Eric Chiang
460f48320e
Documentation: restructure connector docs to a single folder
2018-01-04 13:50:14 -08:00
Eric Chiang
0811d1a07a
document limitations in the OpenID Connect connector
2017-12-20 17:12:00 -08:00
Wyatt Alt
e7d57bb31b
Correct "Verifier" method name in using-dex doc
...
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
2017-12-05 13:38:11 -08:00
Pavel Borzenkov
47df6ea2ff
connector/microsoft: add support for groups
...
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Pavel Borzenkov
6193bf5566
connector: implement Microsoft connector
...
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
* common - both personal and business/school accounts
* organizations - only business/school accounts
* consumers - only personal accounts
* <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Stephan Renatus
b09a13458f
password connectors: allow overriding the username attribute (password prompt)
...
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.
Before, irregardless of how the LDAP connector was set up, the prompt
was
Username
[_________________]
Password
[_________________]
Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.
If it's not configured, it will default to "Username".
For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Eric Chiang
ccf85a7269
Merge pull request #1108 from dqminh/etcd-storage
...
Add etcd backed storage
2017-11-06 08:36:43 -08:00
Daniel Dao
a2188bebf1
add documentation for etcd storage
...
This adds references to etcd storage, including:
- only supports etcd v3
- list of options and their meanings when connecting to etcd cluster
2017-11-06 14:40:25 +00:00
rithu leena john
42ef8fd802
Merge pull request #1072 from ericchiang/k8s-test
...
*: run kubernetes tests in travis
2017-10-31 10:34:26 -07:00
Eric Chiang
3d2d92b31b
*: run kubernetes tests in travis
2017-10-31 10:29:52 -07:00
Pavel Borzenkov
d5a9712aae
Documentation: add LinkedIn connector documentation
...
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-10-27 12:54:28 +03:00
Eric Chiang
3d65b774d6
Merge pull request #1103 from stapelberg/authproxy
...
authproxy.md: strip X-Remote-User
2017-10-26 14:29:43 -07:00
Michael Stapelberg
4931f30a80
authproxy.md: strip X-Remote-User
...
follow-up for https://github.com/coreos/dex/pull/1100
2017-10-26 20:13:37 +02:00
Eric Chiang
d099145921
authproxy: update docs and set a userID
2017-10-26 10:47:16 -07:00
Michael Stapelberg
a41d93db4a
Implement the “authproxy” connector (for Apache2 mod_auth etc.)
2017-10-25 21:53:51 +02:00
Laurent Rolaz
cca0275b0b
Add Documentation about customresourcedefinitions creation role
2017-09-26 20:20:05 +02:00
rithu john
34dcf6c9a0
Documentation: add docs for TPR to CRD migration
2017-09-18 14:24:50 -07:00
rithu john
1311caf864
storage/kubernetes: add CRD support
2017-09-14 11:48:17 -07:00
rithu leena john
e10fddee2e
Merge pull request #1031 from estroz/docs-update
...
Documentation: fix redirect caveat description
2017-08-25 14:58:40 -07:00
Eric Stroczynski
7079bb5316
Documentation: add org info req, remove redirect caveat
...
The redirect caveat is being removed to avoid user confusion and is
not important outside of testing.
2017-08-25 14:51:10 -07:00
Eric Stroczynski
9c6b6d565e
Documentation: oidc conformance test case and issue tables
2017-08-25 13:43:21 -07:00
Eric Stroczynski
a065533256
Documentation: OIDC conformance test setup
2017-08-25 01:05:53 -07:00
rithu leena john
e40c01ec39
Merge pull request #1022 from ericchiang/ldap-example
...
*: add "getting started" example for LDAP
2017-08-22 10:46:55 -07:00
Eric Chiang
50f2905cac
*: add standup script for LDAP
2017-08-22 10:37:29 -07:00
Eric Stroczynski
bb36c96674
Documentation: fixed GitHub link syntax
2017-08-16 14:10:23 -07:00
Eric Stroczynski
71de7e8414
Documentation: github org redirect caveat
2017-08-11 16:42:33 -07:00
Eric Stroczynski
26527011ab
connector/github: enable private, primary emails; refactor API calls
...
