search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.42k stars 70 forks source link

announcement: Profile UI Release #327

Open greenpau opened 6 months ago

greenpau commented 6 months ago

Released Profile UI 1.0.0

Please download the attached files and unpack them to file_server directory. In my case it is /dev/go/src/github.com/authcrunch/authcrunch-ui/frontend/profile/build/ and in your case it will be somet

The Caddyfile configuration follows:

{

    security {
        ...

        authorization policy portal_policy {
            set auth url https://auth.myfiosgateway.com:8443/auth/
            crypto key sign-verify {env.JWT_SHARED_KEY}
            acl rule {
                comment allow admins
                match role authp/admin
                allow stop log info
            }
            acl rule {
                comment allow users
                match role authp/user
                allow stop log info
            }
            acl rule {
                comment default deny
                match any
                deny stop log warn
            }
        }

        ...
    }
}

auth.myfiosgateway.com {
    tls {$HOME}/.local/tls/myfiosgateway/server.crt {$HOME}/.local/tls/myfiosgateway/server.key

    route /version* {
        respond "auth 1.0"
    }

    # Vite Build Files
    route /auth/profile* {
        authorize with portal_policy
        uri strip_prefix /auth/profile
        file_server {
            root {$HOME}/dev/go/src/github.com/authcrunch/authcrunch-ui/frontend/profile/build/
            pass_thru
        }
        rewrite * /index.html
        file_server {
            root {$HOME}/dev/go/src/github.com/authcrunch/authcrunch-ui/frontend/profile/build/
            pass_thru
        }
    }

    route /auth* {
        authenticate with myportal
    }

    route / {
        redir https://{hostport}/auth/ 302
    }
}

Please provide your feedback via email. I will be uploading new versions of the Profile UI here. You should be able to track the versions in the UI itself.

image

Importantly, Profile UI is only available with local identity store at the moment. I am working on connecting OAuth user identities to local store, making the "local" store distributed, and making OAuth users being able to configure their profiles (e.g. API keys, MFA, etc.)

greenpau commented 6 months ago

Profile UI 1.0.0 Assets: profile-1.0.0.zip