Steven Danna
46f48b33a1
Use a more conservative set of CipherSuites
...
The default cipher suites used by Go include a number of ciphers that
have known weaknesses. In addition to leaving users open to these
weaknesses, the inclusion of these weaker ciphers causes problems with
various automated scanning tools.
This PR disables the CBC-mode, RC4, and 3DES ciphers included in the
Go standard library by passing an explicit cipher suite list.
The ciphers included here are more line with those recommended by
Mozilla for "Intermediate" compatibility. [0]
*Performance Implications*
The Go standard library does capability-based cipher ordering,
preferring AES ciphers if the underlying hardware has AES specific
instructions. [1] Since all of the relevant code is internal modules,
to do the same thing ourselves would require duplicating that
code. Here, I've placed AES based ciphers first.
*Compatibility Implications*
This does reduce the number of clients who will be able to communicate
with dex.
[0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false
[1] a8c2e5c6ad/src/crypto/tls/common.go (L1091)
Signed-off-by: Steven Danna <steve@chef.io>
2019-08-31 17:34:55 +01:00
Stephan Renatus
c854e760db
Merge pull request #1539 from erwinvaneyk/replace-context-import
...
Replace x/net/context with stdlib context
2019-08-31 17:52:18 +02:00
erwinvaneyk
3e2217b3f4
Replace x/net/context with context of stdlib
2019-08-30 11:52:46 +02:00
Stephan Renatus
4f3ab1efb7
Merge pull request #1534 from jthabet/master
...
Pydio Cells adopters list
2019-08-29 16:25:45 +02:00
Stephan Renatus
15ec95bca9
Merge pull request #1521 from erwinvaneyk/patch-1
...
Clarify the origin of the ca file in the Kubernetes guide
2019-08-29 16:24:48 +02:00
Erwin van Eyk
5c99525ed3
Clarify the origin of openid-ca
2019-08-29 16:15:00 +02:00
j
a48f73f14a
Pydio Cells adopters list
2019-08-28 16:20:37 +02:00
Stephan Renatus
133c2565be
Merge pull request #1530 from dexidp/ldap-error
...
connector/ldap: display login error
2019-08-23 12:32:23 +02:00
Stephan Renatus
1f31d1889a
Merge pull request #1529 from dkuerner/golang-update
...
Dockerfile: build with golang 1.12.9
2019-08-22 16:31:47 +02:00
Nandor Kracser
bd61535cb6
connector/ldap: display login error
2019-08-22 15:55:05 +02:00
Daniel Kürner
2dccdc2a1a
Dockerfile: build with golang 1.12.9
2019-08-22 08:40:31 +02:00
Joel Speed
ab08d7b3a4
Merge pull request #1517 from venezia/iss-1513
...
storage/kubernetes: Removing Kubernetes TPR support
2019-08-14 14:45:12 +01:00
Michael Venezia
395febf808
storage/kubernetes: Removing Kubernetes TPR support
...
Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years. This commit removes the support dex had for them.
Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support
2019-08-14 09:28:18 -04:00
Nandor Kracser
ef08ad8317
gitlab: add groups scope by default when filtering is requested
2019-08-14 13:33:46 +02:00
Stephan Renatus
aeb2861a40
Merge pull request #1519 from dexidp/sr/bump-deps-for-http2-issues
...
bump deps for http2 issues
https://github.com/grpc/grpc-go/releases/tag/v1.23.0
https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
2019-08-14 11:33:54 +02:00
Stephan Renatus
6e5a2b5ea1
deps: bump go-grpc (1.22.1 -> 1.23.0)
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-08-14 10:27:17 +02:00
Stephan Renatus
27b8426704
Dockerfile: build with golang 1.12.8
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-08-14 10:24:17 +02:00
Stephan Renatus
d328a5ebaa
Merge pull request #1516 from tpdownes/doc/oauth2_config
...
Add examples for recent additions to oauth2 configuration options
2019-08-13 10:24:10 +02:00
Tom Downes
963b8e992d
Add examples for recent additions to oauth2 configuration options
2019-08-09 11:58:37 -05:00
Stephan Renatus
d9f6ab4a68
Merge pull request #1512 from venezia/add_reflection
...
Add reflection to gRPC API (configurable)
2019-08-07 13:56:33 +02:00
Michael Venezia
430357b14e
vendor: revendor
2019-08-07 07:38:09 -04:00
Michael Venezia
b65966d744
cmd/dex: adding reflection to grpc api, enabled through configuration
2019-08-07 07:37:39 -04:00
Stephan Renatus
e1afe771cb
Merge pull request #1505 from MarcDufresne/show-login-page
...
