Arsharth
/
dex
forked from mystiq/dex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,183 Commits 27 Branches 73 Tags 23 MiB
Commit Graph

305 Commits

Author SHA1 Message Date
Salman Ahmed bbd8b3b3cd connector/ldap: use go-ldap version v3 
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com>
 2021-03-22 16:17:47 +01:00
m.nabokikh 6be747142a chore: add keystone connector icon and bump tests dependencies 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-03-11 23:03:37 +04:00
m.nabokikh 84a07a7805 Do not run LDAP tests if DEX_LDAP_HOST is not set 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-20 17:05:41 +04:00
m.nabokikh 1f2771b57e fix: do not run LDAP tests locally by default 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-02-20 12:55:52 +04:00
Mark Sagi-Kazar 6f70272bc3
test(connector/ldap): remove ldap test gate 
Now that the ldap tests don't create containers on the fly
they can run the same way as other integration tests.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-15 16:46:43 +01:00
Mark Sagi-Kazar f11db50369
test(connector/ldap): rewrite tests to use a single server instance 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-02-15 16:37:03 +01:00
m.nabokikh b2e9f67edc Enable unparam, prealloc, sqlclosecheck linters 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-01-15 19:29:13 +04:00
Mark Sagi-Kazar b8ac640c4f
Update oidc library 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-01-13 19:56:09 +01:00
Erica Taylor ba47aaba86 microsoft: Support setting the prompt type 
Signed-off-by: Erica Taylor <ricky@wellplayed.games>
 2021-01-11 11:48:58 +00:00
Márk Sági-Kazár 4f326390aa
Merge pull request #1839 from seuf/authproxy-header-configuration 
Allow configuration of returned auth proxy header
 2021-01-07 10:40:57 +01:00
Márk Sági-Kazár ee50c09313
Merge pull request #1888 from VF-mbrauer/UPN-Lowercase 
Added the possibility to activate lowercase for UPN-Strings
 2021-01-06 20:36:43 +01:00
Maik Brauer 0d53fa2f42 Merge branch 'UPN-Lowercase' of https://github.com/VF-mbrauer/dex into UPN-Lowercase 
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
 2021-01-05 21:48:02 +01:00
Maik Brauer c55f17ea64 Adapted recommendation from Maintainer for PR #1888 
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
 2021-01-05 21:36:41 +01:00
Maik Brauer 4d246bc9dc Adapted recommendation from Maintainer for PR #1888 
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
 2021-01-05 17:12:45 +01:00
Maik Brauer eb9ef3b0ec Added the possibility to acticate lowercase for UPN-Strings 
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
 2021-01-04 15:07:14 +01:00
Josh Soref 84e9cb6947 spelling: verified 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:29 -05:00
Josh Soref 97d3e8fa7f spelling: signature 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:29 -05:00
Josh Soref 801fd64a11 spelling: serviceaccount 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:29 -05:00
Josh Soref 791ad900cb spelling: reuse 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:29 -05:00
Josh Soref d3d447fcf1 spelling: readable 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:26 -05:00
Josh Soref a996c4ba54 spelling: guaranteeing 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-12-19 22:53:26 -05:00
Thierry Sallé e164bb381e Apply suggestions from code review 
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: seuf <seuf76@gmail.com>
 2020-12-17 16:50:00 +01:00
seuf a1c7198738 Rename config header to userHeader 
Signed-off-by: seuf <seuf76@gmail.com>
 2020-12-17 16:50:00 +01:00
seuf f19bccfc92 Allow configuration of groups for authproxy 
Signed-off-by: seuf <seuf76@gmail.com>
 2020-12-17 16:50:00 +01:00
seuf a12a919d3e Allow configuration of returned auth proxy header 
Signed-off-by: seuf <seuf76@gmail.com>
 2020-12-17 16:50:00 +01:00
Stephen Augustus 57640cc7a9 connector/saml: Validate XML roundtrip data before processing request 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-12-08 07:26:48 -05:00
Mark Sagi-Kazar 349832b380
Run fixer 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-11-03 20:52:14 +01:00
m.nabokikh a5ad5eaf08 fix: Minor style fixes after merging PKCE implementation 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-26 23:20:33 +04:00
m.nabokikh 1d83e4749d Add gocritic 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-18 01:54:27 +04:00
m.nabokikh 4d63e9cd68 fix: Bump golangci-lint version and fix some linter's problems 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-18 01:02:29 +04:00
m.nabokikh ec66cedfcc feat: Add team groups support to bitbucket connector 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-04 20:50:59 +03:00
m.nabokikh 4b94469547 fix: Replace teams endpoint for bitbucket connector 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-10-03 20:30:23 +03:00
Márk Sági-Kazár a64e7c2986
Merge pull request #1769 from batara666/master 
ldap.go: drop else on returned if block
 2020-09-16 17:47:52 +02:00
Rui Yang 058202d007 revert changes for user id and user name 
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-09-08 13:12:59 -04:00
Rui Yang 0494993326 update oidc documentation and email claim err msg 
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-09-08 10:03:57 -04:00
Rui Yang 41207ba265 Combine #1691 and #1776 to unify OIDC provider claim mapping 
add tests for groups key mapping

