k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,066 Commits 1 Branch 0 Tags
41b7c855d0d95b6e941704f0ab07f218927503d3
Commit Graph

1066 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joel Speed
41b7c855d0 Revert "Update conformance" 
This reverts commit 9c7ceabe8aebf6c740c237c5e76c21397179f901.
 2019-11-19 15:43:16 +00:00
Joel Speed
9ce4393156 Revert "Update SQL storage backend" 2019-11-19 15:43:15 +00:00
Joel Speed
176ba709a4 Revert "Remove connectordata from other structs" 
This reverts commit 27f33516db343bd79b56a47ecef0fe514a35082d.
 2019-11-19 15:43:14 +00:00
Joel Speed
fea048b3e8 Fix SQL updater func 2019-11-19 15:43:13 +00:00
Joel Speed
d38909831c Fix migration in SQL connector 
I didn't realise quite what the migration mechanism was. Have understood
it now.
 2019-11-19 15:43:13 +00:00
Joel Speed
433bb2afec Remove duplicate code 2019-11-19 15:43:12 +00:00
Joel Speed
4076eed17b Build opts based on scope 2019-11-19 15:43:11 +00:00
Joel Speed
80995dff9b Fix SQL storage 2019-11-19 15:43:10 +00:00
Joel Speed
b9b315dd64 Fix conformance tests 2019-11-19 15:43:09 +00:00
Joel Speed
7a76c767fe Update Kubernetes storage backend 2019-11-19 15:43:08 +00:00
Joel Speed
c54f1656c7 Fix ETCD storage backend 2019-11-19 15:43:07 +00:00
Joel Speed
c789c5808e Update conformance 2019-11-19 15:43:06 +00:00
Joel Speed
7fc3f230df Update SQL storage backend 2019-11-19 15:43:05 +00:00
Joel Speed
0857a0fe09 Implement refresh in OIDC connector 
This has added the access=offline parameter and prompt=consent parameter
to the initial request, this works with google, assuming other providers
will ignore the prompt parameter
 2019-11-19 15:43:04 +00:00
Joel Speed
5c88713177 Remove connectordata from other structs 2019-11-19 15:43:03 +00:00
Joel Speed
0352258093 Update handleRefreshToken logic 2019-11-19 15:43:01 +00:00
Joel Speed
575c792156 Store most recent refresh token in offline sessions 2019-11-19 15:40:56 +00:00
Nándor István Krácser
c392236f4f Merge pull request #1586 from serhiimakogon/fix/refresh-handler 
preferred_username claim added on refresh token
 2019-11-19 15:39:17 +01:00
serhiimakogon
b793afd375 preferred_username claim added on refresh token 2019-11-19 16:27:34 +02:00
Nándor István Krácser
b7184be3dd Merge pull request #1569 from bhageena/master 
Fix spelling errors in docs
 2019-11-05 10:34:40 +01:00
Nándor István Krácser
6d41541964 Merge pull request #1544 from kenperkins/saml-groups 
Adding support for allowed groups in SAML Connector
 2019-10-30 13:28:34 +01:00
Nándor István Krácser
f2590ee07d Merge pull request #1545 from jacksontj/getUserInfo 
Run getUserInfo prior to claim enforcement
 2019-10-30 13:26:18 +01:00
Nándor István Krácser
d5d3abca6a Merge pull request #1566 from dexidp/preferred_username 
add preffered_username to idToken
 2019-10-30 13:25:23 +01:00
Nándor István Krácser
0b56a47571 Merge pull request #1558 from aijingyc/fix_readme_branch 
Fix URLs in curl cmd as stated in the overview doc.
 2019-10-30 13:20:28 +01:00
Nándor István Krácser
799f29fdb5 Merge pull request #1571 from gosharplite/patch-1 
Fix typo
 2019-10-30 13:20:04 +01:00
Nándor István Krácser
a58d77a499 Merge pull request #1550 from dexidp/mysql-tx-isolation 
storage/mysql: support pre-5.7.20 instances with tx_isolation only
 2019-10-30 13:14:43 +01:00
Nándor István Krácser
0b55f121b4 Fix missing email in log message 
Co-Authored-By: Felix Fontein <ff@dybuster.com>
 2019-10-30 13:13:33 +01:00
Nándor István Krácser
3f8fd74185 Merge pull request #1568 from life1347/patch-1 
Add note for redirect uri
 2019-10-30 13:12:46 +01:00
Nandor Kracser
c1b421fa04 add preffered_username to idToken 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-10-30 13:06:37 +01:00
Tony Hsu
6e35f24399 Fix typo 2019-10-22 11:27:12 +08:00
Chandan Rai
efdb5de6d8 Fix spelling errors in docs 2019-10-14 18:52:40 +05:30
Ta-Ching Chen
76c76a0b39 Add note for redirect uri 2019-10-13 15:24:22 +08:00
Joel Speed
4bede5eb80 Merge pull request #1554 from yanniszark/feature-web-templates-use-relative-urls 
server: templates: use relative URLs to refer to assets
 2019-10-03 10:49:18 +01:00
Yannis Zarkadas
69d13b766d gitignore: add .idea folder 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
Yannis Zarkadas
59beb7425f web: change header template to use new url function 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
Yannis Zarkadas
27944d4f8f templates: add new relativeURL function 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
Yannis Zarkadas
839130f01c handlers: change all handlers to pass down http request 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
j.ai
2c52c52686 Fix URLs in curl cmd as stated in the overview doc. 2019-09-27 17:45:52 -07:00
Nandor Kracser
d2c33db8a8 storage/mysql: support pre-5.7.20 instances with tx_isolation only 2019-09-23 09:36:01 +02:00
Thomas Jackson
512cb3169e Run getUserInfo prior to claim enforcement 
If you have an oidc connector configured *and* that IDP provides thin
tokens (e.g. okta) then the majority of the requested claims come in the
getUserInfo call (such as email_verified). So if getUserInfo is
configured it should be run before claims are validated.
 2019-09-13 11:10:44 -07:00
Ken Perkins
285c1f162e connector/saml: Adding group filtering 
- 4 new tests
- Doc changes to use the group filtering
 2019-09-10 10:53:19 -07:00
Stephan Renatus
8427f0f15c Merge pull request #1543 from wassan128/fix-typo 
Fix typo
 2019-09-06 08:14:29 +02:00
wassan128
42e8619830 Fix typo 2019-09-06 09:55:09 +09:00
Stephan Renatus
3b7292a08f Merge pull request #1520 from dexidp/gitlab-groups-scope 
gitlab: add groups scope by default when filtering is requested
 2019-09-04 12:21:57 +02:00
Joel Speed
179cce36ef Merge pull request #1540 from stevendanna/ssd/cipher-suites 
Use a more conservative set of CipherSuites
 2019-09-02 11:36:43 +01:00
Steven Danna
46f48b33a1 Use a more conservative set of CipherSuites 
The default cipher suites used by Go include a number of ciphers that
have known weaknesses. In addition to leaving users open to these
weaknesses, the inclusion of these weaker ciphers causes problems with
various automated scanning tools.

