Eric Chiang
8b8c076ecf
Documentation: clarify difference between LDAP ports and security guarantees
...
Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.
However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.
We probably want an overaching security doc at some point, but that
can be another PR.
2016-11-23 12:26:44 -08:00
rithu leena john
5ed42be7a5
Merge pull request #702 from ericchiang/connector-interface-cleanup
...
connector: add RefreshConnector interface
2016-11-22 13:10:13 -08:00
Eric Chiang
6980920a3a
*: document the GitHub connector
2016-11-22 12:53:46 -08:00
Eric Chiang
55e97d90a6
*: add tests for the RefreshConnector
2016-11-22 12:53:46 -08:00
Eric Chiang
952e0f81f5
connector: add RefreshConnector interface
2016-11-22 12:53:46 -08:00
Eric Chiang
27fb7c523e
Merge pull request #704 from Calpicow/oidc_callback_fix
...
Fix Google OIDC callback url
2016-11-21 10:31:44 -08:00
Phu Kieu
ba58f3f43b
Fix Google OIDC callback url
2016-11-21 10:25:16 -08:00
Eric Chiang
35f16b6639
Merge pull request #703 from ericchiang/readme-updates
...
*: small README link additions
2016-11-18 17:12:20 -08:00
Eric Chiang
baa9096b6e
*: small README link additions
2016-11-18 17:07:10 -08:00
rithu leena john
8bf70ace74
Merge pull request #701 from ericchiang/ldap-escape-filter
...
connector/ldap: use gopkg.in/ldap.v2's escape filter
2016-11-18 15:28:11 -08:00
Eric Chiang
ae4c32bc3b
connector/ldap: use gopkg.in/ldap.v2's escape filter
...
Use the escape filter method provided by the upstream LDAP package
instead of rolling our own.
2016-11-18 15:16:40 -08:00
rithu leena john
d862561150
Merge pull request #700 from ericchiang/fix-expiry-test-flake
...
server: fix expiry test flake
2016-11-18 14:39:46 -08:00
Eric Chiang
a7db295714
Merge pull request #698 from Calpicow/groupsearch_by_dn
...
Allow getAttr to return DN
2016-11-18 13:55:18 -08:00
Phu Kieu
d4aba443ac
Allow getAttr to return DN
...
Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes
Use when full DN is stored in groupSearch's userAttr
2016-11-18 13:51:47 -08:00
Eric Chiang
5c602d36d9
server: fix expiry test flake
...
Ensure compared times are within a second of one another instead of
rounding, which can flake if the two times are different enough to
do round to different values.
Tested using the golang.org/x/tools/cmd/stress tool.
The following set of commands fail without this patch:
$ go get golang.org/x/tools/cmd/stress
$ go test -o server.test github.com/coreos/dex/server
$ stress ./server.test -test.run=TestOAuth2CodeFlow
219 runs so far, 0 failures
425 runs so far, 0 failures
618 runs so far, 0 failures
802 runs so far, 0 failures
^C
Closes #699
2016-11-18 13:47:16 -08:00
Eric Chiang
f45a1a9375
Merge pull request #697 from Calpicow/enable_groups
...
Enable groups scope
2016-11-18 13:32:01 -08:00
Phu Kieu
35180a72f1
Enable groups scope
2016-11-18 13:13:32 -08:00
rithu leena john
04360fa354
Merge pull request #695 from rithujohn191/add-list-password
...
api: add call to list passwords
2016-11-17 17:23:32 -08:00
rithu john
ee9738d663
api: adding a gRPC call for listing passwords.
2016-11-17 16:56:54 -08:00
Eric Chiang
e6b54250db
Merge pull request #684 from ericchiang/examples-k8s-fixup
...
examples/k8s: update kubernetes examples
2016-11-17 15:28:00 -08:00
Eric Chiang
3ecfaf700e
examples/k8s: update kubernetes examples
2016-11-17 14:10:55 -08:00
Eric Chiang
ff748a2f52
Merge pull request #694 from ericchiang/delete-todo
...
*: remove TODO.md file
2016-11-17 10:59:56 -08:00
Eric Chiang
2b20c4565f
*: remove TODO.md file
...
This existed for when we were developing v2 but v1 was using the
issue tracker. We've since moved these goals to the issue tracker.
2016-11-17 10:53:11 -08:00
rithu john
19c22807a7
api: adding ListPasswords() method to the storage interface.
