Closed jgeniowave closed 1 month ago
Updated my outpost configuration to have the authentik_host
property to be equal to the authentik_host_browser
property and now it works as intended.
I guess the scope of the question now changes to:
What is the purpose of the authentik_host
property when configuring an outpost?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
request.user.attributes
does not contain the brand attributes, that always directly access the user's attributes. request.user.group_attributes()
contains all attributes for the user and groups merged together. To also include the brand, you'd have to do request.user.group_attributes(request.http_request)
authentik_host
is both the URL the outpost uses to talk to the authentik API, and also the URL that the user is redirected to for authentication
Describe the bug
As described by the Brand create form UI (
"Any attributes set here will be inherited by users, if the request is handled by this brand."
), when authenticating a user through a domain, it should inherit the attributes of that domain's Brand. What's happening is that the user is not inheriting such attributes.To Reproduce
I created an application and a proxy provider named
whoami98.local.wavesys.pt
. Then, I created a Brand with the domainwhoami98.local.wavesys.pt
. To debug the request, i created a scope mapping and associated the proxy provider with it, containing the following expression:The first screenshot indicates that the branding is being applied correctly and, upon authenticating, i can see my debug attempt in the authentik server's logs. However, the wrong brand (default) is being injected into the request.
Expected behavior When debugging the request, the Brand attributes should be inherited since the user is authenticating through the Brand's domain.
Screenshots Correct branding (although the title is wrong) when authenticating, meaning that the Brand is being recognized correctly. Brand configuration User attributes
Logs My (debugging attempt) Authentik server kubectl log:
Version and Deployment (please complete the following information):
Additional context
auth.whoami98.local.wavesys.pt
produces the same result.