Eric Chiang 
							
						 
					 
					
						
						
							
						
						b8ba59d7f6 
					 
					
						
						
							
							*: run LDAP tests in travis  
						
						
						
						
					 
					
						2017-04-10 15:33:07 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						0ac11d93e6 
					 
					
						
						
							
							connector/ldap/testdata: add LDAP schema files  
						
						
						
						
					 
					
						2017-04-10 15:33:07 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						4a93b55c8b 
					 
					
						
						
							
							connector/ldap: add LDAP integration tests  
						
						
						
						
					 
					
						2017-04-10 15:33:07 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						943253fece 
					 
					
						
						
							
							Merge pull request  #898  from ericchiang/saml-cleanup  
						
						... 
						
						
						
						connector/saml: clean up SAML verification logic and comments 
						
						
					 
					
						2017-04-07 14:22:22 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						362e0798a4 
					 
					
						
						
							
							connector/saml: clean up SAML verification logic and comments  
						
						
						
						
					 
					
						2017-04-07 14:13:05 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						258ec4ff4b 
					 
					
						
						
							
							Merge pull request  #897  from Calpicow/issuer_typo  
						
						... 
						
						
						
						Fix entityIssuer -> ssoIssuer typo 
						
						
					 
					
						2017-04-06 14:57:33 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						bd754e2b2d 
					 
					
						
						
							
							Fix entityIssuer -> ssoIssuer typo  
						
						
						
						
					 
					
						2017-04-06 14:50:44 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						53acaa9e7c 
					 
					
						
						
							
							Merge pull request  #896  from Calpicow/audience_validate_fix  
						
						... 
						
						
						
						Validate audience with entityIssuer if present, use redirectURI otherwise 
						
						
					 
					
						2017-04-06 14:47:05 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						47897f73fa 
					 
					
						
						
							
							Validate audience with entityIssuer if present, use redirectURI otherwise  
						
						
						
						
					 
					
						2017-04-06 14:40:56 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						40f0265ab4 
					 
					
						
						
							
							Merge pull request  #885  from Calpicow/saml_issuer_fix  
						
						... 
						
						
						
						Add ssoIssuer to fix Response issuer checking 
						
						
					 
					
						2017-04-06 11:19:47 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						8c0eb67ecd 
					 
					
						
						
							
							Update documentation  
						
						
						
						
					 
					
						2017-04-06 11:06:30 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						217b5ca2c7 
					 
					
						
						
							
							Add ssoIssuer to fix Response issuer checking  
						
						... 
						
						
						
						Rename issuer to entityIssuer 
						
						
					 
					
						2017-04-06 11:05:49 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						207d20777b 
					 
					
						
						
							
							Merge pull request  #893  from ericchiang/fix-saml-validation  
						
						... 
						
						
						
						connector/saml: fix validation bug with multiple Assertion elements 
						
						
					 
					
						2017-04-04 11:18:12 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						a97cffcd52 
					 
					
						
						
							
							connector/saml: refactor tests and add self-signed responses  
						
						... 
						
						
						
						Introduces SAML tests which execute full response processing and
compare user attributes. tesdata now includes a full, self-signed
CA and documents signed using xmlsec1.
Adds deprication notices to existing tests, but don't remove them
since they still provide coverage. 
						
						
					 
					
						2017-04-04 11:11:35 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						e0709dc2ac 
					 
					
						
						
							
							connector/saml: fix validation bug with multiple Assertion elements  
						
						... 
						
						
						
						When a SAML response provided multiple Assertion elements, only the
first one is checked for a valid signature. If the Assertion is
verified, the original Assertion is removed and the canonicalized
version is prepended to the Response. However, if there were
multiple assertions, the second assertion could end up first in the
list of Assertions, even if it was unsigned.
For example this:
    <Response>
      <!--
         Response unsigned. According to SAML spec must check
         assertion signature.
      -->
      <Assertion>
        <Signature>
          <!-- Correrctly signed assertion -->
        </Signature>
      </Assertion>
      <Assertion>
        <!-- Unsigned assertion inserted by attacker-->
      </Assertion>
    </Response>
could be verified then re-ordered to the following:
    <Response>
      <!--
         Response unsigned. According to SAML spec must check
         assertion signature.
      -->
      <Assertion>
        <!-- Unsigned assertion inserted by attacker-->
      </Assertion>
      <Assertion>
        <!-- Canonicalized, correrctly signed assertion -->
      </Assertion>
    </Response>
Fix this by removing all unverified child elements of the Response,
not just the original assertion. 
						
