docs(readme): add authentik integration

Aetherinox · Aetherinox · commit f9b92cfc16d4 · 2024-12-17T20:29:55.000-07:00
add instructions on implementing authentik integration
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
 [![Size][github-size-img]][github-size-img]
 [![Last Commit][github-commit-img]][github-commit-img]
 [![Contributors][contribs-all-img]](#contributors-)
+<!-- prettier-ignore-end -->
 
 </div>
 
@@ -39,12 +40,13 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
   - [Docker:](#docker)
     - [Run](#run)
     - [Compose](#compose)
-    - [Traefik](#traefik)
+    - [Traefik Integration](#traefik-integration)
       - [Dynamic.yml](#dynamicyml)
       - [Static.yml](#staticyml)
         - [certificatesResolvers](#certificatesresolvers)
         - [entryPoints (Normal)](#entrypoints-normal)
         - [entryPoints (Cloudflare)](#entrypoints-cloudflare)
+    - [Authentik Integration](#authentik-integration)
   - [Env \& Volumes](#env--volumes)
     - [Env Variables](#env-variables)
     - [Volumes](#volumes)
@@ -59,7 +61,6 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
   - [Platform: MacOS](#platform-macos)
     - [Using Grunt](#using-grunt-2)
     - [Using NPM](#using-npm-2)
-- [Thank you](#thank-you)
 - [Donations](#donations)
 - [Contributors ✨](#contributors-)
 
@@ -149,7 +150,7 @@ services:
 
 <br />
 
-#### Traefik
+#### Traefik Integration
 You can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate.
 
 <br />
@@ -346,6 +347,98 @@ Save the files and then give Traefik and your Keeweb containers a restart.
 
 <br />
 
+<br />
+
+#### Authentik Integration
+
+If you are adding [Authentik](https://goauthentik.io/) as middleware in the steps above; the last thing you must do is log in to your Authentik admin panel and add a new **Provider** so that we can access Keeweb via your domain.
+
+<br />
+
+Sign into the Authentik admin panel, go to the left-side navigation, select **Applications** -> **Providers**. Then at the top of the new page, click **Create**.
+
+<br />
+
+<p align="center"><img style="width: 40%;text-align: center;" src="docs/img/authentik/01.png"></p>
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/02.png"></p>
+
+<br />
+
+For the **provider**, select `Proxy Provider`.
+
+<br />
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/03.png"></p>
+
+<br />
+
+Add the following provider values:
+- **Name**: `Keeweb ForwardAuth`
+- **Authentication Flow**: `default-source-authentication (Welcome to authentik!)`
+- **Authorization Flow**: `default-provider-authorization-implicit-consent (Authorize Application)`
+
+<br />
+
+Select **Forward Auth (single application)**:
+- **External Host**: `https://keeweb.domain.com`
+
+<br />
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/04.gif"></p>
+
+<br />
+
+Once finished, click **Create**. Then on the left-side menu, select **Applications** -> **Applications**. Then at the top of the new page, click **Create**.
+
+<br />
+
+<p align="center"><img style="width: 40%;text-align: center;" src="docs/img/authentik/05.png"></p>
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/02.png"></p>
+
+<br />
+
+Add the following parameters:
+- **Name**: `Keeweb (Password Manager)`
+- **Slug**: `keeweb`
+- **Group**: `Security`
+- **Provider**: `Keeweb ForwardAuth`
+- **Backchannel Providers**: `None`
+- **Policy Engine Mode**: `any`
+
+<br />
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/06.png"></p>
+
+<br />
+
+Save, and then on the left-side menu, select **Applications** -> **Outposts**:
+
+<br />
+
+<p align="center"><img style="width: 40%;text-align: center;" src="docs/img/authentik/07.png"></p>
+
+<br />
+
+Find your **Outpost** and edit it.
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/08.png"></p>
+
+<br />
+
+Move `Keeweb (Password Manager)` to the right side **Selected Applications** box.
+
+<br />
+
+<p align="center"><img style="width: 80%;text-align: center;" src="docs/img/authentik/09.png"></p>
+
+<br />
+
+You should be able to access `keeweb.domain.com` and be prompted now to authenticate with Authentik.
+
+<br />
+
 ---
 
 <br />
@@ -429,6 +522,8 @@ You may build KeeWeb for `Windows` by executing ONE of the following two command
 grunt dev-desktop-win32 --skip-sign
 ```
 
+<br />
+
 #### Using NPM
 
 ```shell
@@ -449,6 +544,8 @@ You may build KeeWeb for `Linux` by executing ONE of the following two commands
 grunt dev-desktop-linux --skip-sign
 ```
 
+<br />
+
 #### Using NPM
 
 ```shell
@@ -462,8 +559,6 @@ npm run dev-desktop-linux
 
 You may build KeeWeb for `MacOS` by executing ONE of the following two commands provided:
 
-<br />
-
 #### Using Grunt
 
 ```shell
@@ -484,6 +579,8 @@ Once the build is complete, all (html files will be in `dist/` folder. To build
 
 To run the desktop (electron) app without building an installer, build the app with `grunt` and then launch KeeWeb with one of the following commands:
 
+<br />
+
 ```bash
 npm run dev
 npm run electron
@@ -506,21 +603,6 @@ Once built, the output files will be generated in `tmp`:
 
 <br />
 
-## Thank you
-
-Notable contributions to KeeWeb:
-
-- Florian Reuschel ([@Loilo](https://github.com/Loilo)): [German translation](https://keeweb.oneskyapp.com/collaboration/translate/project/project/173183/language/550)
-- Dennis Ploeger ([@dploeger](https://github.com/dploeger)): [auto-type improvements](https://github.com/keeweb/keeweb/pulls?q=is%3Apr+is%3Aclosed+author%3Adploeger)
-- Hackmanit ([hackmanit.de](https://www.hackmanit.de)): [penetration test](https://www.hackmanit.de/en/blog-en/104-pro-bono-penetration-test-keeweb)
-- Peter Bittner ([@bittner](https://github.com/bittner)): [Wikipedia article](https://en.wikipedia.org/wiki/KeeWeb)
-
-<br />
-
----
-
-<br />
-
 ## Donations
 
 KeeWeb is not free to develop. It takes time, requires paid code signing certificates and domains.  
@@ -650,8 +732,8 @@ Want to help but can't write code?
   [github-build-pypi-uri]: https://github.com/keeweb/keeweb/actions/workflows/release-pypi.yml
 
 <!-- BADGE > GITHUB > TESTS -->
-  [github-tests-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/tests.yml?logo=github&label=Tests&color=2c6488
-  [github-tests-uri]: https://github.com/keeweb/keeweb/actions/workflows/tests.yml
+  [github-tests-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/build-tests.yml?logo=github&label=Tests&color=2c6488
+  [github-tests-uri]: https://github.com/keeweb/keeweb/actions/workflows/build-tests.yml
 
 <!-- BADGE > GITHUB > COMMIT -->
   [github-commit-img]: https://img.shields.io/github/last-commit/keeweb/keeweb?logo=conventionalcommits&logoColor=FFFFFF&label=Last%20Commit&color=313131