Add option to always display connector selection even if there's only one
2019-08-07 09:23:42 +02:00
Stephan Renatus
89e43c198b
Merge pull request #1504 from MarcDufresne/template-custom-data
...
Allow arbitrary data to be passed to templates
2019-08-07 09:19:14 +02:00
Marc-André Dufresne
0dbb642f2c
Add option to always display connector selection even if there's only one
2019-08-06 13:18:46 -04:00
Marc-André Dufresne
d458e882aa
Allow arbitrary data to be passed to templates
2019-08-06 13:14:53 -04:00
Stephan Renatus
bc02006b45
Merge pull request #1510 from momokatte/test-invalid-callbacks
...
Add tests for some callback handler error conditions
2019-08-06 09:58:40 +02:00
Mike O
43d1a044bd
Add tests for some callback handler error conditions
2019-08-05 16:02:28 -07:00
Nándor István Krácser
526e078366
Merge pull request #1509 from venezia/fix-go-lint-v2
...
Adjusting Makefile so that `golint` will compile
2019-08-03 13:56:20 +02:00
Michael Venezia
c54ddc460d
Adjusting Makefile so that golint
will compile
2019-08-02 17:34:25 -04:00
Stephan Renatus
d36e6c26ee
Merge pull request #1490 from momokatte/master
...
Return HTTP 400 for invalid state parameter
2019-08-02 09:12:40 +02:00
Mike O
d03a43335e
Return HTTP 400 for invalid state parameter
2019-08-01 16:22:53 -07:00
Stephan Renatus
6ae11a1cfe
Merge pull request #1501 from dexidp/sr/bump-all-deps
...
update all deps
2019-07-31 09:01:39 +02:00
Stephan Renatus
291cd9e01c
regenerate protobuf code
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-31 08:16:18 +02:00
Stephan Renatus
ea7fd6d470
cmd/dex: adapt to prometheus API change
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-31 08:09:58 +02:00
Stephan Renatus
076cd77469
run 'go get -u; make revendor'
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-31 08:09:38 +02:00
Stephan Renatus
7c1b4b3005
Merge pull request #1502 from dexidp/sr/fix-log-formatting-in-VerifyPassword-grpc
...
server/api: fix logging in VerifyPassword
2019-07-30 15:06:48 +02:00
Stephan Renatus
231e571c3c
server/api: fix logging in VerifyPassword
...
Before:
msg="api: password check failed : %vcrypto/bcrypt: hashedPassword is not the hash of the given password"
After:
msg="api: password check failed : crypto/bcrypt: hashedPassword is not the hash of the given password"
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-30 14:53:33 +02:00
Stephan Renatus
128d5da89e
Merge pull request #1500 from dexidp/sr/fix-some-lint-issues
...
*: fix some lint issues
2019-07-30 11:41:27 +02:00
Stephan Renatus
d9487e553b
*: fix some lint issues
...
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-30 11:29:08 +02:00
Joel Speed
e2ddefff31
Merge pull request #1439 from sks/feature/fail_on_invalid_config
...
Return config validation errors in one go
2019-07-30 11:00:17 +02:00
Nándor István Krácser
72f5596671
Merge pull request #1498 from mkontani/fix/mysql-query-sample
...
Doc/storage.md: fix mysql sample query
2019-07-29 21:19:41 +02:00
mkontani
c067761df6
fix mysql sample query
2019-07-30 03:49:53 +09:00
Nándor István Krácser
0aee5be625
Merge pull request #1497 from dexidp/gitlab-username-as-id
...
connector/gitlab: implement useLoginAsID as in GitHub connector
2019-07-28 19:56:16 +02:00
Nandor Kracser
ff34e570b4
connector/gitlab: implement useLoginAsID as in GitHub connector
2019-07-28 19:49:49 +02:00
Stephan Renatus
6e98c04f9b
Merge pull request #1446 from maksd/microsoft-groups-uuid-whitelist
...
microsoft: option for group UUIDs instead of name and group whitelist
2019-07-25 16:21:48 +02:00
Stephan Renatus
fd53c0a3bb
Merge pull request #1496 from srenatus/sr/add-connector-id-to-example-app
...
add connector_id to example app
2019-07-25 16:21:28 +02:00
Maxime Desrosiers
458585008b
microsoft: option for group UUIDs instead of name and group whitelist
2019-07-25 09:14:33 -04:00
Stephan Renatus
8561a66365
server/{handler,oauth2}: cleanup error returns
...
Now, we'll return a standard error, and have the caller act upon this
being an instance of authErr.
Also changes the storage.AuthRequest return to a pointer, and returns
nil in error cases.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-25 13:40:06 +02:00
Stephan Renatus
d7c7d42466
cmd/example-app: check all errors, pass claims as string to renderToken
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-24 12:26:51 +02:00