						
					 
					
						2017-04-04 11:11:35 -07:00 
						 
				 
			
				
					
						
							
							
								Lucas Servén 
							
						 
					 
					
						
						
							
						
						a7d443ea2b 
					 
					
						
						
							
							Merge pull request  #891  from squat/garbage_log_info  
						
						... 
						
						
						
						server/server.go: make successful garbage collection log at info level 
						
						
					 
					
						2017-04-04 10:14:43 -07:00 
						 
				 
			
				
					
						
							
							
								Lucas Serven 
							
						 
					 
					
						
						
							
						
						f3d9bd5008 
					 
					
						
						
							
							server/server.go: make successful garbage collection log at info level  
						
						
						
						
					 
					
						2017-04-04 09:47:53 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						f4865a354c 
					 
					
						
						
							
							Merge pull request  #886  from rithujohn191/error-msg-update  
						
						... 
						
						
						
						storage/static.go: correct the error message that gets displayed. 
						
						
					 
					
						2017-03-29 11:54:00 -07:00 
						 
				 
			
				
					
						
							
							
								rithu john 
							
						 
					 
					
						
						
							
						
						5abb4b3df6 
					 
					
						
						
							
							storage/static.go: correct the error message that gets displayed.  
						
						
						
						
					 
					
						2017-03-29 11:32:02 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						5eb8210eb4 
					 
					
						
						
							
							Merge pull request  #883  from ericchiang/scopes-docs  
						
						... 
						
						
						
						Documentation: document dex scopes, claims, and client features 
						
						
					 
					
						2017-03-28 21:26:01 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						8902ddc061 
					 
					
						
						
							
							Merge pull request  #881  from ericchiang/api-test-use-client  
						
						... 
						
						
						
						server: use client connected to remove server for gRPC tests 
						
						
					 
					
						2017-03-28 21:25:55 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						5e34f0d1a6 
					 
					
						
						
							
							Documentation: document dex scopes, claims, and client features  
						
						
						
						
					 
					
						2017-03-28 16:53:06 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						f734b140cd 
					 
					
						
						
							
							server: use client connected to remove server for gRPC tests  
						
						
						
						
					 
					
						2017-03-28 16:41:39 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						42c1eed231 
					 
					
						
						
							
							Merge pull request  #880  from rithujohn191/connector-object  
						
						... 
						
						
						
						storage: add connector object to backend storage. 
						
						
					 
					
						2017-03-28 14:31:08 -07:00 
						 
				 
			
				
					
						
							
							
								rithu john 
							
						 
					 
					
						
						
							
						
						bc55b86d0d 
					 
					
						
						
							
							storage: add connector object to backend storage.  
						
						
						
						
					 
					
						2017-03-28 14:12:38 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						6e50c18458 
					 
					
						
						
							
							Merge pull request  #875  from ericchiang/fix-example-app-custom-ca  
						
						... 
						
						
						
						cmd/example-app: fix custom CA behavior 
						
						
					 
					
						2017-03-24 13:21:20 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						9b0e9ab2ca 
					 
					
						
						
							
							cmd/example-app: fix custom CA behavior  
						
						
						
						
					 
					
						2017-03-24 11:53:28 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						2a6ae0a6ea 
					 
					
						
						
							
							Merge pull request  #870  from Calpicow/fix_assertion_fallback  
						
						... 
						
						
						
						Fix assertion fallback 
						
						
					 
					
						2017-03-24 11:34:30 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						6f9ef961bb 
					 
					
						
						
							
							Use etreeutils.NSSelectOne to select Assertion element  
						
						
						
						
					 
					
						2017-03-24 11:20:53 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						4b457d8c82 
					 
					
						
						
							
							vendor: revendor  
						
						
						
						
					 
					
						2017-03-24 11:03:30 -07:00 
						 
				 
			
				
					
						
							
							
								Phu Kieu 
							
						 
					 
					
						
						
							
						
						b5f70dac36 
					 
					
						
						
							
							glide.yaml: update goxmldsig  
						
						
						
						
					 
					
						2017-03-24 11:02:55 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						5d49e18478 
					 
					
						
						
							
							Merge pull request  #873  from rithujohn191/client-example  
						
						... 
						
						
						
						examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap. 
						
						
					 
					
						2017-03-23 17:24:11 -07:00 
						 
				 
			
				
					
						
							
							
								rithu john 
							
						 
					 
					
						
						
							
						
						562eae3fc7 
					 
					
						
						
							
							examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.  
						