This PR disables the CBC-mode, RC4, and 3DES ciphers included in the
Go standard library by passing an explicit cipher suite list.

The ciphers included here are more line with those recommended by
Mozilla for "Intermediate" compatibility. [0]

*Performance Implications*

The Go standard library does capability-based cipher ordering,
preferring AES ciphers if the underlying hardware has AES specific
instructions. [1] Since all of the relevant code is internal modules,
to do the same thing ourselves would require duplicating that
code. Here, I've placed AES based ciphers first.

*Compatibility Implications*

This does reduce the number of clients who will be able to communicate
with dex.

[0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false
[1] a8c2e5c6ad/src/crypto/tls/common.go (L1091)

Signed-off-by: Steven Danna <steve@chef.io>
 2019-08-31 17:34:55 +01:00
Stephan Renatus
c854e760db Merge pull request #1539 from erwinvaneyk/replace-context-import 
Replace x/net/context with stdlib context
 2019-08-31 17:52:18 +02:00
erwinvaneyk
3e2217b3f4 Replace x/net/context with context of stdlib 2019-08-30 11:52:46 +02:00
Stephan Renatus
4f3ab1efb7 Merge pull request #1534 from jthabet/master 
Pydio Cells adopters list
 2019-08-29 16:25:45 +02:00
Stephan Renatus
15ec95bca9 Merge pull request #1521 from erwinvaneyk/patch-1 
Clarify the origin of the ca file in the Kubernetes guide
 2019-08-29 16:24:48 +02:00