Commit Graph

1729 Commits

Author SHA1 Message Date
Stephan Renatus
4a0feaf589 connector/saml: add 'FilterGroups' setting
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924
create github oauthconfig with redirecturl (#1700) 2020-05-12 13:23:00 +02:00
Márk Sági-Kazár
336e284a46
Merge pull request #1701 from tkleczek/static_client_secret_fix
allow no secret for static public clients
2020-05-12 13:07:46 +02:00
Tomasz Kleczek
c830d49884 allow no secret for static public clients
For statically-configured public clients it should be allowed for both
Secret and SecretEnv fields to be empty.
2020-05-05 17:09:09 +02:00
Martijn
0a85a97ba9
Allow preferred_username claim to be set for Crowd connector (#1684)
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
2020-04-23 20:14:15 +02:00
Mattias Sjöström
cd054c71af
Documentation: Fix typo and add specification in openshift connector doc (#1687)
Serviceaccount annotation in oc patch instruction was malformed. Format
specification of Client ID for a Service Account was missing.
2020-04-14 08:55:51 +02:00
Márk Sági-Kazár
83d8853fd9
Merge pull request #1686 from kenperkins/gh-1682
Adding slack channel to README
2020-04-08 08:42:42 +02:00
Ken Perkins
05b8acb974 Adding slack channel to README 2020-04-07 11:03:48 -07:00
Kyle Travis
cfae2eb720
storage/kubernetes: remove shadowed ResourceVersion from Connector (#1673) 2020-04-07 11:02:44 +02:00
Ken Perkins
f6476b62f2
Added Email of Keystone to Identity (#1681)
* Added Email of Keystone to Identity

After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.

This is useful for upstream software that uses the Email as the primary
identification.

* Removed unnecessary code from getUsers

* Changed creation of userResponse in keystone

* Fixing linter error

Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
2020-04-06 15:40:17 +02:00
Nándor István Krácser
ebef257dcd
Merge pull request #1678 from Teeed/auto_consistency_fix
Automatic consistency fixing in case of missing refresh token in db
2020-04-03 14:17:58 +02:00
Tadeusz Magura-Witkowski
0513ce3d6b
Merge branch 'master' into auto_consistency_fix 2020-04-02 10:49:10 +02:00
Nándor István Krácser
ec57e31103
Merge pull request #1645 from JerrySunWRS/master
Wrap Kubernetes host address in square brackets
2020-03-27 08:35:30 +01:00
Tadeusz Magura-Witkowski
7b7e2a040d Automatic consistency fixing in case of missing refresh token in db 2020-03-25 13:43:53 +01:00
Márk Sági-Kazár
3693b74791
Merge pull request #1676 from dexidp/lint-timeout
increase go lint timeout
2020-03-19 16:00:56 +01:00
Nándor István Krácser
db23367150
increase go lint timeout 2020-03-19 15:50:18 +01:00
Nándor István Krácser
741bf029a1
Merge pull request #1670 from klarose/handle-refresh-no-present
handlers: do not fail login if refresh token gone
2020-03-19 13:44:22 +01:00
Kyle Larose
ab5ea03025
handlers: do not fail login if refresh token gone
There is a chance that offline storage could fall out of sync with the
refresh token tables. One example is if dex crashes/is stopped in the
middle of handling a login request. If the old refresh token associated
with the offline session is deleted, and then the process stops, the
offline session will still refer to the old token.

Unfortunately, if this case occurs, there is no way to recover from it,
since further logins will be halted due to dex being unable to clean up
the old tokens till referenced in the offline session: the database is
essentially corrupted.

There doesn't seem to be a good reason to fail the auth request if the
old refresh token is gone. This changes the logic in `handleAuthCode` to
not fail the entire transaction if the old refresh token could not be
deleted because it was not present. This has the effect of installing
the new refresh token, and unpdating the offline storage, thereby fixing
the issue, however it occured.
2020-03-18 12:56:37 -04:00
Nándor István Krácser
277272502b
Merge pull request #1674 from dexidp/githubci-mysql
ci: add mysql service
2020-03-18 15:01:57 +01:00
Nandor Kracser
8ab1ea9334
ci: add mysql service
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-03-18 11:58:41 +01:00
Nándor István Krácser
d820fd45d8
Merge pull request #1664 from lhotrifork/static-client-env-vars
storage/static.go: expand environment variables in client ID and secret
2020-03-03 11:05:08 +01:00
Yann Soubeyrand
99c3ec6820 Add ability to set ID and Secret from environment variables for static clients
Having ID and Secret in clear inside configuration files for static
clients is not ideal. This commit allows setting these from environment
variables.

