k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Merge pull request #1544 from kenperkins/saml-groups

Browse Source 
Adding support for allowed groups in SAML Connector
This commit is contained in:
Nándor István Krácser
2019-10-30 13:28:34 +01:00
committed by GitHub
parent f2590ee07d 285c1f162e
commit 6d41541964
3 changed files with 150 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/connectors/saml.md
View File

@@ -14,6 +14,10 @@ __The connector doesn't support refresh tokens__ since the SAML 2.0 protocol doe
The connector doesn't support signed AuthnRequests or encrypted attributes.
## Group Filtering
The SAML Connector supports providing a whitelist of SAML Groups to filter access based on, and when the `groupsattr` is set with a scope including groups, Dex will check for membership based on configured groups in the `allowedGroups` config setting for the SAML connector.
## Configuration
```yaml
@@ -44,6 +48,10 @@ connectors:
emailAttr: email
groupsAttr: groups # optional
# List of groups to filter access based on membership
# allowedGroups
# - Admins
# CA's can also be provided inline as a base64'd blob.
#
# caData: ( RAW base64'd PEM encoded CA )