Thomas Jackson
52d09a2dfa
Add option in oidc to hit the optional userinfo endpoint
...
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
2019-05-23 09:20:48 -07:00
Eric Chiang
0babb2df18
Merge pull request #1435 from bonifaido/bitbucket-docs
...
docs: update bitbucket permission requirements
2019-05-12 10:33:01 -07:00
Nandor Kracser
a08a5811d4
gitlab: support for group whitelist
2019-04-25 12:50:29 +02:00
Nandor Kracser
b1931fc9bd
docs: update bitbucket permission requirements
2019-04-25 10:45:00 +02:00
Gerald Barker
fc723af0fe
Add option to OIDC connecter to override email_verified to true
2019-03-05 21:24:02 +00:00
Takashi Okamoto
ac290f77aa
Fix typo.
2019-02-23 16:34:10 +00:00
Eric Chiang
e913a252cd
Merge pull request #1410 from sagikazarmark/fix-typo
...
Fix typo
2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar
c48cb36e8f
Fix typo
2019-02-22 20:54:19 +01:00
Nandor Kracser
6c71b330a8
production users: add Banzai Cloud
2019-02-22 16:40:34 +01:00
Stephan Renatus
7bd4071b4c
Merge pull request #1396 from jtnord/useLoginId-dexidp
...
Use github login as the id
2019-02-05 13:54:49 +01:00
James Nord
9840fccdbb
rename useLoginAsId -> useLoginAsID
2019-02-04 14:05:57 +00:00
Stephan Renatus
b6f4740a15
Merge pull request #1390 from okamototk/activedirectory
...
Add Active Directory and kubelogin integration sample.
2019-02-03 11:09:33 +01:00
James Nord
1911b52c6b
Add documentation for the new GitHub useLoginAsId option
2019-02-01 11:37:40 +00:00
Stephan Renatus
4abf3b2102
docs: mirror resolution of #1281 in dev doc
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:29:12 +01:00
Takashi Okamoto
337bbe5f09
fix typos.
2019-01-26 10:44:50 +00:00
Takashi Okamoto
1b7b3515d7
Add Active Directory instruction.
2019-01-26 04:26:01 +00:00
Takashi Okamoto
fbdb55aba9
Add doc for kubelogin and Active Directory ingtegration sample.
2019-01-26 04:16:55 +00:00
Joshua M. Dotson
46296ab9d0
Documentation/dev-dependencies.md: Update for Go modules
2018-12-04 20:06:22 +00:00
Stephan Renatus
007e4dae3c
Merge pull request #1358 from OwenTuz/issue-1132-initial-kubernetes-documentation-improvements
...
Kubernetes docs: clarify steps around use/creation of TLS assets.
2018-11-26 13:54:44 +01:00
Owen Tuz
9ea2ade208
LDAP docs - remove extra wording re DN
2018-11-26 11:50:44 +00:00
Owen Tuz
e603a5e631
LDAP connector - Document that 'DN' must be in capitals
2018-11-26 10:02:41 +00:00
Owen Tuz
9b5122568a
Kubernetes docs: replace absolute link with relative
2018-11-23 13:54:49 +00:00
Owen Tuz
72c9cf43a9
Fix comment in LDAP query documentation
2018-11-23 11:00:18 +00:00
Owen Tuz
45eb9b279b
Kubernetes docs: wording nitpicks
2018-11-23 10:53:37 +00:00
Owen Tuz
58093dbb29
Kubernetes example: Add RBAC resources and serviceAccount to YAML manifest, remove some references to deprecated TPR approach
2018-11-23 10:48:00 +00:00
Owen Tuz
e028b79c97
Kubernetes docs: clarify steps around use/creation of TLS assets.
2018-11-22 13:37:50 +00:00
Stephan Renatus
58b546a5be
dev-integration-test: add etcd notes
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
cbcb1f61f3
dev-integration-tests: update database steps (just use docker)
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Josh Winters
bb11a1ebee
github: add 'both' team name field option
...
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.
Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
2018-11-20 10:12:44 -05:00
Stephan Renatus
7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups
...
Add config to explicitly enable loading all github groups
Follow-up for #1102 .
2018-11-20 15:15:25 +01:00
Stephan Renatus
84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups
...
Gitlab connector should not require the api scope.
Fixes #1347 .
