Commit Graph

213 Commits

Author SHA1 Message Date
Scott Lemmon
a783667c57 Add groupsClaimMapping to the OIDC connector
The groupsClaimMapping setting allows one to specify which claim to pull
group information from the OIDC provider.  Previously it assumed group
information was always in the "groups" claim, but that isn't the case
for many OIDC providers (such as AWS Cognito using the "cognito:groups"
claim instead)

Signed-off-by: Scott Lemmon <slemmon@aurora.tech>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Cyrille Nofficial
61312e726e Add parameter configuration to override email claim key
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Mark Sagi-Kazar
6dadc26ca2
Move the example app to th examples folder
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-07-16 09:48:35 +02:00
Martin Heide
705cf8bb6a Rework to use docker-compose
Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-15 09:49:23 +00:00
Martin Heide
ce337661b9 Add missing slapd.sh script from LDAP docs, and convert it to using Docker
Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-13 15:55:23 +00:00
Mark Sagi-Kazar
1b2ab6fa35
Update api documentation 2020-07-01 14:33:22 +02:00
Mark Sagi-Kazar
e84682d7b9
Add v2 api module 2020-07-01 14:20:57 +02:00
Mark Sagi-Kazar
8b089dc441
Remove remaining references to vendor 2020-06-30 18:55:50 +02:00
techknowlogick
0a9f56527e
Add Gitea connector (#1715)
* Add Gitea connector

* Add details to readme

* resolve lint issue
2020-05-26 13:54:40 +02:00
Stephan Renatus
4a0feaf589 connector/saml: add 'FilterGroups' setting
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2020-05-12 13:29:05 +02:00
Martijn
0a85a97ba9
Allow preferred_username claim to be set for Crowd connector (#1684)
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
2020-04-23 20:14:15 +02:00
Mattias Sjöström
cd054c71af
Documentation: Fix typo and add specification in openshift connector doc (#1687)
Serviceaccount annotation in oc patch instruction was malformed. Format
specification of Client ID for a Service Account was missing.
2020-04-14 08:55:51 +02:00
Joel Speed
30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type
Make prompt configurable for oidc offline_access
2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector
new connector for Atlassian Crowd
2020-02-24 10:09:27 +01:00
Chris Loukas
d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Nándor István Krácser
f17fa67715
Merge pull request #1653 from sdarwin/doc-dex-healthz
update doc regarding health check
2020-02-19 12:44:17 +01:00
sdarwin
49e85a3cb1 update doc regarding health check 2020-02-14 09:24:26 -06:00
sdarwin
11d91c144f update kubernetes.md document 2020-02-13 14:33:38 -06:00
Hidetake Iwata
2ec5e5463f
Update kubelogin-activedirectory.md for credential plugin 2020-02-12 21:47:41 +09:00
Ivan Mikheykin
7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Colleen Murphy
7319d3796f Fix kubernetes storage link
In 58093dbb2 the kubernetes documentation was updated to refer to CRDs
rather than TPRs when discussing how storage works for dex. However, the
rest of the line was not updated and still referred to the TPR section,
whose anchor link was changed in 395febf80 with the removal of TPR
support. This change updates the kubernetes documentation to point to
the currect section of the storage documentation for CRDs.
2020-02-03 10:11:40 -08:00
Vitaliy Dmitriev
f2e7823db9 connector/ldap: add multiple user to group mapping
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
2020-01-03 10:40:21 +01:00
Andrew Block
296659cb50
Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block
5afa02644a
Added OpenShift documentation to README 2019-12-25 11:52:42 -05:00
Andrew Block
92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Márk Sági-Kazár
664fdf76ca
Merge pull request #1605 from dexidp/kubernetes-tests
Rewrite kubernetes tests
2019-12-20 11:41:57 +01:00
Nándor István Krácser
ac242a8bc7
Merge pull request #1590 from ChengYanJin/doc/add-issuer-in-template
add issuer in the templates.md
2019-12-20 09:28:40 +01:00
Mark Sagi-Kazar
3fb85ab009
Remove instructions for kubernetes tests from docs 2019-12-18 17:23:52 +01:00
Nandor Kracser
a38e215891
connector/google: support group whitelisting
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2019-12-03 16:27:07 +01:00
Nándor István Krácser
c41035732f
Merge pull request #1434 from jacksontj/groups
Add option to enable groups for oidc connectors
2019-11-27 14:00:36 +01:00
YanJin
e11b2ceeee add issuer in the templates.md 2019-11-25 12:15:07 +01:00
Joel Speed
9d9a1017e4
Add documentation for google connector 2019-11-19 17:12:41 +00:00
Nándor István Krácser
b7184be3dd
Merge pull request #1569 from bhageena/master
Fix spelling errors in docs
2019-11-05 10:34:40 +01:00
Nándor István Krácser
6d41541964
Merge pull request #1544 from kenperkins/saml-groups
Adding support for allowed groups in SAML Connector
2019-10-30 13:28:34 +01:00
Nándor István Krácser
0b56a47571
Merge pull request #1558 from aijingyc/fix_readme_branch
Fix URLs in curl cmd as stated in the overview doc.
2019-10-30 13:20:28 +01:00
Nándor István Krácser
799f29fdb5
Merge pull request #1571 from gosharplite/patch-1
Fix typo
2019-10-30 13:20:04 +01:00
Tony Hsu
6e35f24399
Fix typo 2019-10-22 11:27:12 +08:00
Chandan Rai
efdb5de6d8 Fix spelling errors in docs 2019-10-14 18:52:40 +05:30
Ta-Ching Chen
76c76a0b39
Add note for redirect uri 2019-10-13 15:24:22 +08:00
j.ai
2c52c52686 Fix URLs in curl cmd as stated in the overview doc. 2019-09-27 17:45:52 -07:00
Thomas Jackson
21ab30d207 Add option to enable groups for oidc connectors
There's been some discussion in #1065 regarding what to do about
refreshing groups. As it stands today dex doesn't update any of the
claims on refresh (groups would just be another one). The main concern
with enabling it is that group claims may change more frequently. While
we continue to wait on the upstream refresh flows, this adds an option
to enable the group claim. This is disabled by default (so no behavioral
change) but enables those that are willing to have the delay in group
claim change to use oidc IDPs.

Workaround to #1065
2019-09-13 15:50:33 -07:00
Ken Perkins
285c1f162e connector/saml: Adding group filtering
- 4 new tests
- Doc changes to use the group filtering
2019-09-10 10:53:19 -07:00
Stephan Renatus
15ec95bca9
Merge pull request #1521 from erwinvaneyk/patch-1
Clarify the origin of the ca file in the Kubernetes guide
2019-08-29 16:24:48 +02:00
Erwin van Eyk
5c99525ed3 Clarify the origin of openid-ca 2019-08-29 16:15:00 +02:00
Michael Venezia
395febf808
storage/kubernetes: Removing Kubernetes TPR support
Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years.  This commit removes the support dex had for them.

Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support
2019-08-14 09:28:18 -04:00
Stephan Renatus
d9f6ab4a68
Merge pull request #1512 from venezia/add_reflection
Add reflection to gRPC API (configurable)
2019-08-07 13:56:33 +02:00
Michael Venezia
b65966d744
cmd/dex: adding reflection to grpc api, enabled through configuration 2019-08-07 07:37:39 -04:00
Marc-André Dufresne
d458e882aa
Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
mkontani
c067761df6 fix mysql sample query 2019-07-30 03:49:53 +09:00
Nandor Kracser
ff34e570b4 connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-28 19:49:49 +02:00