k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
867 Commits 1 Branch 0 Tags
2d7de4ec709483b330f3b56db235e41eda395a32
Commit Graph

867 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Chiang
0822f1d4d3 Merge pull request #1232 from silenceshell/patch-1 
fix typo
 2018-05-14 16:10:19 -07:00
Eric Chiang
bf3ffb53a0 Merge pull request #1233 from kpschuck/master 
Updates go to 1.10.2 to support SHA-512 for ldaps
 2018-05-14 09:23:00 -07:00
Kevin Schuck
ca3d73c36d Updates go to 1.10.2 to support SHA-512 for ldaps 2018-05-10 11:23:50 -05:00
silenceshell
468b5e3f0a fix typo 
Should `pulic`  be `public`?
 2018-05-10 11:55:11 +08:00
Matthias Klan
481f1276a8 Update using-dex.md 
fix wrong port from example
 2018-05-04 16:14:16 +02:00
Joe Borg
fc8b20ba35 Removing whitespace 2018-04-27 09:28:52 +01:00
Eric Chiang
0d3edf2456 Merge pull request #1208 from ericchiang/go10 
*: update build to Go 1.10
 2018-03-20 15:08:43 -07:00
Eric Chiang
264484075a *: update build to Go 1.10 2018-03-20 14:50:33 -07:00
Eric Chiang
f2eac0e723 Merge pull request #1200 from carbin-gun/master 
Update check go major version way
 2018-03-07 10:38:48 -07:00
charles.deng
d92c21b9f9 Update check go major version way 
the previous one just keep one prefix number as the major number, it should be the whole number after the dot.
 2018-03-07 23:34:08 +08:00
Eric Chiang
218d671a96 Merge pull request #1198 from srenatus/sr/add-test-case-for-tampered-nameid-field-with-comment 
saml: add tests case covering tampered NameID field (comment)
 2018-03-01 15:17:32 -08:00
Stephan Renatus
608260d0f1 saml: add tests case covering tampered NameID field (comment) 
As sketched here:

https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability

Thought it was interesting to see how our SAML connector behaved. And
it seems to be behaving well. :)

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-02-28 08:42:17 +01:00
Eric Chiang
39a66d1496 Merge pull request #1195 from Skn0tt/patch-1 
Add missing word
 2018-02-27 10:37:31 -08:00
Simon Knott
822a10cede Add missing word 2018-02-24 11:31:51 +01:00
Eric Chiang
01d63b086f Merge pull request #1176 from vyshane/master 
New id_provider scope that adds the connector ID and user ID to the ID token claims
 2018-02-03 11:47:42 -08:00
Vy-Shane Xie
b03c85e56e Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token 2018-02-03 18:40:03 +08:00
Eric Chiang
ce686390a5 Merge pull request #1144 from srenatus/sr/support-direct-post-without-get-first 
handlers/connector_login: update AuthRequest irregardless of method
 2018-02-01 11:26:57 -08:00
Eric Chiang
c0bcc81997 Merge pull request #1171 from pmcgrath/1170-fix-typos 
1170 - Fix comment typos
 2018-02-01 11:19:56 -08:00
pmcgrath
4aec353aec 1170 - Fix comment typos 
BsaeDN should be BaseDN
 2018-01-14 12:34:45 +00:00
Eric Chiang
1dbecefadf Merge pull request #1166 from ericchiang/coc 
automated PR: update CoC and legalese
 2018-01-08 15:41:30 -08:00
Eric Chiang
f83c86cead Merge pull request #1168 from ericchiang/connector-docs 
README: expand connector docs and assign each a level of support
 2018-01-05 09:27:19 -08:00
Eric Chiang
ea2c63d7b0 README: expand connector docs and assign each a level of support 2018-01-05 09:06:18 -08:00
Eric Chiang
2851b3c7a6 Merge pull request #1167 from ericchiang/restructure-connector-docs 
Documentation: restructure connector docs to a single folder
 2018-01-04 13:59:52 -08:00
Eric Chiang
460f48320e Documentation: restructure connector docs to a single folder 2018-01-04 13:50:14 -08:00
Eric Chiang
2215158b2a update CoC and legalese 2018-01-04 12:14:31 -08:00
Eric Chiang
6ef8cd512f Merge pull request #1155 from brancz/prometheus 
Add Prometheus metrics
 2017-12-21 12:32:44 -08:00
Frederic Branczyk
0930b09e4e vendor: Add metrics packages 2017-12-21 21:24:14 +01:00
Frederic Branczyk
5f03479d29 *: Add go runtime, process, HTTP and gRPC metrics 2017-12-21 21:24:09 +01:00
Eric Chiang
053c476c4f Merge pull request #1157 from ericchiang/conn-oidc-doc-groups 
document limitations in the OpenID Connect connector
 2017-12-20 17:20:21 -08:00
Eric Chiang
0811d1a07a document limitations in the OpenID Connect connector 2017-12-20 17:12:00 -08:00
Eric Chiang
b5baf6b1ca Merge pull request #1152 from diegs/bom 
license: add bill of materials.
 2017-12-19 10:31:43 -08:00
Diego Pontoriero
6d4fef4b9a license: add bill of materials. 2017-12-19 10:23:27 -08:00
Eric Chiang
9d4b1041bd Merge pull request #1151 from topos-ai/email-address 
Clarify email scope description
 2017-12-17 10:36:58 -08:00
Eric Buth
da45adcb6e email scope only allows access to a user's email address 2017-12-17 12:08:19 -05:00
Stephan Renatus
f013a44581 handlers/connector_login: check before update (optimization) 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2017-12-11 08:32:22 +01:00
Eric Chiang
ec5e2cc3c6 Merge pull request #1135 from mpashka/master 
Update slapd.sh
 2017-12-08 15:26:14 -06:00
Pavel Moukhataev
5ef1312b38 Add note for OpenLDAP installation 2017-12-08 23:53:36 +03:00
Stephan Renatus
f18d7afc6f handlers/connector_login: update AuthRequest irregardless of method 
Before, you could not POST your credentials to a password-connector's
endpoint without GETing that endpoint first. While this makes sense for
browser clients; automated interactions with Dex don't need to look at
the password form to fill it in.