2016-11-16 17:25:38 -08:00
Eric Chiang
2e74b48492
Merge pull request #690 from rithujohn191/connector-docs
...
Documentation: LDAP connector documentation.
2016-11-16 16:11:44 -08:00
rithu john
8589650605
Documentation: LDAP connector documentation.
2016-11-16 15:29:17 -08:00
Eric Chiang
57178fd5f3
Merge pull request #685 from ericchiang/add-openssl-to-docker-container
...
Dockerfile: add OpenSSL to Docker container
2016-11-16 09:47:23 -08:00
Eric Chiang
13a1ebe053
Merge pull request #689 from cjyar/master
...
connector/ldap: Always set tls.Config.ServerName, to support LDAP ser…
2016-11-15 13:44:43 -08:00
Eric Chiang
91c88c8b12
Merge pull request #688 from SEJeff/patch-1
...
Fix a tyop in the storage documentation
2016-11-15 13:38:15 -08:00
Jeff Schroeder
da6cd9687d
Documentation: fix a typo in the storage documentation
2016-11-15 15:14:11 -06:00
Chris Jones
384ac87deb
connector/ldap: Always set tls.Config.ServerName, to support LDAP servers with public CA certs.
2016-11-15 14:06:39 -07:00
Eric Chiang
2ec3349f5d
Merge pull request #686 from cjyar/master
...
Require the connector to have an ID.
2016-11-15 11:10:22 -08:00
Chris Jones
a2b78c28fc
cmd/dex: validate that connectors have an ID.
2016-11-15 11:39:45 -07:00
Eric Chiang
ff119d1556
Dockerfile: add OpenSSL to Docker container
...
Add OpenSSL to the dex Docker container so wget can be used to query
HTTPS endpoint. This is a requirement for health checking when dex is
doing its own TLS termination.
This increased the image size from 20.37 MB to 20.92 MB (+550 KB).
Additionally add Ed and Rithu as maintainers.
2016-11-14 17:25:19 -08:00
Eric Chiang
e1f6679107
Merge pull request #683 from rithujohn191/add-version-endpoint
...
api: add gRPC definition for version endpoint.
2016-11-14 12:33:09 -08:00
rithu john
de4e23a27b
api: add gRPC definition for version endpoint.
2016-11-14 11:37:48 -08:00
Eric Chiang
36ade89e54
Merge pull request #680 from jvanderhoof/patch-1
...
Small spelling fix.
2016-11-11 13:42:46 -08:00
Jason Vanderhoof
80770df520
Small spelling fix.
2016-11-11 14:24:17 -07:00
Eric Chiang
48449e718c
Merge pull request #676 from srenatus/patch-1
...
README: fix links
2016-11-09 00:06:15 -08:00
Stephan Renatus
18d53e7a28
README: fix links
2016-11-09 09:03:14 +01:00
Eric Chiang
16d5e02cbb
Merge pull request #675 from ericchiang/readme-tweeks
...
README: add link on v2 and section on getting help
2016-11-08 15:30:00 -08:00
Eric Chiang
447253c8de
README: add link on v2 and section on getting help
2016-11-08 15:29:13 -08:00
Eric Chiang
674bec0468
Merge pull request #674 from ericchiang/readme-docs-v2
...
*: readme updates for v2
2016-11-08 15:20:51 -08:00
Eric Chiang
a52e324f68
*: readme updates for v2
2016-11-08 14:36:29 -08:00
Eric Chiang
2417fc9154
Documentation/logos: add logos
2016-11-08 11:51:47 -08:00
Eric Chiang
96fb0733fe
Merge pull request #669 from ericchiang/config-env
...
cmd/dex: only expand from env for storages and connectors
2016-11-05 17:56:11 -07:00
Eric Chiang
5302fefdfb
Merge pull request #671 from ericchiang/fix-server-time-bug
...
server: use seconds instead of nano seconds for expires_in and expiry
2016-11-05 07:56:06 -07:00
Eric Chiang
7f24ebb051
Merge pull request #664 from ericchiang/dev-docs-v2
...
Documentation: add doc describing v2 changes
2016-11-05 07:55:16 -07:00
Eric Chiang
12a5c0ada3
server: use seconds instead of nano seconds for expires_in and expiry
2016-11-04 17:00:10 -07:00
Eric Chiang
c9889683b4
Documentation: add doc describing v2 changes
2016-11-04 16:56:21 -07:00