Eric Chiang
f2eac0e723
Merge pull request #1200 from carbin-gun/master
...
Update check go major version way
2018-03-07 10:38:48 -07:00
charles.deng
d92c21b9f9
Update check go major version way
...
the previous one just keep one prefix number as the major number, it should be the whole number after the dot.
2018-03-07 23:34:08 +08:00
Eric Chiang
218d671a96
Merge pull request #1198 from srenatus/sr/add-test-case-for-tampered-nameid-field-with-comment
...
saml: add tests case covering tampered NameID field (comment)
2018-03-01 15:17:32 -08:00
Stephan Renatus
608260d0f1
saml: add tests case covering tampered NameID field (comment)
...
As sketched here:
https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability
Thought it was interesting to see how our SAML connector behaved. And
it seems to be behaving well. :)
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-02-28 08:42:17 +01:00
Eric Chiang
39a66d1496
Merge pull request #1195 from Skn0tt/patch-1
...
Add missing word
2018-02-27 10:37:31 -08:00
Simon Knott
822a10cede
Add missing word
2018-02-24 11:31:51 +01:00
Eric Chiang
01d63b086f
Merge pull request #1176 from vyshane/master
...
New id_provider scope that adds the connector ID and user ID to the ID token claims
2018-02-03 11:47:42 -08:00
Vy-Shane Xie
b03c85e56e
Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token
2018-02-03 18:40:03 +08:00
Eric Chiang
ce686390a5
Merge pull request #1144 from srenatus/sr/support-direct-post-without-get-first
...
handlers/connector_login: update AuthRequest irregardless of method
2018-02-01 11:26:57 -08:00
Eric Chiang
c0bcc81997
Merge pull request #1171 from pmcgrath/1170-fix-typos
...
1170 - Fix comment typos
2018-02-01 11:19:56 -08:00
pmcgrath
4aec353aec
1170 - Fix comment typos
...
BsaeDN should be BaseDN
2018-01-14 12:34:45 +00:00
Eric Chiang
1dbecefadf
Merge pull request #1166 from ericchiang/coc
...
automated PR: update CoC and legalese
2018-01-08 15:41:30 -08:00
Eric Chiang
f83c86cead
Merge pull request #1168 from ericchiang/connector-docs
...
README: expand connector docs and assign each a level of support
2018-01-05 09:27:19 -08:00
Eric Chiang
ea2c63d7b0
README: expand connector docs and assign each a level of support
2018-01-05 09:06:18 -08:00
Eric Chiang
2851b3c7a6
Merge pull request #1167 from ericchiang/restructure-connector-docs
...
Documentation: restructure connector docs to a single folder
2018-01-04 13:59:52 -08:00
Eric Chiang
460f48320e
Documentation: restructure connector docs to a single folder
2018-01-04 13:50:14 -08:00
Eric Chiang
2215158b2a
update CoC and legalese
2018-01-04 12:14:31 -08:00
Eric Chiang
6ef8cd512f
Merge pull request #1155 from brancz/prometheus
...
Add Prometheus metrics
2017-12-21 12:32:44 -08:00
Frederic Branczyk
0930b09e4e
vendor: Add metrics packages
2017-12-21 21:24:14 +01:00
Frederic Branczyk
5f03479d29
*: Add go runtime, process, HTTP and gRPC metrics
2017-12-21 21:24:09 +01:00
Eric Chiang
053c476c4f
Merge pull request #1157 from ericchiang/conn-oidc-doc-groups
...
document limitations in the OpenID Connect connector
2017-12-20 17:20:21 -08:00
Eric Chiang
0811d1a07a
document limitations in the OpenID Connect connector
2017-12-20 17:12:00 -08:00
Eric Chiang
b5baf6b1ca
Merge pull request #1152 from diegs/bom
...
license: add bill of materials.
2017-12-19 10:31:43 -08:00
Diego Pontoriero
6d4fef4b9a
license: add bill of materials.
2017-12-19 10:23:27 -08:00
Eric Chiang
9d4b1041bd
Merge pull request #1151 from topos-ai/email-address
...
Clarify email scope description
2017-12-17 10:36:58 -08:00
Eric Buth
da45adcb6e
email scope only allows access to a user's email address
2017-12-17 12:08:19 -05:00
Stephan Renatus
f013a44581
handlers/connector_login: check before update (optimization)
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-12-11 08:32:22 +01:00
Eric Chiang
ec5e2cc3c6
Merge pull request #1135 from mpashka/master
...