2018-11-20 14:49:11 +01:00
gypsydiver
f21e6a0f00
gypsydiver/1347-pr-gitlab-groups
2018-11-20 11:18:50 +01:00
Alexander Matyushentsev
7bd084bc07
Issue #1102 - Add config to explicitly enable loading all github groups
2018-11-19 10:14:38 -08:00
Alex Suraci
7c63be4104
remove incomplete mysql and cockroachdb support
2018-11-16 18:07:20 +00:00
Alexander Matyushentsev
e5ebcf518a
Update github connector documentation
2018-11-15 09:24:21 -08:00
Tiago Matias
44e988fb41
point users to storage/RBAC docs
2018-11-05 17:43:23 -02:00
Danny Sauer
b9b21260bc
Add mention of scopes
parameter in OIDC doc
2018-10-17 10:48:39 -05:00
Ed Tan
6ffc8fcd8d
Rename bitbucket to bitbucketcloud
2018-10-06 11:45:56 -04:00
Ed Tan
d26e23c16f
Make suggested code changes
2018-10-05 10:43:49 -04:00
Ed Tan
8c75d85b60
Add Bitbucket connector
2018-09-30 15:08:07 -04:00
Eric Chiang
06241eae9f
Merge pull request #1297 from tburko/use-github-team-slug-instead-of-name
...
Allow using GitHub Team slug instead of name via connector config option
2018-09-14 10:26:11 -07:00
Taras Burko
bf39130bab
Configurable team name field for GitHub connector
2018-09-14 01:09:48 +03:00
Stephan Renatus
1309c1f037
dev-releases.md, Makefile: update release process
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-06 09:09:46 +02:00
Stephan Renatus
b9f6594bf0
*: github.com/coreos/dex -> github.com/dexidp/dex
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
Eric Chiang
4dc3347106
Merge pull request #1279 from AnianZ/master
...
fix default baseURL for GitLab connector
2018-09-04 08:09:37 -07:00
Anian Z
5454a4729f
fix default baseURL for gitlab connector
2018-08-28 19:05:30 +02:00
Ahmed ElRefaey
32e9570116
Fix a breoken link in the oidc readme
...
Fixed a broken link to An overview of OpenID Connect
2018-07-04 14:56:29 +02:00
Matthias Klan
481f1276a8
Update using-dex.md
...
fix wrong port from example
2018-05-04 16:14:16 +02:00
Simon Knott
822a10cede
Add missing word
2018-02-24 11:31:51 +01:00
Vy-Shane Xie
b03c85e56e
Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token
2018-02-03 18:40:03 +08:00
Eric Chiang
460f48320e
Documentation: restructure connector docs to a single folder
2018-01-04 13:50:14 -08:00
Eric Chiang
0811d1a07a
document limitations in the OpenID Connect connector
2017-12-20 17:12:00 -08:00
Wyatt Alt
e7d57bb31b
Correct "Verifier" method name in using-dex doc
...
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
2017-12-05 13:38:11 -08:00
Pavel Borzenkov
47df6ea2ff
connector/microsoft: add support for groups
...
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Pavel Borzenkov
6193bf5566
connector: implement Microsoft connector
...
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
* common - both personal and business/school accounts
* organizations - only business/school accounts
* consumers - only personal accounts
* <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Stephan Renatus
b09a13458f
password connectors: allow overriding the username attribute (password prompt)
...
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.
Before, irregardless of how the LDAP connector was set up, the prompt
was
Username
[_________________]
Password
[_________________]
Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.
If it's not configured, it will default to "Username".
For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Eric Chiang
ccf85a7269
Merge pull request #1108 from dqminh/etcd-storage
...
Add etcd backed storage
2017-11-06 08:36:43 -08:00
Daniel Dao
a2188bebf1
add documentation for etcd storage
...
This adds references to etcd storage, including:
- only supports etcd v3
- list of options and their meanings when connecting to etcd cluster
2017-11-06 14:40:25 +00:00
rithu leena john
42ef8fd802
Merge pull request #1072 from ericchiang/k8s-test
...
*: run kubernetes tests in travis
2017-10-31 10:34:26 -07:00
Eric Chiang
3d2d92b31b
*: run kubernetes tests in travis
2017-10-31 10:29:52 -07:00
Pavel Borzenkov
d5a9712aae
Documentation: add LinkedIn connector documentation
...
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-10-27 12:54:28 +03:00
Eric Chiang
3d65b774d6
Merge pull request #1103 from stapelberg/authproxy
...
authproxy.md: strip X-Remote-User
2017-10-26 14:29:43 -07:00
Michael Stapelberg
4931f30a80
authproxy.md: strip X-Remote-User
...
follow-up for https://github.com/coreos/dex/pull/1100
2017-10-26 20:13:37 +02:00
Eric Chiang
d099145921
authproxy: update docs and set a userID
2017-10-26 10:47:16 -07:00
Michael Stapelberg
a41d93db4a
Implement the “authproxy” connector (for Apache2 mod_auth etc.)
2017-10-25 21:53:51 +02:00
Laurent Rolaz
cca0275b0b
Add Documentation about customresourcedefinitions creation role
2017-09-26 20:20:05 +02:00
rithu john
34dcf6c9a0
Documentation: add docs for TPR to CRD migration
2017-09-18 14:24:50 -07:00
rithu john
1311caf864
storage/kubernetes: add CRD support
2017-09-14 11:48:17 -07:00
rithu leena john
e10fddee2e
Merge pull request #1031 from estroz/docs-update
...