A symptom of that missing GET was that the POST succeeded (!) with

    login successful: connector "", username="admin", email="admin@example.com", groups=[]

Note the connector "". A subsequent call to finalizeLogin would then
fail with

    connector with ID "" not found: failed to get connector object from storage: not found

Now, the connector ID of an auth request will be updated for both GETs
and POSTs.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2017-12-08 11:49:52 +01:00
Eric Chiang
5172a46171 Merge pull request #1143 from wkalt/fix-verifier-creation-typo 
Correct "Verifier" method name in using-dex doc
 2017-12-05 17:47:11 -05:00
Wyatt Alt
e7d57bb31b Correct "Verifier" method name in using-dex doc 
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
 2017-12-05 13:38:11 -08:00
Eric Chiang
18da628842 Merge pull request #1142 from zlabjp/status-code 
Bugfix: Set a proper status code before sending an error status page
 2017-12-04 00:04:28 -05:00
rithu leena john
32257bcf8e Merge pull request #1140 from ericchiang/fix-proto-build 
*: fix proto build
 2017-12-01 14:02:11 -08:00
Eric Chiang
c5de6fa733 *: regenerate proto 2017-12-01 11:29:33 -08:00
Eric Chiang
ab102b8189 *: revendor 2017-12-01 10:32:04 -08:00
Eric Chiang
35063da41e *: pin protoc-gen-go dependencies 2017-12-01 10:32:04 -08:00
Kazumasa Kohtaka
9948228e5b Set a proper status code before sending an error status page 2017-12-01 14:23:45 +09:00
Eric Chiang
861d4ae447 Merge pull request #1131 from pborzenkov/microsoft 
Implement Microsoft (Azure AD) connector
 2017-11-28 09:33:11 -08:00
Eric Chiang
c872938298 Merge pull request #1136 from vyshane/master 
Specify Java package for dex Protobuf API
 2017-11-28 09:20:59 -08:00
Vy-Shane Xie
19cb2a5ffb Specify Java package option 2017-11-28 20:35:34 +08:00
Pavel Borzenkov
47df6ea2ff connector/microsoft: add support for groups 
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
 2017-11-23 17:01:34 +03:00