Documentation: removed private emails caveats section
2017-08-08 18:04:34 -07:00
Eric Stroczynski
45bf061236
Merge pull request #1013 from estroz/multi-org-team-filters
...
connector/github: multiple orgs, query by teams
2017-08-08 11:37:21 -07:00
Eric Stroczynski
9d154802a2
connector/github: multiple orgs, query by teams
...
Documentation: examples of GitHub `orgs` field with multiple orgs
and org with teams; note legacy behavior
2017-08-08 10:57:42 -07:00
Luk Burchard
4365d97162
Update api.md
2017-08-07 18:10:56 +02:00
rithu john
6f9127b4ae
Documentation: add a group query example for the ldap connector.
2017-07-13 12:41:40 -07:00
rithu leena john
a5d218fd08
Merge pull request #974 from roguePanda/google-hosted-domain
...
Google hosted domain support
2017-07-07 10:26:28 -07:00
rithu leena john
92a988e4cc
Merge pull request #977 from Zakjholt/patch-1
...
Update using-dex.md
2017-06-22 17:36:34 -07:00
Zak Holt
43f0e8530b
Update using-dex.md
2017-06-22 10:53:57 -04:00
Zak Holt
41a20dbb2a
Update using-dex.md
2017-06-22 09:13:12 -04:00
Ben Navetta
cbb007663f
add documentation and tests
2017-06-21 22:56:02 -07:00
rithu john
d6c1b0f42b
Documentation/github-connector: warn user that GitHub email id should be public.
2017-06-20 09:53:27 -07:00
rithu john
081e68a16a
Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction.
2017-05-16 14:32:15 -07:00
Eric Chiang
95334ad51d
Documentation: add docs on public clients
2017-05-09 17:09:49 -07:00
Eric Chiang
c400e860fe
Documentation: more diagrams
2017-04-21 14:51:46 -07:00
Tom Gamble
0edd0b2fb4
Update kubernetes.md
...
fixed typo
2017-04-21 15:33:42 -04:00
Eric Chiang
47f48658c2
Merge pull request #917 from ericchiang/add-using-dex-doc
...
Documentation: add a doc describing how to use dex
2017-04-21 11:45:58 -07:00
Eric Chiang
a4cb57ab5d
Documentation: add a doc describing how to use dex
2017-04-21 11:35:34 -07:00
Filip
57aa32562b
Updated documentation for dex on k8s when RBAC authorization is used
2017-04-13 15:14:21 +02:00
Eric Chiang
74f5eaf47e
connector/ldap: support the StartTLS flow for secure connections
...
When connecting to an LDAP server, there are three ways to connect:
1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).
This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.
See a writeup here:
http://www.openldap.org/faq/data/cache/185.html
2017-04-12 15:25:42 -07:00
Eric Chiang
c3cafc8f39
Merge pull request #902 from ericchiang/saml-stable
...
*: promote SAML to stable
2017-04-11 10:13:22 -07:00
Eric Chiang
5f377f07d4
*: promote SAML to stable
...
This means we no longer refer to it as "experimental" and wont make
breaking changes.
2017-04-11 10:09:48 -07:00
rithu john
76b9eb1db9
connector/github: add support for github enterprise.
2017-04-11 10:04:59 -07:00
Phu Kieu
47897f73fa
Validate audience with entityIssuer if present, use redirectURI otherwise
2017-04-06 14:40:56 -07:00
Phu Kieu
8c0eb67ecd
Update documentation
2017-04-06 11:06:30 -07:00
Eric Chiang
5e34f0d1a6
Documentation: document dex scopes, claims, and client features
2017-03-28 16:53:06 -07:00
Eric Chiang
50b223a9db
*: validate InResponseTo SAML response field and make issuer optional
2017-03-22 13:02:44 -07:00
Eric Chiang
f503ff7950
*: add documentation for the OpenID Connect provider
2017-03-20 08:47:02 -07:00
Derek McQuay
9b052f37c9
clearified redirect-uri and make cmd location
2017-03-09 22:36:37 -08:00
Derek McQuay
a6ab82d6c0
update kubernetes example-app explanation
...
