4 Commits

Author	SHA1	Message	Date
Bernd Worsch	a6af43b332	fix(authelia): use adapter's own client_id/redirect_uri in AuthorizeURL ... The adapter was forwarding the downstream client's client_id and redirect_uri to Authelia, which would always be rejected — Authelia only recognises client_id=keycape and its registered callback URI. Also removed downstream PKCE forwarding: KeyCape is a confidential OIDC client to Authelia and authenticates via client_secret instead. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-25 03:15:36 +00:00
tegwick	3ee8090a98	feat: implement T09, T15, T21 — userinfo endpoint, LLDAP export, negative tests ... - T09: /userinfo with RS256 JWT validation, scope-filtered claims - T15: LLDAP→canonical export tool with validation, migration_event telemetry - T21: Negative test suite (Scenario D) — all 7 unsupported features verified All go tests passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-13 02:08:03 +01:00
tegwick	d05c73dc19	feat: implement T11, T12 — Authelia adapter, privacyIDEA adapter ... - T11: AutheliaAdapter delegating login UI and session; Authelia tokens never leak to profile layer - T12: PrivacyIDEAAdapter delegating MFA 100% — no MFA logic in KeyCape 21 adapter tests pass, vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-13 01:50:31 +01:00
tegwick	b0adbc5daa	feat: implement T14, T10 — enforcement middleware, LLDAP adapter ... - T14: Unsupported feature registry with 7 pre-registered profile boundaries - T10: LLDAP adapter implementing UserRepository; validator-gated reads 24 tests pass, go vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-13 01:45:21 +01:00