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
2020-03-03 08:27:13 +01:00
Joel Speed
30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type
Make prompt configurable for oidc offline_access
2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector
new connector for Atlassian Crowd
2020-02-24 10:09:27 +01:00
Nándor István Krácser
2bd4886517
Merge pull request #1661 from sabre1041/openshift-connector-mail
Setting email for OpenShift connector
2020-02-21 17:02:50 +01:00
Andrew Block
76bb453ff3
Setting email for OpenShift connector 2020-02-21 16:53:46 +01:00
Márk Sági-Kazár
b9787d48ac
Merge pull request #1660 from dexidp/checkout-v2
ci: use checkout@v2
2020-02-21 16:16:22 +01:00
Nándor István Krácser
fab0da7b69
ci: use checkout@v2 2020-02-21 15:53:13 +01:00
Nándor István Krácser
edd3a40141
Merge pull request #1659 from dexidp/sql-specific-migrations
storage/sql: allow specifying sql flavor specific migrations
2020-02-21 14:47:14 +01:00
Nandor Kracser
c7e9960c7e
storage/mysql: increase auth_request.state length to 4096
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-02-21 12:53:18 +01:00
Nandor Kracser
80749ffd3f
storage/sql: allow specifying sql flavor specific migrations
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-02-21 12:53:18 +01:00
Nándor István Krácser
1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced
Rework - add support for Resource Owner Password Credentials Grant
2020-02-20 08:27:50 +01:00
Chris Loukas
d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Nándor István Krácser
f17fa67715
Merge pull request #1653 from sdarwin/doc-dex-healthz
update doc regarding health check
2020-02-19 12:44:17 +01:00
Nándor István Krácser
0f8c4db9f6
Merge pull request #1650 from sdarwin/k8s-doc
update kubernetes.md document
2020-02-18 10:18:10 +01:00
sdarwin
49e85a3cb1 update doc regarding health check 2020-02-14 09:24:26 -06:00
sdarwin
11d91c144f update kubernetes.md document 2020-02-13 14:33:38 -06:00
Nándor István Krácser
cf4f88a06e
Merge pull request #1648 from int128/patch-1
Update kubelogin-activedirectory.md for credential plugin mode
2020-02-12 16:15:20 +01:00
Hidetake Iwata
2ec5e5463f
Update kubelogin-activedirectory.md for credential plugin 2020-02-12 21:47:41 +09:00
Jerry Sun
3a3a2bcc86 Wrap Kubernetes host address in square brackets
When constructing the host address string, the address is
not wrapped in square brackets. This does not work in IPv6
Kubernetes deployments. This commit adds square brackets
around the address. IPv4 was also tested to ensure it works
with wrapped address.

Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2020-02-06 14:52:54 -05:00
Ivan Mikheykin
7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Márk Sági-Kazár
0014ca3465
Merge pull request #1644 from cmurphy/tpr-to-crds
Fix kubernetes storage link
2020-02-03 23:05:28 +01:00
Colleen Murphy
7319d3796f Fix kubernetes storage link
In 58093dbb2 the kubernetes documentation was updated to refer to CRDs
rather than TPRs when discussing how storage works for dex. However, the
rest of the line was not updated and still referred to the TPR section,
whose anchor link was changed in 395febf80 with the removal of TPR
support. This change updates the kubernetes documentation to point to
the currect section of the storage documentation for CRDs.
2020-02-03 10:11:40 -08:00
Joel Speed
30cd592801
Merge pull request #1612 from vi7/multiple-user-to-group-mapping
connector/ldap: add multiple user to group mapping
2020-02-02 11:09:05 +00:00
Márk Sági-Kazár
7c7c1de798
Merge pull request #1641 from dexidp/vendor
Vendor dependencies
2020-01-31 10:47:59 +01:00
Mark Sagi-Kazar
0f1927a1ba
Vendor dependencies 2020-01-31 10:32:00 +01:00
Márk Sági-Kazár
ca2d718fe4
Merge pull request #1640 from dexidp/update-dependencies
Update dependencies
2020-01-31 10:28:48 +01:00
Mark Sagi-Kazar
573bbeb7de
Revert grpc update 2020-01-30 18:18:38 +01:00
Mark Sagi-Kazar
3c26c90dcc
Tidy dependencies 2020-01-30 18:03:28 +01:00
Mark Sagi-Kazar
3b4cf282c8
Update jose library 2020-01-30 18:02:59 +01:00