Commit Graph

223 Commits

Author SHA1 Message Date
Márk Sági-Kazár
a64e7c2986
Merge pull request #1769 from batara666/master
ldap.go: drop else on returned if block
2020-09-16 17:47:52 +02:00
Rui Yang
058202d007 revert changes for user id and user name
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-09-08 13:12:59 -04:00
Rui Yang
0494993326 update oidc documentation and email claim err msg
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-09-08 10:03:57 -04:00
Rui Yang
41207ba265 Combine #1691 and #1776 to unify OIDC provider claim mapping
add tests for groups key mapping

Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Scott Lemmon
a783667c57 Add groupsClaimMapping to the OIDC connector
The groupsClaimMapping setting allows one to specify which claim to pull
group information from the OIDC provider.  Previously it assumed group
information was always in the "groups" claim, but that isn't the case
for many OIDC providers (such as AWS Cognito using the "cognito:groups"
claim instead)

Signed-off-by: Scott Lemmon <slemmon@aurora.tech>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Cyrille Nofficial
61312e726e Add parameter configuration to override email claim key
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
52c39fb130 check if upstream contains preferrend username claim first
Signed-off-by: Rui Yang <ryang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
4812079647 add tests when preferred username key is not set
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
d9afb7e59c default to preferred_username claim
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Josh Winters
9a4e0fcd00 Make OIDC username key configurable
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
batara666
6499f5bfd3
ldap.go: drop else on returned if block 2020-07-27 22:27:55 +07:00
Nándor István Krácser
62efe7bf07
Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token
dexidp#1440 Add offline_access scope, if required
2020-07-08 16:13:26 +02:00
Joel Speed
9d7e472c63
Merge pull request #1720 from candlerb/fix-google
Allow the "google" connector to work without a service account
2020-06-19 17:10:23 +01:00
techknowlogick
0a9f56527e
Add Gitea connector (#1715)
* Add Gitea connector

* Add details to readme

* resolve lint issue
2020-05-26 13:54:40 +02:00
Brian Candler
442d3de11d Allow the "google" connector to work without a service account
Fixes #1718
2020-05-22 09:24:26 +00:00
Márk Sági-Kazár
709d4169d6
Merge pull request #1694 from flant/fix-openshift-root-ca
Fix OpenShift connector rootCA option
2020-05-12 13:55:45 +02:00
m.nabokikh
521aa0802f Fix OpenShift connector rootCA option
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-05-12 15:31:27 +04:00
Stephan Renatus
4a0feaf589 connector/saml: add 'FilterGroups' setting
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924
create github oauthconfig with redirecturl (#1700) 2020-05-12 13:23:00 +02:00
Martijn
0a85a97ba9
Allow preferred_username claim to be set for Crowd connector (#1684)
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
2020-04-23 20:14:15 +02:00
Ken Perkins
f6476b62f2
Added Email of Keystone to Identity (#1681)
* Added Email of Keystone to Identity

After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.

This is useful for upstream software that uses the Email as the primary
identification.

* Removed unnecessary code from getUsers

* Changed creation of userResponse in keystone

* Fixing linter error

Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
2020-04-06 15:40:17 +02:00
Joel Speed
30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type
Make prompt configurable for oidc offline_access
2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector
new connector for Atlassian Crowd
2020-02-24 10:09:27 +01:00
Andrew Block
76bb453ff3
Setting email for OpenShift connector 2020-02-21 16:53:46 +01:00
Chris Loukas
d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Ivan Mikheykin
7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joel Speed
30cd592801
Merge pull request #1612 from vi7/multiple-user-to-group-mapping
connector/ldap: add multiple user to group mapping
2020-02-02 11:09:05 +00:00
Nándor István Krácser
aca67b0839
Merge pull request #1627 from jfrabaute/master
google: Retrieve all the groups for a user
2020-01-20 08:30:17 +01:00
linzhaoming
1d3851b0c5
Update gitlab.go
fix typo
2020-01-16 11:26:57 +08:00
Fabrice Rabaute
b85d7849ad
google: Retrieve all the groups for a user
The list of groups is paginated (default page is 200), so when a user
has more than 200 groups, only the first 200 are retrieve.

This change is retrieving all the groups for a user by querying all the
pages.
2020-01-14 13:26:37 -08:00
Vitaliy Dmitriev
e20a795a2a connector/ldap: backward compatibility with single user to group mapping
Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
2020-01-14 11:00:32 +01:00
Carl Henrik Lunde
6104295d5e microsoft: Add basic tests
Implemented similar to connector/github/github_test.go
2020-01-13 08:51:22 +01:00
Carl Henrik Lunde
5db29eb087 microsoft: Make interface testable
Enable testing by allowing overriding the API host name in tests
2020-01-13 08:15:07 +01:00
Nándor István Krácser
3cbba11012
Merge pull request #1610 from flant/oidc-email-scope-check
Adding oidc email scope check
2020-01-06 10:20:46 +01:00
Vitaliy Dmitriev
f2e7823db9 connector/ldap: add multiple user to group mapping
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
2020-01-03 10:40:21 +01:00
m.nabokikh
383c2fe8b6 Adding oidc email scope check
This helps to avoid "no email claim" error if email scope was not specified.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2019-12-28 15:28:01 +04:00
Andrew Block
d31f6eabd4
Corrected logic in group verification 2019-12-26 20:32:12 -06:00
Andrew Block
296659cb50
Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block
075ab0938e
Fixed formatting 2019-12-22 02:53:10 -05:00
Andrew Block
7e89d8ca24
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block
02c8f85e4d
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block
db7711d72a
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block
5881a2cfca
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block
48954ca716
Corrected test formatting 2019-12-22 02:27:09 -05:00
Andrew Block
92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Nándor István Krácser
a901e2f204
Merge pull request #1604 from dexidp/fix-linters
Fix linters
2019-12-20 07:10:22 +01:00
Lars Lehtonen
8e0ae82034
connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle 2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar
65c77e9db2
Fix bodyclose 2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar
2f8d1f8e42
Fix unconvert 2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar
f141f2133b
Fix whitespace 2019-12-18 15:56:12 +01:00