k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,183 Commits 1 Branch 0 Tags
30cd592801d493b9f253d7bf1c12b072b917d6a6
Commit Graph

192 Commits

Author SHA1 Message Date
Vitaliy Dmitriev
f2e7823db9 connector/ldap: add multiple user to group mapping 
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
 2020-01-03 10:40:21 +01:00
Andrew Block
296659cb50 Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block
5afa02644a Added OpenShift documentation to README 2019-12-25 11:52:42 -05:00
Andrew Block
92e63771ac Added OpenShift connector 2019-12-22 02:27:09 -05:00
Márk Sági-Kazár
664fdf76ca Merge pull request #1605 from dexidp/kubernetes-tests 
Rewrite kubernetes tests
 2019-12-20 11:41:57 +01:00
Nándor István Krácser
ac242a8bc7 Merge pull request #1590 from ChengYanJin/doc/add-issuer-in-template 
add issuer in the templates.md
 2019-12-20 09:28:40 +01:00
Mark Sagi-Kazar
3fb85ab009 Remove instructions for kubernetes tests from docs 2019-12-18 17:23:52 +01:00
Nandor Kracser
a38e215891 connector/google: support group whitelisting 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-12-03 16:27:07 +01:00
Nándor István Krácser
c41035732f Merge pull request #1434 from jacksontj/groups 
Add option to enable groups for oidc connectors
 2019-11-27 14:00:36 +01:00
YanJin
e11b2ceeee add issuer in the templates.md 2019-11-25 12:15:07 +01:00
Joel Speed
9d9a1017e4 Add documentation for google connector 2019-11-19 17:12:41 +00:00
Nándor István Krácser
b7184be3dd Merge pull request #1569 from bhageena/master 
Fix spelling errors in docs
 2019-11-05 10:34:40 +01:00
Nándor István Krácser
6d41541964 Merge pull request #1544 from kenperkins/saml-groups 
Adding support for allowed groups in SAML Connector
 2019-10-30 13:28:34 +01:00
Nándor István Krácser
0b56a47571 Merge pull request #1558 from aijingyc/fix_readme_branch 
Fix URLs in curl cmd as stated in the overview doc.
 2019-10-30 13:20:28 +01:00
Nándor István Krácser
799f29fdb5 Merge pull request #1571 from gosharplite/patch-1 
Fix typo
 2019-10-30 13:20:04 +01:00
Tony Hsu
6e35f24399 Fix typo 2019-10-22 11:27:12 +08:00
Chandan Rai
efdb5de6d8 Fix spelling errors in docs 2019-10-14 18:52:40 +05:30
Ta-Ching Chen
76c76a0b39 Add note for redirect uri 2019-10-13 15:24:22 +08:00
j.ai
2c52c52686 Fix URLs in curl cmd as stated in the overview doc. 2019-09-27 17:45:52 -07:00
Thomas Jackson
21ab30d207 Add option to enable groups for oidc connectors 
There's been some discussion in #1065 regarding what to do about
refreshing groups. As it stands today dex doesn't update any of the
claims on refresh (groups would just be another one). The main concern
with enabling it is that group claims may change more frequently. While
we continue to wait on the upstream refresh flows, this adds an option
to enable the group claim. This is disabled by default (so no behavioral
change) but enables those that are willing to have the delay in group
claim change to use oidc IDPs.

Workaround to #1065
 2019-09-13 15:50:33 -07:00
Ken Perkins
285c1f162e connector/saml: Adding group filtering 
- 4 new tests
- Doc changes to use the group filtering
 2019-09-10 10:53:19 -07:00
Stephan Renatus
15ec95bca9 Merge pull request #1521 from erwinvaneyk/patch-1 
Clarify the origin of the ca file in the Kubernetes guide
 2019-08-29 16:24:48 +02:00
Erwin van Eyk
5c99525ed3 Clarify the origin of openid-ca 2019-08-29 16:15:00 +02:00
Michael Venezia
395febf808 storage/kubernetes: Removing Kubernetes TPR support 
Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years.  This commit removes the support dex had for them.

Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support
 2019-08-14 09:28:18 -04:00
Stephan Renatus
d9f6ab4a68 Merge pull request #1512 from venezia/add_reflection 
Add reflection to gRPC API (configurable)
 2019-08-07 13:56:33 +02:00
Michael Venezia
b65966d744 cmd/dex: adding reflection to grpc api, enabled through configuration 2019-08-07 07:37:39 -04:00
Marc-André Dufresne
d458e882aa Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
mkontani
c067761df6 fix mysql sample query 2019-07-30 03:49:53 +09:00
Nandor Kracser
ff34e570b4 connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-28 19:49:49 +02:00
Maxime Desrosiers
458585008b microsoft: option for group UUIDs instead of name and group whitelist 2019-07-25 09:14:33 -04:00
Stephan Renatus
e3203382fc Merge pull request #1493 from srenatus/sr/adopters 
ADOPTERS: replace Documentation/production-users.md, add Chef
 2019-07-23 17:08:11 +02:00
Nandor Kracser
a572ad8fec storage/sql: rework of the original MySQL PR 2019-07-23 14:27:10 +02:00
Stephan Renatus
447f24a81b ADOPTERS: replace Documentation/production-users.md, add Chef 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-23 14:01:17 +02:00
flarno11
8c1716d356 make userName configurable 2019-06-03 14:09:07 +02:00
cappyzawa
9650836851 make userID configurable 2019-05-24 19:52:33 +09:00
Thomas Jackson
52d09a2dfa Add option in oidc to hit the optional userinfo endpoint 
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
 2019-05-23 09:20:48 -07:00
Eric Chiang
0babb2df18 Merge pull request #1435 from bonifaido/bitbucket-docs 
docs: update bitbucket permission requirements
 2019-05-12 10:33:01 -07:00
Nandor Kracser
a08a5811d4 gitlab: support for group whitelist 2019-04-25 12:50:29 +02:00
Nandor Kracser
b1931fc9bd docs: update bitbucket permission requirements 2019-04-25 10:45:00 +02:00
Gerald Barker
fc723af0fe Add option to OIDC connecter to override email_verified to true 2019-03-05 21:24:02 +00:00
Takashi Okamoto
ac290f77aa Fix typo. 2019-02-23 16:34:10 +00:00
Eric Chiang
e913a252cd Merge pull request #1410 from sagikazarmark/fix-typo 
Fix typo
 2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar
c48cb36e8f Fix typo 2019-02-22 20:54:19 +01:00
Nandor Kracser
6c71b330a8 production users: add Banzai Cloud 2019-02-22 16:40:34 +01:00
Stephan Renatus
7bd4071b4c Merge pull request #1396 from jtnord/useLoginId-dexidp 
Use github login as the id
 2019-02-05 13:54:49 +01:00
James Nord
9840fccdbb rename useLoginAsId -> useLoginAsID 2019-02-04 14:05:57 +00:00
Stephan Renatus
b6f4740a15 Merge pull request #1390 from okamototk/activedirectory 
Add Active Directory and kubelogin integration sample.
 2019-02-03 11:09:33 +01:00
James Nord
1911b52c6b Add documentation for the new GitHub useLoginAsId option 2019-02-01 11:37:40 +00:00
Stephan Renatus
4abf3b2102 docs: mirror resolution of #1281 in dev doc 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-01-29 10:29:12 +01:00
Takashi Okamoto
337bbe5f09 fix typos. 2019-01-26 10:44:50 +00:00