1.0.0

What's Changed

• adding languages support to Gateway by @marwanehcine in #43
• Proxy to external URLs by @emmdurin in #49
• Adding path customization for messages translation files by @marwanehcine in #51
• local account creation for user connected with external identity provider by @marwanehcine in #45
• Allowing users to login with email in addition of UID by @marwanehcine in #50
• Fix OAuth2 authentication issues after spring boot upgrade by @marwanehcine in #52
• Fixed startup crash when OAuth2 is disabled by @emmdurin in #55
• Inform admins when new oauth2 account is created using spring rabbit events (gateway) by @marwanehcine in #54
• Documentation custom error pages by @edevosc2c in #64
• making Rabbitmq optional for gateway - deactivated by default by @marwanehcine in #62
• Fix rabbitHealthIndicator issue when rabbitmq is disabled by @marwanehcine in #66
• remove cors/csrf java code configuration, in favor of regular spring-cloud-gateway configuration by @pmauduit in #59
• Fixed whoami crash when IDP returns null claims by @emmdurin in #65
• Upgrade git-commit-id-maven-plugin:5.0.0->7.0.0 by @groldan in #67
• Remove georchestra submodule by @groldan in #69
• Remove datadir submodule, replace by minimal copy required for Gateway tests by @groldan in #71
• Refactor LDAP account creation functionality for better separation of concerns by @groldan in #72
• Disable CSRF protections by @pmauduit in #73
• push to docker hub github actions per commit by @edevosc2c in #74
• simplify configuration override from the georchestra datadir by @pmauduit in #77
• Add pre-auth header authentication to Gateway for trusted proxy by @groldan in #63
• LdapAccountsManager - skip organization creation of org is empty by @pmauduit in #80
• fix: geOrchestra json headers - organization as json payload is not transmitted by @pmauduit in #82
• preauth - making sure the authenticated flag on the token is set to true by @pmauduit in #87
• whoami - avoid revealing sensitive info (password) in the output by @pmauduit in #88
• preauth - being able to receive base64-encoded headers by @pmauduit in #90
• Roles loading from LDAP for OAuth2 users by @emmdurin in #84
• Adding Optional Default Org for OAuth2 users by @marwanehcine in #85
• Allow building with a Java 21 JDK by @groldan in #92
• Implement editable logout redirection url by @f-necas in #95
• Updated OAuth2 provider and organization fields in account creation e-mails by @emmdurin in #91
• Refactored OAuth2 accounts in LDAP by @emmdurin in #96
• Rabbitmq - Fix event sending process by @marwanehcine in #81
• Set logout redirection with oidc too by @f-necas in #97
• Map connection exceptions to HTTP 503 status code instead of 500 by @groldan in #98
• Fixed OAuth2 account deletion by @emmdurin in #100
• Adds Docker-hub documentation by @f-necas in #99
• Preserve host header and pass x-forwarded headers by @edevosc2c in #104
• Removed logout confirmation page by @emmdurin in #106
• adding customized error pages with a specific api for error handling by @marwanehcine in #107
• maven/build - adds a debian packaging profile by @pmauduit in #111
• Fixed issue for authenticated by email users who change their email by @emmdurin in #115
• Fixed proxy when PreserveHost filter is enabled and blocked local URLs by @emmdurin in #119
• Show error message to OAuth2 user when a matching local account already exists by @emmdurin in #116
• Returns ExtendedGeorchestraUser object when createUserInLdap set to true by @pmauduit in #114
• login - fix thymeleaf integration (reverts a modification from #114) by @pmauduit in #121
• Catch application errors to display standardized error page by @emmdurin in #122
• Fix truncated response body when catching application errors to display standardized error page by @groldan in #124
• preserve host header + set forward-headers-strategy FRAMEWORK by @edevosc2c in #109
• Fixed exception when a user has no organization by @emmdurin in #123
• Introducing a sec-external-authentication flag http header to identify local vs remote users by @marwanehcine in #101
• preauth - http header names are case insensitive (#125) by @pmauduit in #126
• Bump org.springframework.security:spring-security-oauth2-client from 5.6.2 to 5.6.9 by @dependabot in #70
• Added documentation for general OAuth2 and specific FranceConnect configuration by @emmdurin in #130
• login - do not hardcode header's script url (#117) by @pmauduit in #118
• Adds preauth external provider header by @f-necas in #131

New Contributors

• @edevosc2c made their first contribution in #64
• @f-necas made their first contribution in #95
• @dependabot made their first contribution in #70

Full Changelog: v23.1-RC1...1.0.0

Release 23.1-RC1

What's Changed

• License file in #1
• trying to implement proxy configuration for the oauth2 client by @pmauduit in #3
• Prototype applying georchestra access rules by @pmauduit in #4
• Package refactoring, load and apply service access rules by @groldan in #5
• Oauth2 User Service class should also be configured against a proxy, if provided (#8) by @pmauduit in #9
• Build improvements by @groldan in #10
• Install maven wrapper and update README and github workflow accordingly by @groldan in #13
• Support appending sec-* headers as configured, resolved from authenticated user by @groldan in #12
• Remove authenticated config prop from RoleBasedAccessRule, anonymous=false is enough by @groldan in #15
• Fix access rules order and add integration tests by @groldan in #16
• Allow OpenID Connect authentication to go through HTTP proxy by @groldan in #17
• Use JSONPath to map OpenIDConnect claims to roles and org name by @groldan in #18
• Feature/auth with multiple ldap dbs by @groldan in #19
• Add support for LDAP Active Directory authentication. by @groldan in #20
• AD - changing strategy for authenticating users via Active Directory by @pmauduit in #21
• Add liveness and readiness management probes end points by @groldan in #22
• Allow to specify LDAP's user search returned attributes by @groldan in #23
• Support multiple jsonpath expressions to extract roles from OIDC claims by @groldan in #24
• Gateway user roles feature (sync from DT gitlab) by @emmdurin in #25
• Added customizable login and logout pages by @emmdurin in #26
• Add configuration to extract the user id from an OpenID Connect non-standard claim by @groldan in #31
• custom login page - dynamically iterates over the oauth2 registered clients by @pmauduit in #27
• Login: rework ui by @tkohr in #29
• Fix for OAuth2 providers using HS256 token algorithm by @emmdurin in #30
• add condition to print oauth section by @jeanmi151 in #33
• Fixed condition for showing LDAP section of login page by @emmdurin in #34
• Make all requests having a ?login param to be authenticated by @jahow in #32
• Fixed OAuth2 support of all MAC algorithm and short client secrets by @emmdurin in #38
• password rotation for gateway by @marwanehcine in #37
• Gateway update to handle login errors by @marwanehcine in #42
• Added cookie affinity filter by @emmdurin in #41
• Use the OAuth2 registration name if client name is not provided for the login page by @groldan in #46
• Allow to disable the georchestra header by @groldan in #47
• Add filters used by GeoServer Cloud by @groldan in #48

New Contributors

• @pmauduit made their first contribution in #3
• @groldan made their first contribution in #5
• @emmdurin made their first contribution in #25
• @tkohr made their first contribution in #29
• @jeanmi151 made their first contribution in #33
• @jahow made their first contribution in #32
• @marwanehcine made their first contribution in #37

Full Changelog: https://github.com/georchestra/georchestra-gateway/commits/v23.1-RC1