Stephen Augustus
e1a45ba33e
Merge pull request #1738 from justaugustus/augustus
...
MAINTAINERS: Add Stephen Augustus (@justaugustus)
2020-06-25 15:25:11 -04:00
Stephen Augustus
e151af1b44
MAINTAINERS: Add Stephen Augustus (justaugustus)
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-06-25 13:59:17 -04:00
Stephen Augustus
de871b3f8a
MAINTAINERS: Alpha-sort maintainers
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-06-25 13:16:41 -04:00
Joel Speed
9d7e472c63
Merge pull request #1720 from candlerb/fix-google
...
Allow the "google" connector to work without a service account
2020-06-19 17:10:23 +01:00
Márk Sági-Kazár
2ca992e9b3
Merge pull request #1721 from candlerb/fix-token-comment
...
Fix comment for implicit flow
2020-05-31 21:54:31 +02:00
techknowlogick
0a9f56527e
Add Gitea connector ( #1715 )
...
* Add Gitea connector
* Add details to readme
* resolve lint issue
2020-05-26 13:54:40 +02:00
Brian Candler
442d3de11d
Allow the "google" connector to work without a service account
...
Fixes #1718
2020-05-22 09:24:26 +00:00
Brian Candler
d2c9305e0f
Fix comment for implicit flow
2020-05-21 12:00:53 +01:00
Márk Sági-Kazár
709d4169d6
Merge pull request #1694 from flant/fix-openshift-root-ca
...
Fix OpenShift connector rootCA option
2020-05-12 13:55:45 +02:00
Márk Sági-Kazár
ba723caa0a
Merge pull request #1704 from srenatus/sr/saml/filter-allowed-groups
...
connector/saml: add 'FilterGroups' setting
2020-05-12 13:40:29 +02:00
Márk Sági-Kazár
c0dfeb7068
Merge pull request #1692 from flant/oidc-icon
...
Add icon for OIDC provider
2020-05-12 13:39:53 +02:00
m.nabokikh
47b0d33142
Add icon for OIDC provider
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-05-12 15:33:15 +04:00
m.nabokikh
521aa0802f
Fix OpenShift connector rootCA option
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-05-12 15:31:27 +04:00
Stephan Renatus
4a0feaf589
connector/saml: add 'FilterGroups' setting
...
This should make AllowedGroups equivalent to an LDAP group filter:
When set to true, only the groups from AllowedGroups will be included in the
user's identity.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924
create github oauthconfig with redirecturl ( #1700 )
2020-05-12 13:23:00 +02:00
Márk Sági-Kazár
336e284a46
Merge pull request #1701 from tkleczek/static_client_secret_fix
...
allow no secret for static public clients
2020-05-12 13:07:46 +02:00
Tomasz Kleczek
c830d49884
allow no secret for static public clients
...
For statically-configured public clients it should be allowed for both
Secret and SecretEnv fields to be empty.
2020-05-05 17:09:09 +02:00
Martijn
0a85a97ba9
Allow preferred_username claim to be set for Crowd connector ( #1684 )
...
* Add atlassiancrowd connector to list in readme
* Add TestIdentityFromCrowdUser
* Set preferred_username claim when configured
* Add preferredUsernameField option to docs
* Log warning when mapping invalid crowd field
2020-04-23 20:14:15 +02:00
Mattias Sjöström
cd054c71af
Documentation: Fix typo and add specification in openshift connector doc ( #1687 )
...
Serviceaccount annotation in oc patch instruction was malformed. Format
specification of Client ID for a Service Account was missing.
2020-04-14 08:55:51 +02:00
Márk Sági-Kazár
83d8853fd9
Merge pull request #1686 from kenperkins/gh-1682
...
Adding slack channel to README
2020-04-08 08:42:42 +02:00
Ken Perkins
05b8acb974
Adding slack channel to README
2020-04-07 11:03:48 -07:00
Kyle Travis
cfae2eb720
storage/kubernetes: remove shadowed ResourceVersion from Connector ( #1673 )
2020-04-07 11:02:44 +02:00
Ken Perkins
f6476b62f2
Added Email of Keystone to Identity ( #1681 )
...
* Added Email of Keystone to Identity
After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.
This is useful for upstream software that uses the Email as the primary
identification.
* Removed unnecessary code from getUsers
* Changed creation of userResponse in keystone
* Fixing linter error
Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
2020-04-06 15:40:17 +02:00
Nándor István Krácser
ebef257dcd
Merge pull request #1678 from Teeed/auto_consistency_fix
...
Automatic consistency fixing in case of missing refresh token in db
2020-04-03 14:17:58 +02:00
Tadeusz Magura-Witkowski
0513ce3d6b
Merge branch 'master' into auto_consistency_fix
2020-04-02 10:49:10 +02:00
Nándor István Krácser
ec57e31103
Merge pull request #1645 from JerrySunWRS/master
...