Clarify some potentially confusing issues with how to run and build the
example-app binary.
2017-03-09 17:17:07 -08:00
Eric Chiang
ee27a4f9f4
*: only use docker when releasing, update to Go 1.8, remove aci scripts
...
This change modifies our release process to only require Docker
when building a release and updates our released binary to use Go
1.8. It also removes our .aci scripts, which we've not been
regularly building.
A nice consequence is that OSX users can now build a release image.
2017-03-09 10:46:09 -08:00
Paul Burt
a660e7cd7a
Added produciton-users and integrations pages
2017-03-03 13:49:22 -05:00
rithu john
fa2f76bcdb
examples: adding a gRPC client example.
2017-02-28 12:06:44 -08:00
Jeff Schroeder
58d80547ef
[storage.md] Fix the ThirdPartyResource syntax
...
This makes manually creating the `o-auth2-client.oidc.coreos.com` actually work.
2017-02-24 15:35:29 -06:00
Carlos Alexandro Becker
f57e19e6ab
simplified clone: using go get
2017-02-22 09:33:01 -03:00
Eric Chiang
adf3703962
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 10:35:27 -08:00
rithu john
fecd596ae2
Documentation: Minor changes to SAML connector doc.
2017-02-01 11:28:46 -08:00
rithu leena john
27224cdc98
Merge pull request #788 from givia/gitlab-connector
...
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
Ali Javadi
e623ad4d35
connector: add GitLab connector
2017-01-28 01:36:02 +03:30
rithu john
d114b8ffc7
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:37:01 -08:00
rithu john
31e8009441
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 15:14:41 -08:00
Eric Chiang
613d160ad9
Merge pull request #782 from marians/patch-1
...
Docs: Added a name to the LDAP connector
2017-01-23 09:07:24 -08:00
Marian Steinbach
38a2e41e0a
Added a name to the connector
...
Without a name, the example app's login form will only show `Log in with` as a button label.
2017-01-23 10:46:29 +01:00
Andrew Johnstone
b10c0a1c87
Update kubernetes.md
2017-01-23 06:28:21 +00:00
rithu john
265cfacd17
Documentation: add docs on patch release process.
2017-01-17 11:49:09 -08:00
y2kenny
4d4cb99459
Removed extra o typo
2017-01-11 15:47:55 -05:00
Eric Chiang
0f4a1f69c5
*: wire up SAML POST binding
2017-01-09 18:30:58 -08:00
Eric Chiang
d87a4c35b9
*: add 'make revendor' and tests to catch incorrect glide usage
...
Introducing glide-vc caused us to unknowingly removed our Go
protobuf compiler (since it's a main). Add flags to glide-vc usage
to remedy this.
Since we now require several glide and glide-vc flags, add a Makfile
target and tests to catch when PRs don't use the correct flags.
2016-12-22 11:52:24 -08:00
Eric Chiang
566bb2d1af
Documentation: add notes on patch release branches
2016-12-12 15:29:00 -08:00
Eric Chiang
6dbe6e8ab5
Documentation: add examples of mapping LDAP schema to a search
2016-12-09 09:42:28 -08:00
Eric Chiang
e2aa095680
Documentation: add document on managing dependencies
2016-12-07 13:23:19 -08:00
Eric Chiang
e267dbd236
Merge pull request #708 from ericchiang/ldap-security-docs
...
Documentation: clarify difference between LDAP ports and security guarentees
2016-11-28 17:07:24 -08:00
Ev
5144ef643b
Updated openid-connect.md: small typo
...
Protocol is written protocl.
2016-11-24 14:01:47 -05:00
Eric Chiang
8b8c076ecf
Documentation: clarify difference between LDAP ports and security guarantees
...
Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.
However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.
We probably want an overaching security doc at some point, but that
can be another PR.
2016-11-23 12:26:44 -08:00
Eric Chiang
6980920a3a
*: document the GitHub connector
2016-11-22 12:53:46 -08:00
Phu Kieu
d4aba443ac
Allow getAttr to return DN
...
Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes
Use when full DN is stored in groupSearch's userAttr
2016-11-18 13:51:47 -08:00
Eric Chiang
e6b54250db
Merge pull request #684 from ericchiang/examples-k8s-fixup
...
examples/k8s: update kubernetes examples
2016-11-17 15:28:00 -08:00
Eric Chiang
3ecfaf700e
examples/k8s: update kubernetes examples
2016-11-17 14:10:55 -08:00
Eric Chiang
2e74b48492
Merge pull request #690 from rithujohn191/connector-docs
...
Documentation: LDAP connector documentation.
2016-11-16 16:11:44 -08:00
rithu john
8589650605
Documentation: LDAP connector documentation.
2016-11-16 15:29:17 -08:00
Jeff Schroeder
da6cd9687d
Documentation: fix a typo in the storage documentation
2016-11-15 15:14:11 -06:00
Jason Vanderhoof
80770df520
Small spelling fix.
2016-11-11 14:24:17 -07:00
Eric Chiang
674bec0468
Merge pull request #674 from ericchiang/readme-docs-v2
...
*: readme updates for v2
2016-11-08 15:20:51 -08:00
Eric Chiang
a52e324f68
*: readme updates for v2
2016-11-08 14:36:29 -08:00
Eric Chiang
2417fc9154
Documentation/logos: add logos
2016-11-08 11:51:47 -08:00
Eric Chiang
c9889683b4
Documentation: add doc describing v2 changes
2016-11-04 16:56:21 -07:00
rithu leena john
42dfd3ecec
cmd/dex: add option for gRPC client auth CA.
2016-11-02 14:51:22 -07:00
Eric Chiang
2a9051c864
Merge pull request #654 from ericchiang/dev-sql-optimistic-concurrency
...
storage/sql: use isolation level "serializable" for transactions
2016-11-01 10:16:23 -07:00
Eric Chiang
8debe68314
Documentation: remove caveat about running multiple instances
2016-10-31 23:18:40 -07:00
Eric Chiang
fe1d27586e
Documentation: add document on the dex API
2016-10-31 15:25:52 -07:00
rithu leena john
27880dba59
Documentation: adding documentation for running ldap tests locally
2016-10-27 13:20:32 -07:00
Eric Chiang
99e312eadd
Merge pull request #632 from ericchiang/dev-docs-storage-options
...
Documentation: add a document on storage options
2016-10-26 12:33:37 -07:00
Eric Chiang
6c4839860e
Documentation: add a document on storage options
2016-10-26 12:32:45 -07:00
Eric Chiang
bc16de0b58
storage/kubernetes: don't guess the kubeconfig location and change test env
...
Using the default KUBECONFIG environment variable to indicate that
the Kubernetes tests should be run lead to cases where developers
accidentally ran the tests. This has now been changed to
"DEX_KUBECONFIG" and documentation hsa been added detailing how to
run these tests.
Additionally, no other storage reads environment variables for its
normal configuration (outside of tests) so the Kubernetes storage
no longer does.
Overall, be less surprising.
2016-10-23 20:53:29 -07:00
Eric Chiang
774242f750
Documentation/proposals: added a caveats section to upstream refreshing proposal
2016-10-17 11:54:10 -07:00
Eric Chiang
1e5133a98d
Documentation/proposals: add a proposal for keeping data in-sync during refreshes
2016-10-08 11:45:55 -07:00
Eric Chiang
0fc8879da1
*: prepare build scripts for a release
2016-10-05 23:43:44 -07:00
Eric Chiang
877eb3dc7b
*: add standup script to run DB tests locally and hook up travis
2016-10-03 12:48:26 -07:00
Eric Chiang
bfe560ee21
rename
2016-08-10 22:31:42 -07:00
Eric Chiang
1cbb7700d8
*: add warning to README
2016-08-10 22:26:36 -07:00
Eric Chiang
e377d476ae
Documentation: add incomplete intro to OpenID Connect
2016-08-10 22:25:15 -07:00
Eric Chiang
5385ca517a
proposals: user objects for revoking refresh tokens and merging accounts
2016-08-08 10:31:59 -07:00