Documentation: fix redirect caveat description
2017-08-25 14:58:40 -07:00
Eric Stroczynski
7079bb5316
Documentation: add org info req, remove redirect caveat
...
The redirect caveat is being removed to avoid user confusion and is
not important outside of testing.
2017-08-25 14:51:10 -07:00
Eric Stroczynski
9c6b6d565e
Documentation: oidc conformance test case and issue tables
2017-08-25 13:43:21 -07:00
Eric Stroczynski
a065533256
Documentation: OIDC conformance test setup
2017-08-25 01:05:53 -07:00
rithu leena john
e40c01ec39
Merge pull request #1022 from ericchiang/ldap-example
...
*: add "getting started" example for LDAP
2017-08-22 10:46:55 -07:00
Eric Chiang
50f2905cac
*: add standup script for LDAP
2017-08-22 10:37:29 -07:00
Eric Stroczynski
bb36c96674
Documentation: fixed GitHub link syntax
2017-08-16 14:10:23 -07:00
Eric Stroczynski
71de7e8414
Documentation: github org redirect caveat
2017-08-11 16:42:33 -07:00
Eric Stroczynski
26527011ab
connector/github: enable private, primary emails; refactor API calls
...
Documentation: removed private emails caveats section
2017-08-08 18:04:34 -07:00
Eric Stroczynski
45bf061236
Merge pull request #1013 from estroz/multi-org-team-filters
...
connector/github: multiple orgs, query by teams
2017-08-08 11:37:21 -07:00
Eric Stroczynski
9d154802a2
connector/github: multiple orgs, query by teams
...
Documentation: examples of GitHub `orgs` field with multiple orgs
and org with teams; note legacy behavior
2017-08-08 10:57:42 -07:00
Luk Burchard
4365d97162
Update api.md
2017-08-07 18:10:56 +02:00
rithu john
6f9127b4ae
Documentation: add a group query example for the ldap connector.
2017-07-13 12:41:40 -07:00
rithu leena john
a5d218fd08
Merge pull request #974 from roguePanda/google-hosted-domain
...
Google hosted domain support
2017-07-07 10:26:28 -07:00
rithu leena john
92a988e4cc
Merge pull request #977 from Zakjholt/patch-1
...
Update using-dex.md
2017-06-22 17:36:34 -07:00
Zak Holt
43f0e8530b
Update using-dex.md
2017-06-22 10:53:57 -04:00
Zak Holt
41a20dbb2a
Update using-dex.md
2017-06-22 09:13:12 -04:00
Ben Navetta
cbb007663f
add documentation and tests
2017-06-21 22:56:02 -07:00
rithu john
d6c1b0f42b
Documentation/github-connector: warn user that GitHub email id should be public.
2017-06-20 09:53:27 -07:00
rithu john
081e68a16a
Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction.
2017-05-16 14:32:15 -07:00
Eric Chiang
95334ad51d
Documentation: add docs on public clients
2017-05-09 17:09:49 -07:00
Eric Chiang
c400e860fe
Documentation: more diagrams
2017-04-21 14:51:46 -07:00
Tom Gamble
0edd0b2fb4
Update kubernetes.md
...
fixed typo
2017-04-21 15:33:42 -04:00
Eric Chiang
47f48658c2
Merge pull request #917 from ericchiang/add-using-dex-doc
...
Documentation: add a doc describing how to use dex
2017-04-21 11:45:58 -07:00
Eric Chiang
a4cb57ab5d
Documentation: add a doc describing how to use dex
2017-04-21 11:35:34 -07:00
Filip
57aa32562b
Updated documentation for dex on k8s when RBAC authorization is used
2017-04-13 15:14:21 +02:00
Eric Chiang
74f5eaf47e
connector/ldap: support the StartTLS flow for secure connections
...
When connecting to an LDAP server, there are three ways to connect:
1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).
This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.
See a writeup here:
http://www.openldap.org/faq/data/cache/185.html
2017-04-12 15:25:42 -07:00
Eric Chiang
c3cafc8f39
Merge pull request #902 from ericchiang/saml-stable
...
*: promote SAML to stable
2017-04-11 10:13:22 -07:00
Eric Chiang
5f377f07d4
*: promote SAML to stable
...
This means we no longer refer to it as "experimental" and wont make
breaking changes.
2017-04-11 10:09:48 -07:00
rithu john
76b9eb1db9
connector/github: add support for github enterprise.
2017-04-11 10:04:59 -07:00
Phu Kieu
47897f73fa
Validate audience with entityIssuer if present, use redirectURI otherwise
2017-04-06 14:40:56 -07:00
Phu Kieu
8c0eb67ecd
Update documentation
2017-04-06 11:06:30 -07:00