k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
1,276 Commits 1 Branch 0 Tags
9a4e0fcd00dcfbac480bbdefcf244f0b336a5b32
Commit Graph

213 Commits

Author SHA1 Message Date
Josh Winters
9a4e0fcd00 Make OIDC username key configurable 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Nándor István Krácser
62efe7bf07 Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token 
dexidp#1440 Add offline_access scope, if required
 2020-07-08 16:13:26 +02:00
Joel Speed
9d7e472c63 Merge pull request #1720 from candlerb/fix-google 
Allow the "google" connector to work without a service account
 2020-06-19 17:10:23 +01:00
techknowlogick
0a9f56527e Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Brian Candler
442d3de11d Allow the "google" connector to work without a service account 
Fixes #1718
 2020-05-22 09:24:26 +00:00
Márk Sági-Kazár
709d4169d6 Merge pull request #1694 from flant/fix-openshift-root-ca 
Fix OpenShift connector rootCA option
 2020-05-12 13:55:45 +02:00
m.nabokikh
521aa0802f Fix OpenShift connector rootCA option 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-05-12 15:31:27 +04:00
Stephan Renatus
4a0feaf589 connector/saml: add 'FilterGroups' setting 
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924 create github oauthconfig with redirecturl (#1700) 2020-05-12 13:23:00 +02:00
Martijn
0a85a97ba9 Allow preferred_username claim to be set for Crowd connector (#1684) 
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
 2020-04-23 20:14:15 +02:00
Ken Perkins
f6476b62f2 Added Email of Keystone to Identity (#1681) 
* Added Email of Keystone to Identity

After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.

This is useful for upstream software that uses the Email as the primary
identification.

* Removed unnecessary code from getUsers

* Changed creation of userResponse in keystone

* Fixing linter error

Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
 2020-04-06 15:40:17 +02:00
Joel Speed
30ea963bb6 Merge pull request #1656 from taxibeat/oidc-prompt-type 
Make prompt configurable for oidc offline_access
 2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032 Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Andrew Block
76bb453ff3 Setting email for OpenShift connector 2020-02-21 16:53:46 +01:00
Chris Loukas
d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Ivan Mikheykin
7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joel Speed
30cd592801 Merge pull request #1612 from vi7/multiple-user-to-group-mapping 
connector/ldap: add multiple user to group mapping
 2020-02-02 11:09:05 +00:00
Nándor István Krácser
aca67b0839 Merge pull request #1627 from jfrabaute/master 
google: Retrieve all the groups for a user
 2020-01-20 08:30:17 +01:00
linzhaoming
1d3851b0c5 Update gitlab.go 
fix typo
 2020-01-16 11:26:57 +08:00
Fabrice Rabaute
b85d7849ad google: Retrieve all the groups for a user 
The list of groups is paginated (default page is 200), so when a user
has more than 200 groups, only the first 200 are retrieve.

This change is retrieving all the groups for a user by querying all the
pages.
 2020-01-14 13:26:37 -08:00
Vitaliy Dmitriev
e20a795a2a connector/ldap: backward compatibility with single user to group mapping 
Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
 2020-01-14 11:00:32 +01:00
Carl Henrik Lunde
6104295d5e microsoft: Add basic tests 
Implemented similar to connector/github/github_test.go
 2020-01-13 08:51:22 +01:00
Carl Henrik Lunde
5db29eb087 microsoft: Make interface testable 
Enable testing by allowing overriding the API host name in tests
 2020-01-13 08:15:07 +01:00
Nándor István Krácser
3cbba11012 Merge pull request #1610 from flant/oidc-email-scope-check 
Adding oidc email scope check
 2020-01-06 10:20:46 +01:00
Vitaliy Dmitriev
f2e7823db9 connector/ldap: add multiple user to group mapping 
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
 2020-01-03 10:40:21 +01:00
m.nabokikh
383c2fe8b6 Adding oidc email scope check 
This helps to avoid "no email claim" error if email scope was not specified.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2019-12-28 15:28:01 +04:00
Andrew Block
d31f6eabd4 Corrected logic in group verification 2019-12-26 20:32:12 -06:00
Andrew Block
296659cb50 Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block
075ab0938e Fixed formatting 2019-12-22 02:53:10 -05:00
Andrew Block
7e89d8ca24 Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block
02c8f85e4d Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block
db7711d72a Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block
5881a2cfca Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block
48954ca716 Corrected test formatting 2019-12-22 02:27:09 -05:00
Andrew Block
92e63771ac Added OpenShift connector 2019-12-22 02:27:09 -05:00
Nándor István Krácser
a901e2f204 Merge pull request #1604 from dexidp/fix-linters 
Fix linters
 2019-12-20 07:10:22 +01:00
Lars Lehtonen
8e0ae82034 connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle 2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar
65c77e9db2 Fix bodyclose 2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar
2f8d1f8e42 Fix unconvert 2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar
f141f2133b Fix whitespace 2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar
9bd5ae5197 Fix goimports 2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar
367b187cf4 Fix missspell 2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar
142c96c210 Fix stylecheck 2019-12-18 15:50:36 +01:00
Mark Sagi-Kazar
8c3dc0ca66 Remove unused code (fixed: unused, structcheck, deadcode linters) 2019-12-18 15:46:49 +01:00
Mark Sagi-Kazar
d2095bb2d8 Rewrite LDAP tests to use Docker 2019-12-08 20:21:28 +01:00
Nandor Kracser
a38e215891 connector/google: support group whitelisting 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-12-03 16:27:07 +01:00
Nándor István Krácser
c41035732f Merge pull request #1434 from jacksontj/groups 
Add option to enable groups for oidc connectors
 2019-11-27 14:00:36 +01:00
Joel Speed
658a2cc477 Make directory service during init 2019-11-19 17:12:44 +00:00
Joel Speed
554870cea0 Add todo for configurable groups key 2019-11-19 17:12:43 +00:00
Joel Speed
6a9bc889b5 Update comments 2019-11-19 17:12:40 +00:00