Wrap Kubernetes host address in square brackets
2020-03-27 08:35:30 +01:00
Tadeusz Magura-Witkowski
7b7e2a040d
Automatic consistency fixing in case of missing refresh token in db
2020-03-25 13:43:53 +01:00
Márk Sági-Kazár
3693b74791
Merge pull request #1676 from dexidp/lint-timeout
...
increase go lint timeout
2020-03-19 16:00:56 +01:00
Nándor István Krácser
db23367150
increase go lint timeout
2020-03-19 15:50:18 +01:00
Nándor István Krácser
741bf029a1
Merge pull request #1670 from klarose/handle-refresh-no-present
...
handlers: do not fail login if refresh token gone
2020-03-19 13:44:22 +01:00
Kyle Larose
ab5ea03025
handlers: do not fail login if refresh token gone
...
There is a chance that offline storage could fall out of sync with the
refresh token tables. One example is if dex crashes/is stopped in the
middle of handling a login request. If the old refresh token associated
with the offline session is deleted, and then the process stops, the
offline session will still refer to the old token.
Unfortunately, if this case occurs, there is no way to recover from it,
since further logins will be halted due to dex being unable to clean up
the old tokens till referenced in the offline session: the database is
essentially corrupted.
There doesn't seem to be a good reason to fail the auth request if the
old refresh token is gone. This changes the logic in `handleAuthCode` to
not fail the entire transaction if the old refresh token could not be
deleted because it was not present. This has the effect of installing
the new refresh token, and unpdating the offline storage, thereby fixing
the issue, however it occured.
2020-03-18 12:56:37 -04:00
Nándor István Krácser
277272502b
Merge pull request #1674 from dexidp/githubci-mysql
...
ci: add mysql service
2020-03-18 15:01:57 +01:00
Nandor Kracser
8ab1ea9334
ci: add mysql service
...
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-03-18 11:58:41 +01:00
Nándor István Krácser
d820fd45d8
Merge pull request #1664 from lhotrifork/static-client-env-vars
...
storage/static.go: expand environment variables in client ID and secret
2020-03-03 11:05:08 +01:00
Yann Soubeyrand
99c3ec6820
Add ability to set ID and Secret from environment variables for static clients
...
Having ID and Secret in clear inside configuration files for static
clients is not ideal. This commit allows setting these from environment
variables.
Signed-off-by: Yann Soubeyrand <yann.soubeyrand@gmx.fr>
2020-03-03 08:27:13 +01:00
Joel Speed
30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type
...
Make prompt configurable for oidc offline_access
2020-02-28 10:56:13 +00:00
Nándor István Krácser
b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector
...
new connector for Atlassian Crowd
2020-02-24 10:09:27 +01:00
Nándor István Krácser
2bd4886517
Merge pull request #1661 from sabre1041/openshift-connector-mail
...
Setting email for OpenShift connector
2020-02-21 17:02:50 +01:00
Andrew Block
76bb453ff3
Setting email for OpenShift connector
2020-02-21 16:53:46 +01:00
Márk Sági-Kazár
b9787d48ac
Merge pull request #1660 from dexidp/checkout-v2
...
ci: use checkout@v2
2020-02-21 16:16:22 +01:00
Nándor István Krácser
fab0da7b69
ci: use checkout@v2
2020-02-21 15:53:13 +01:00
Nándor István Krácser
edd3a40141
Merge pull request #1659 from dexidp/sql-specific-migrations
...
storage/sql: allow specifying sql flavor specific migrations
2020-02-21 14:47:14 +01:00
Nandor Kracser
c7e9960c7e
storage/mysql: increase auth_request.state length to 4096
...
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-02-21 12:53:18 +01:00
Nandor Kracser
80749ffd3f
storage/sql: allow specifying sql flavor specific migrations
...
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2020-02-21 12:53:18 +01:00
Nándor István Krácser
1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced
...
Rework - add support for Resource Owner Password Credentials Grant
2020-02-20 08:27:50 +01:00
Chris Loukas
d33a76fa19
Make prompt configurable for oidc offline_access
2020-02-19 16:10:28 +02:00
Nándor István Krácser
f17fa67715
Merge pull request #1653 from sdarwin/doc-dex-healthz
...
update doc regarding health check
2020-02-19 12:44:17 +01:00
Nándor István Krácser
0f8c4db9f6
Merge pull request #1650 from sdarwin/k8s-doc
...
update kubernetes.md document
2020-02-18 10:18:10 +01:00
sdarwin
49e85a3cb1
update doc regarding health check
2020-02-14 09:24:26 -06:00
sdarwin
11d91c144f
update kubernetes.md document
2020-02-13 14:33:38 -06:00