/ldap: fix attribute path resolution (#7090) root: Ignore the vendor folder (#7094) ...

* main: (41 commits) lifecycle: fix install_id migration not running (#7116) core: bump Go from 1.20 to 1.21 (#7117) providers/ldap: add windows adsi support (#7098) web: bump API Client version (#7113) translate: Updates for file web/xliff/en.xlf in zh-Hans on branch main (#7112) translate: Updates for file web/xliff/en.xlf in zh_CN on branch main (#7111) web: bump the wdio group in /tests/wdio with 4 updates (#7108) core/api: add uuid field to core api user http response (#7110) core: bump goauthentik.io/api/v3 from 3.2023083.4 to 3.2023083.5 (#7105) core: bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#7106) web: bump the eslint group in /tests/wdio with 1 update (#7107) providers/proxy: improve SLO by backchannel logging out sessions (#7099) web: bump @rollup/plugin-node-resolve from 15.2.2 to 15.2.3 in /web (#7104) web: bump the eslint group in /web with 1 update (#7103) web: bump the storybook group in /web with 1 update (#7102) web: bump API Client version (#7101) providers/saml: add default RelayState value for IDP-initiated requests (#7100) lifecycle: improve reliability of system migrations (#7089) sources/ldap: fix attribute path resolution (#7090) root: Ignore the vendor folder (#7094) ...

outposts: add support for provider-specific websocket messages

be86903

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

BeryJu requested a review from a team as a code owner October 8, 2023 15:44

providers/proxy: add custom signal on logout to logout in provider

f2226ce

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

BeryJu force-pushed the providers/proxy/better-slo-p1 branch from 5dfd9eb to f2226ce Compare October 8, 2023 15:50

BeryJu changed the title ~~providers/proxy: better slo p1~~ providers/proxy: improve SLO by backchannel logging out sessions Oct 8, 2023

BeryJu merged commit 4db365c into main Oct 8, 2023

BeryJu deleted the providers/proxy/better-slo-p1 branch October 8, 2023 23:06

BeryJu mentioned this pull request Oct 18, 2023

Logging out from authentik should invalidate sessions of proxied applications #2023

Open

BeryJu mentioned this pull request Apr 11, 2024

Logoff Nginx #3639

Closed

BeryJu mentioned this pull request Apr 18, 2024

How can I invalidate the domain level forward auth token when signing out of authentik? #4083

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

providers/proxy: improve SLO by backchannel logging out sessions #7099

providers/proxy: improve SLO by backchannel logging out sessions #7099

BeryJu commented Oct 8, 2023

netlify bot commented Oct 8, 2023 •

edited

Loading

codecov bot commented Oct 8, 2023 •

edited

Loading

github-actions bot commented Oct 8, 2023 •

edited

Loading

providers/proxy: improve SLO by backchannel logging out sessions #7099

providers/proxy: improve SLO by backchannel logging out sessions #7099

Conversation

BeryJu commented Oct 8, 2023

Details

Checklist

netlify bot commented Oct 8, 2023 • edited Loading

✅ Deploy Preview for authentik-storybook canceled.

codecov bot commented Oct 8, 2023 • edited Loading

Codecov Report

github-actions bot commented Oct 8, 2023 • edited Loading

netlify bot commented Oct 8, 2023 •

edited

Loading

codecov bot commented Oct 8, 2023 •

edited

Loading

github-actions bot commented Oct 8, 2023 •

edited

Loading