mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-22 13:37:19 +02:00
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
GitHub
parent
4fff08cfab
commit
a1d85c1c90
2 changed files with 20 additions and 1 deletions
|
|
@ -56,7 +56,7 @@ easy deployment semantics but is not persistent or highly available. Running mo
|
||||||
The Redis based backend supports multiple `databroker` instances and persistence across restarts. We recommend a dedicated redis instance for Pomerium to provide the strongest security and performance guarantees.
|
The Redis based backend supports multiple `databroker` instances and persistence across restarts. We recommend a dedicated redis instance for Pomerium to provide the strongest security and performance guarantees.
|
||||||
|
|
||||||
#### High Availability
|
#### High Availability
|
||||||
Redis should be configured to provide high availability via [replication](https://redis.io/topics/replication) and failover. Sentinal and cluster are not supported at this time.
|
Redis should be configured to provide high availability via [replication](https://redis.io/topics/replication) and failover.
|
||||||
|
|
||||||
|
|
||||||
#### Security
|
#### Security
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,24 @@ description: >-
|
||||||
|
|
||||||
# Since 0.13.0
|
# Since 0.13.0
|
||||||
|
|
||||||
|
## New
|
||||||
|
|
||||||
|
### Ping Identity
|
||||||
|
|
||||||
|
[Ping Identity](https://www.pingidentity.com/) is supported as a directory provider. See [the documentation](https://www.pomerium.com/docs/identity-providers/ping.html) for details.
|
||||||
|
|
||||||
|
### Customized Identity Headers
|
||||||
|
|
||||||
|
With the v0.14 release, the names of `X-Pomerium-Claim-{Name}` headers can now be [customized](https://www.pomerium.com/reference/#jwt-claim-headers). This enables broader 3rd party application support for Pomerium's identity headers.
|
||||||
|
|
||||||
|
### Redis High Availability
|
||||||
|
|
||||||
|
Databroker now supports redis [sentinel](https://redis.io/topics/sentinel) and [cluster](https://redis.io/topics/cluster-spec) for increased availability. See the databroker [documentation](https://www.pomerium.com/reference/#data-broker-storage-connection-string) for details.
|
||||||
|
|
||||||
|
### Rewrite Response Headers
|
||||||
|
|
||||||
|
Policies may now [rewrite response headers](https://www.pomerium.com/reference/#rewrite-response-headers) from upstream services. This can be especially useful when upstreams attempt to redirect users to unreachable internal hostnames.
|
||||||
|
|
||||||
## Breaking
|
## Breaking
|
||||||
|
|
||||||
### Programmatic login domain whitelist
|
### Programmatic login domain whitelist
|
||||||
|
|
@ -18,6 +36,7 @@ Programmatic login now restricts the allowed redirect URL domains. By default th
|
||||||
When specifying `allowed_users` by ID, the identity provider is no longer part of the ID format. This does not impact users specified by e-mail.
|
When specifying `allowed_users` by ID, the identity provider is no longer part of the ID format. This does not impact users specified by e-mail.
|
||||||
|
|
||||||
To update your policies for v0.14, please remove any identity provider prefix. Example: `okta/00usi7mc8XC8SwFxT4x6` becomes `00usi7mc8XC8SwFxT4x6`.
|
To update your policies for v0.14, please remove any identity provider prefix. Example: `okta/00usi7mc8XC8SwFxT4x6` becomes `00usi7mc8XC8SwFxT4x6`.
|
||||||
|
|
||||||
# Since 0.12.0
|
# Since 0.12.0
|
||||||
|
|
||||||
## New
|
## New
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue