Commit Graph

180 Commits

Author SHA1 Message Date
Stephan Renatus
cbcb1f61f3
dev-integration-tests: update database steps (just use docker)
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Josh Winters
bb11a1ebee github: add 'both' team name field option
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
2018-11-20 10:12:44 -05:00
Stephan Renatus
7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups
Add config to explicitly enable loading all github groups

Follow-up for #1102.
2018-11-20 15:15:25 +01:00
Stephan Renatus
84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups
Gitlab connector should not require the api scope.

Fixes #1347.
2018-11-20 14:49:11 +01:00
gypsydiver
f21e6a0f00 gypsydiver/1347-pr-gitlab-groups 2018-11-20 11:18:50 +01:00
Alexander Matyushentsev
7bd084bc07 Issue #1102 - Add config to explicitly enable loading all github groups 2018-11-19 10:14:38 -08:00
Alex Suraci
7c63be4104 remove incomplete mysql and cockroachdb support 2018-11-16 18:07:20 +00:00
Alexander Matyushentsev
e5ebcf518a Update github connector documentation 2018-11-15 09:24:21 -08:00
Tiago Matias
44e988fb41
point users to storage/RBAC docs 2018-11-05 17:43:23 -02:00
Danny Sauer
b9b21260bc
Add mention of scopes parameter in OIDC doc 2018-10-17 10:48:39 -05:00
Ed Tan
6ffc8fcd8d Rename bitbucket to bitbucketcloud 2018-10-06 11:45:56 -04:00
Ed Tan
d26e23c16f Make suggested code changes 2018-10-05 10:43:49 -04:00
Ed Tan
8c75d85b60 Add Bitbucket connector 2018-09-30 15:08:07 -04:00
Eric Chiang
06241eae9f
Merge pull request #1297 from tburko/use-github-team-slug-instead-of-name
Allow using GitHub Team slug instead of name via connector config option
2018-09-14 10:26:11 -07:00
Taras Burko
bf39130bab Configurable team name field for GitHub connector 2018-09-14 01:09:48 +03:00
Stephan Renatus
1309c1f037 dev-releases.md, Makefile: update release process
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-06 09:09:46 +02:00
Stephan Renatus
b9f6594bf0 *: github.com/coreos/dex -> github.com/dexidp/dex
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
Eric Chiang
4dc3347106
Merge pull request #1279 from AnianZ/master
fix default baseURL for GitLab connector
2018-09-04 08:09:37 -07:00
Anian Z
5454a4729f fix default baseURL for gitlab connector 2018-08-28 19:05:30 +02:00
Ahmed ElRefaey
32e9570116
Fix a breoken link in the oidc readme
Fixed a broken link to An overview of OpenID Connect
2018-07-04 14:56:29 +02:00
Matthias Klan
481f1276a8
Update using-dex.md
fix wrong port from example
2018-05-04 16:14:16 +02:00
Simon Knott
822a10cede
Add missing word 2018-02-24 11:31:51 +01:00
Vy-Shane Xie
b03c85e56e Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token 2018-02-03 18:40:03 +08:00
Eric Chiang
460f48320e Documentation: restructure connector docs to a single folder 2018-01-04 13:50:14 -08:00
Eric Chiang
0811d1a07a document limitations in the OpenID Connect connector 2017-12-20 17:12:00 -08:00
Wyatt Alt
e7d57bb31b Correct "Verifier" method name in using-dex doc
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
2017-12-05 13:38:11 -08:00
Pavel Borzenkov
47df6ea2ff connector/microsoft: add support for groups
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Pavel Borzenkov
6193bf5566 connector: implement Microsoft connector
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
  * common - both personal and business/school accounts
  * organizations - only business/school accounts
  * consumers - only personal accounts
  * <tenant uuid> - only account of specific tenant

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Stephan Renatus
b09a13458f password connectors: allow overriding the username attribute (password prompt)
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Eric Chiang
ccf85a7269
Merge pull request #1108 from dqminh/etcd-storage
Add etcd backed storage
2017-11-06 08:36:43 -08:00
Daniel Dao
a2188bebf1 add documentation for etcd storage
This adds references to etcd storage, including:
- only supports etcd v3
- list of options and their meanings when connecting to etcd cluster
2017-11-06 14:40:25 +00:00
rithu leena john
42ef8fd802
Merge pull request #1072 from ericchiang/k8s-test
*: run kubernetes tests in travis
2017-10-31 10:34:26 -07:00
Eric Chiang
3d2d92b31b *: run kubernetes tests in travis 2017-10-31 10:29:52 -07:00
Pavel Borzenkov
d5a9712aae Documentation: add LinkedIn connector documentation
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-10-27 12:54:28 +03:00
Eric Chiang
3d65b774d6 Merge pull request #1103 from stapelberg/authproxy
authproxy.md: strip X-Remote-User
2017-10-26 14:29:43 -07:00
Michael Stapelberg
4931f30a80 authproxy.md: strip X-Remote-User
follow-up for https://github.com/coreos/dex/pull/1100
2017-10-26 20:13:37 +02:00
Eric Chiang
d099145921 authproxy: update docs and set a userID 2017-10-26 10:47:16 -07:00
Michael Stapelberg
a41d93db4a Implement the “authproxy” connector (for Apache2 mod_auth etc.) 2017-10-25 21:53:51 +02:00
Laurent Rolaz
cca0275b0b Add Documentation about customresourcedefinitions creation role 2017-09-26 20:20:05 +02:00
rithu john
34dcf6c9a0 Documentation: add docs for TPR to CRD migration 2017-09-18 14:24:50 -07:00
rithu john
1311caf864 storage/kubernetes: add CRD support 2017-09-14 11:48:17 -07:00
rithu leena john
e10fddee2e Merge pull request #1031 from estroz/docs-update
Documentation: fix redirect caveat description
2017-08-25 14:58:40 -07:00
Eric Stroczynski
7079bb5316 Documentation: add org info req, remove redirect caveat
The redirect caveat is being removed to avoid user confusion and is
not important outside of testing.
2017-08-25 14:51:10 -07:00
Eric Stroczynski
9c6b6d565e Documentation: oidc conformance test case and issue tables 2017-08-25 13:43:21 -07:00
Eric Stroczynski
a065533256 Documentation: OIDC conformance test setup 2017-08-25 01:05:53 -07:00
rithu leena john
e40c01ec39 Merge pull request #1022 from ericchiang/ldap-example
*: add "getting started" example for LDAP
2017-08-22 10:46:55 -07:00
Eric Chiang
50f2905cac *: add standup script for LDAP 2017-08-22 10:37:29 -07:00
Eric Stroczynski
bb36c96674 Documentation: fixed GitHub link syntax 2017-08-16 14:10:23 -07:00
Eric Stroczynski
71de7e8414 Documentation: github org redirect caveat 2017-08-11 16:42:33 -07:00
Eric Stroczynski
26527011ab connector/github: enable private, primary emails; refactor API calls
Documentation: removed private emails caveats section
2017-08-08 18:04:34 -07:00
Eric Stroczynski
45bf061236 Merge pull request #1013 from estroz/multi-org-team-filters
connector/github: multiple orgs, query by teams
2017-08-08 11:37:21 -07:00
Eric Stroczynski
9d154802a2 connector/github: multiple orgs, query by teams
Documentation: examples of GitHub `orgs` field with multiple orgs
and org with teams; note legacy behavior
2017-08-08 10:57:42 -07:00
Luk Burchard
4365d97162 Update api.md 2017-08-07 18:10:56 +02:00
rithu john
6f9127b4ae Documentation: add a group query example for the ldap connector. 2017-07-13 12:41:40 -07:00
rithu leena john
a5d218fd08 Merge pull request #974 from roguePanda/google-hosted-domain
Google hosted domain support
2017-07-07 10:26:28 -07:00
rithu leena john
92a988e4cc Merge pull request #977 from Zakjholt/patch-1
Update using-dex.md
2017-06-22 17:36:34 -07:00
Zak Holt
43f0e8530b Update using-dex.md 2017-06-22 10:53:57 -04:00
Zak Holt
41a20dbb2a Update using-dex.md 2017-06-22 09:13:12 -04:00
Ben Navetta
cbb007663f add documentation and tests 2017-06-21 22:56:02 -07:00
rithu john
d6c1b0f42b Documentation/github-connector: warn user that GitHub email id should be public. 2017-06-20 09:53:27 -07:00
rithu john
081e68a16a Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction. 2017-05-16 14:32:15 -07:00
Eric Chiang
95334ad51d Documentation: add docs on public clients 2017-05-09 17:09:49 -07:00
Eric Chiang
c400e860fe Documentation: more diagrams 2017-04-21 14:51:46 -07:00
Tom Gamble
0edd0b2fb4 Update kubernetes.md
fixed typo
2017-04-21 15:33:42 -04:00
Eric Chiang
47f48658c2 Merge pull request #917 from ericchiang/add-using-dex-doc
Documentation: add a doc describing how to use dex
2017-04-21 11:45:58 -07:00
Eric Chiang
a4cb57ab5d Documentation: add a doc describing how to use dex 2017-04-21 11:35:34 -07:00
Filip
57aa32562b Updated documentation for dex on k8s when RBAC authorization is used 2017-04-13 15:14:21 +02:00
Eric Chiang
74f5eaf47e connector/ldap: support the StartTLS flow for secure connections
When connecting to an LDAP server, there are three ways to connect:

1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).

This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.

See a writeup here:

http://www.openldap.org/faq/data/cache/185.html
2017-04-12 15:25:42 -07:00
Eric Chiang
c3cafc8f39 Merge pull request #902 from ericchiang/saml-stable
*: promote SAML to stable
2017-04-11 10:13:22 -07:00
Eric Chiang
5f377f07d4 *: promote SAML to stable
This means we no longer refer to it as "experimental" and wont make
breaking changes.
2017-04-11 10:09:48 -07:00
rithu john
76b9eb1db9 connector/github: add support for github enterprise. 2017-04-11 10:04:59 -07:00
Phu Kieu
47897f73fa Validate audience with entityIssuer if present, use redirectURI otherwise 2017-04-06 14:40:56 -07:00
Phu Kieu
8c0eb67ecd Update documentation 2017-04-06 11:06:30 -07:00
Eric Chiang
5e34f0d1a6 Documentation: document dex scopes, claims, and client features 2017-03-28 16:53:06 -07:00
Eric Chiang
50b223a9db *: validate InResponseTo SAML response field and make issuer optional 2017-03-22 13:02:44 -07:00
Eric Chiang
f503ff7950 *: add documentation for the OpenID Connect provider 2017-03-20 08:47:02 -07:00
Derek McQuay
9b052f37c9
clearified redirect-uri and make cmd location 2017-03-09 22:36:37 -08:00
Derek McQuay
a6ab82d6c0
update kubernetes example-app explanation
Clarify some potentially confusing issues with how to run and build the
example-app binary.
2017-03-09 17:17:07 -08:00
Eric Chiang
ee27a4f9f4 *: only use docker when releasing, update to Go 1.8, remove aci scripts
This change modifies our release process to only require Docker
when building a release and updates our released binary to use Go
1.8. It also removes our .aci scripts, which we've not been
regularly building.

A nice consequence is that OSX users can now build a release image.
2017-03-09 10:46:09 -08:00
Paul Burt
a660e7cd7a Added produciton-users and integrations pages 2017-03-03 13:49:22 -05:00
rithu john
fa2f76bcdb examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
Jeff Schroeder
58d80547ef [storage.md] Fix the ThirdPartyResource syntax
This makes manually creating the `o-auth2-client.oidc.coreos.com` actually work.
2017-02-24 15:35:29 -06:00
Carlos Alexandro Becker
f57e19e6ab simplified clone: using go get 2017-02-22 09:33:01 -03:00
Eric Chiang
adf3703962 Documentation: warn admins not to edit dex ThirdPartyResources manually 2017-02-06 10:35:27 -08:00
rithu john
fecd596ae2 Documentation: Minor changes to SAML connector doc. 2017-02-01 11:28:46 -08:00
rithu leena john
27224cdc98 Merge pull request #788 from givia/gitlab-connector
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
Ali Javadi
e623ad4d35 connector: add GitLab connector 2017-01-28 01:36:02 +03:30
rithu john
d114b8ffc7 Documentation/proposals: Add a proposal for refresh token revocation. 2017-01-27 09:37:01 -08:00
rithu john
31e8009441 cmd/dex: make connector name field mandatory in dex configuration. 2017-01-23 15:14:41 -08:00
Eric Chiang
613d160ad9 Merge pull request #782 from marians/patch-1
Docs: Added a name to the LDAP connector
2017-01-23 09:07:24 -08:00
Marian Steinbach
38a2e41e0a Added a name to the connector
Without a name, the example app's login form will only show `Log in with` as a button label.
2017-01-23 10:46:29 +01:00
Andrew Johnstone
b10c0a1c87 Update kubernetes.md 2017-01-23 06:28:21 +00:00
rithu john
265cfacd17 Documentation: add docs on patch release process. 2017-01-17 11:49:09 -08:00
y2kenny
4d4cb99459 Removed extra o typo 2017-01-11 15:47:55 -05:00
Eric Chiang
0f4a1f69c5 *: wire up SAML POST binding 2017-01-09 18:30:58 -08:00
Eric Chiang
d87a4c35b9 *: add 'make revendor' and tests to catch incorrect glide usage
Introducing glide-vc caused us to unknowingly removed our Go
protobuf compiler (since it's a main). Add flags to glide-vc usage
to remedy this.

Since we now require several glide and glide-vc flags, add a Makfile
target and tests to catch when PRs don't use the correct flags.
2016-12-22 11:52:24 -08:00
Eric Chiang
566bb2d1af Documentation: add notes on patch release branches 2016-12-12 15:29:00 -08:00
Eric Chiang
6dbe6e8ab5 Documentation: add examples of mapping LDAP schema to a search 2016-12-09 09:42:28 -08:00
Eric Chiang
e2aa095680 Documentation: add document on managing dependencies 2016-12-07 13:23:19 -08:00
Eric Chiang
e267dbd236 Merge pull request #708 from ericchiang/ldap-security-docs
Documentation: clarify difference between LDAP ports and security guarentees
2016-11-28 17:07:24 -08:00