Update slapd.sh
2017-12-08 15:26:14 -06:00
Pavel Moukhataev
5ef1312b38
Add note for OpenLDAP installation
2017-12-08 23:53:36 +03:00
Stephan Renatus
f18d7afc6f
handlers/connector_login: update AuthRequest irregardless of method
...
Before, you could not POST your credentials to a password-connector's
endpoint without GETing that endpoint first. While this makes sense for
browser clients; automated interactions with Dex don't need to look at
the password form to fill it in.
A symptom of that missing GET was that the POST succeeded (!) with
login successful: connector "", username="admin", email="admin@example.com", groups=[]
Note the connector "". A subsequent call to finalizeLogin would then
fail with
connector with ID "" not found: failed to get connector object from storage: not found
Now, the connector ID of an auth request will be updated for both GETs
and POSTs.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-12-08 11:49:52 +01:00
Eric Chiang
5172a46171
Merge pull request #1143 from wkalt/fix-verifier-creation-typo
...
Correct "Verifier" method name in using-dex doc
2017-12-05 17:47:11 -05:00
Wyatt Alt
e7d57bb31b
Correct "Verifier" method name in using-dex doc
...
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
2017-12-05 13:38:11 -08:00
Eric Chiang
18da628842
Merge pull request #1142 from zlabjp/status-code
...
Bugfix: Set a proper status code before sending an error status page
2017-12-04 00:04:28 -05:00
rithu leena john
32257bcf8e
Merge pull request #1140 from ericchiang/fix-proto-build
...
*: fix proto build
2017-12-01 14:02:11 -08:00
Eric Chiang
c5de6fa733
*: regenerate proto
2017-12-01 11:29:33 -08:00
Eric Chiang
ab102b8189
*: revendor
2017-12-01 10:32:04 -08:00
Eric Chiang
35063da41e
*: pin protoc-gen-go dependencies
2017-12-01 10:32:04 -08:00
Kazumasa Kohtaka
9948228e5b
Set a proper status code before sending an error status page
2017-12-01 14:23:45 +09:00
Eric Chiang
861d4ae447
Merge pull request #1131 from pborzenkov/microsoft
...
Implement Microsoft (Azure AD) connector
2017-11-28 09:33:11 -08:00
Eric Chiang
c872938298
Merge pull request #1136 from vyshane/master
...
Specify Java package for dex Protobuf API
2017-11-28 09:20:59 -08:00
Vy-Shane Xie
19cb2a5ffb
Specify Java package option
2017-11-28 20:35:34 +08:00
Pavel Borzenkov
47df6ea2ff
connector/microsoft: add support for groups
...
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Pavel Borzenkov
6193bf5566
connector: implement Microsoft connector
...
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
* common - both personal and business/school accounts
* organizations - only business/school accounts
* consumers - only personal accounts
* <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Eric Chiang
f4b6bf2ac3
Merge pull request #1123 from srenatus/sr/back-button-for-password-template
...
show "back" link for password connectors
2017-11-13 10:58:25 -08:00
rithu leena john
bc01767212
Merge pull request #1124 from ericchiang/remove-milestones-link
...
README.md: remove milestones link
2017-11-13 09:48:42 -08:00
Stephan Renatus
41f663f70c
show "back" link for password connectors
...
This way, the user who has selected, say, "Log in with Email" can make up
their mind, and select a different connector instead.
However, if there's only one connector set up, none of this makes sense -- and
the link will thus not be displayed.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-13 08:39:59 +01:00
Eric Chiang
b746ab4975
README.md: remove milestones link
2017-11-10 11:28:03 -08:00
Eric Chiang
75a07f2bfa
Merge pull request #1116 from srenatus/sr/local-users/say-email-in-login
...
password connectors: make prompt configurable
2017-11-10 11:25:02 -08:00
Stephan Renatus
b09a13458f
password connectors: allow overriding the username attribute (password prompt)
...
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.
Before, irregardless of how the LDAP connector was set up, the prompt
was
Username
[_________________]
Password
[_________________]
Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.
If it's not configured, it will default to "Username".
For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Eric Chiang
04e276f2df
Merge pull request #1120 from ericchiang/update-maintainers
...
*: update maintainers
2017-11-08 15:46:31 -08:00