						
						
						
					 
					
						2017-03-23 16:57:23 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						6146e23396 
					 
					
						
						
							
							Merge pull request  #872  from rithujohn191/offline-access-error  
						
						... 
						
						
						
						connector: Connectors without a RefreshConnector should not error out 
						
						
					 
					
						2017-03-23 16:11:45 -07:00 
						 
				 
			
				
					
						
							
							
								rithu john 
							
						 
					 
					
						
						
							
						
						59502850f0 
					 
					
						
						
							
							connector: Connectors without a RefreshConnector should not return a refresh token instead of erroring  
						
						
						
						
					 
					
						2017-03-23 14:56:34 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						b112aa2ecd 
					 
					
						
						
							
							Merge pull request  #869  from ericchiang/saml-response-to  
						
						... 
						
						
						
						*: validate InResponseTo SAML response field and make issuer optional 
						
						
					 
					
						2017-03-22 13:04:41 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						50b223a9db 
					 
					
						
						
							
							*: validate InResponseTo SAML response field and make issuer optional  
						
						
						
						
					 
					
						2017-03-22 13:02:44 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						8b2956ddbc 
					 
					
						
						
							
							Merge pull request  #867  from ericchiang/xml-validation  
						
						... 
						
						
						
						glide.yaml: update goxmldsig 
						
						
					 
					
						2017-03-21 10:27:04 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						910d59865b 
					 
					
						
						
							
							vendor: revendor  
						
						
						
						
					 
					
						2017-03-21 09:27:22 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						5888220965 
					 
					
						
						
							
							glide.yaml: update goxmldsig  
						
						
						
						
					 
					
						2017-03-21 09:25:56 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						95d237003a 
					 
					
						
						
							
							Merge pull request  #855  from ericchiang/static-storage-fallthrough  
						
						... 
						
						
						
						storage: make static storages query real storages for some actions 
						
						
					 
					
						2017-03-20 10:42:34 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						af54f59202 
					 
					
						
						
							
							Merge pull request  #864  from ericchiang/spelling  
						
						... 
						
						
						
						*: fix spelling using github.com/client9/misspell 
						
						
					 
					
						2017-03-20 10:20:16 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						25fdaa67a7 
					 
					
						
						
							
							Merge pull request  #860  from ericchiang/oidc-broken-auth-header  
						
						... 
						
						
						
						connector/oidc: expose oauth2.RegisterBrokenAuthHeaderProvider 
						
						
					 
					
						2017-03-20 09:56:09 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						4c39bc20ae 
					 
					
						
						
							
							storage: make static storages query real storages for some actions  
						
						... 
						
						
						
						If dex is configured with static passwords or clients, let the API
still add or modify objects in the backing storage, so long as
their IDs don't conflict with the static ones. List options now
aggregate resources from the static list and backing storage. 
						
						
					 
					
						2017-03-20 09:39:38 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						33f0199077 
					 
					
						
						
							
							*: fix spelling using github.com/client9/misspell  
						
						
						
						
					 
					
						2017-03-20 09:16:56 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						f503ff7950 
					 
					
						
						
							
							*: add documentation for the OpenID Connect provider  
						
						
						
						
					 
					
						2017-03-20 08:47:02 -07:00 
						 
				 
			
				
					
						
							
							
								Eric Chiang 
							
						 
					 
					
						
						
							
						
						ac032e99f0 
					 
					
						
						
							
							connector/oidc: expose oauth2.RegisterBrokenAuthHeaderProvider  
						
						
						
						
					 
					
						2017-03-20 08:47:02 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						4bf74d8ac3 
					 
					
						
						
							
							Merge pull request  #862  from rithujohn191/update-api  
						
						... 
						
						
						
						api: Update timestamp type for RefreshTokenRef to int64. 
						
						
					 
					
						2017-03-17 15:58:09 -07:00 
						 
				 
			
				
					
						
							
							
								rithu john 
							
						 
					 
					
						
						
							
						
						921090f05f 
					 
					
						
						
							
							api: Update timestamp type for RefreshTokenRef to int64.  
						
						
						
						
					 
					
						2017-03-17 15:46:39 -07:00 
						 
				 
			
				
					
						
							
							
								rithu leena john 
							
						 
					 
					
						
						
							
						
						84af5273c8 
					 
					
						
						
							
							Merge pull request  #854  from rithujohn191/conformance-tests  
						
						... 
						
						
						
						storage/conformance: update conformance tests with multiple entries per resource 
						
						
					 
					
						2017-03-17 10:51:24 -07:00