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Scott Lemmon a783667c57 Add groupsClaimMapping to the OIDC connector 
The groupsClaimMapping setting allows one to specify which claim to pull
group information from the OIDC provider.  Previously it assumed group
information was always in the "groups" claim, but that isn't the case
for many OIDC providers (such as AWS Cognito using the "cognito:groups"
claim instead)

Signed-off-by: Scott Lemmon <slemmon@aurora.tech>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Cyrille Nofficial 61312e726e Add parameter configuration to override email claim key 
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Rui Yang 52c39fb130 check if upstream contains preferrend username claim first 
Signed-off-by: Rui Yang <ryang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Rui Yang 4812079647 add tests when preferred username key is not set 
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Rui Yang d9afb7e59c default to preferred_username claim 
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
Josh Winters 9a4e0fcd00 Make OIDC username key configurable 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
 2020-08-11 16:26:55 -04:00
batara666 6499f5bfd3
ldap.go: drop else on returned if block 2020-07-27 22:27:55 +07:00
Nándor István Krácser 62efe7bf07
Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token 
dexidp#1440 Add offline_access scope, if required
 2020-07-08 16:13:26 +02:00
Joel Speed 9d7e472c63
Merge pull request #1720 from candlerb/fix-google 
Allow the "google" connector to work without a service account
 2020-06-19 17:10:23 +01:00
techknowlogick 0a9f56527e
Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Brian Candler 442d3de11d Allow the "google" connector to work without a service account 
Fixes #1718
 2020-05-22 09:24:26 +00:00
Márk Sági-Kazár 709d4169d6
Merge pull request #1694 from flant/fix-openshift-root-ca 
Fix OpenShift connector rootCA option
 2020-05-12 13:55:45 +02:00
m.nabokikh 521aa0802f Fix OpenShift connector rootCA option 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-05-12 15:31:27 +04:00
Stephan Renatus 4a0feaf589 connector/saml: add 'FilterGroups' setting 
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2020-05-12 13:29:05 +02:00
poh chiat d87cf1c924
create github oauthconfig with redirecturl (#1700) 2020-05-12 13:23:00 +02:00
Martijn 0a85a97ba9
Allow preferred_username claim to be set for Crowd connector (#1684) 
* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
 2020-04-23 20:14:15 +02:00
Ken Perkins f6476b62f2
Added Email of Keystone to Identity (#1681) 
* Added Email of Keystone to Identity

After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.

This is useful for upstream software that uses the Email as the primary
identification.

* Removed unnecessary code from getUsers

* Changed creation of userResponse in keystone

* Fixing linter error

Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
 2020-04-06 15:40:17 +02:00
Joel Speed 30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type 
Make prompt configurable for oidc offline_access
 2020-02-28 10:56:13 +00:00
Nándor István Krácser b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Andrew Block 76bb453ff3
Setting email for OpenShift connector 2020-02-21 16:53:46 +01:00
Chris Loukas d33a76fa19 Make prompt configurable for oidc offline_access 2020-02-19 16:10:28 +02:00
Ivan Mikheykin 7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joel Speed 30cd592801
Merge pull request #1612 from vi7/multiple-user-to-group-mapping 
connector/ldap: add multiple user to group mapping
 2020-02-02 11:09:05 +00:00
Nándor István Krácser aca67b0839
Merge pull request #1627 from jfrabaute/master 
google: Retrieve all the groups for a user
 2020-01-20 08:30:17 +01:00
linzhaoming 1d3851b0c5
Update gitlab.go 
fix typo
 2020-01-16 11:26:57 +08:00
Fabrice Rabaute b85d7849ad
google: Retrieve all the groups for a user 
The list of groups is paginated (default page is 200), so when a user
has more than 200 groups, only the first 200 are retrieve.

This change is retrieving all the groups for a user by querying all the
pages.
 2020-01-14 13:26:37 -08:00
Vitaliy Dmitriev e20a795a2a connector/ldap: backward compatibility with single user to group mapping 
Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
 2020-01-14 11:00:32 +01:00
Carl Henrik Lunde 6104295d5e microsoft: Add basic tests 
Implemented similar to connector/github/github_test.go
 2020-01-13 08:51:22 +01:00
Carl Henrik Lunde 5db29eb087 microsoft: Make interface testable 
Enable testing by allowing overriding the API host name in tests
 2020-01-13 08:15:07 +01:00
Nándor István Krácser 3cbba11012
Merge pull request #1610 from flant/oidc-email-scope-check 
Adding oidc email scope check
 2020-01-06 10:20:46 +01:00
Vitaliy Dmitriev f2e7823db9 connector/ldap: add multiple user to group mapping 
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
 2020-01-03 10:40:21 +01:00
m.nabokikh 383c2fe8b6 Adding oidc email scope check 
This helps to avoid "no email claim" error if email scope was not specified.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2019-12-28 15:28:01 +04:00
Andrew Block d31f6eabd4
Corrected logic in group verification 2019-12-26 20:32:12 -06:00
Andrew Block 296659cb50
Reduced OpenShift scopes and enhanced documentation 2019-12-26 03:14:20 -06:00
Andrew Block 075ab0938e
Fixed formatting 2019-12-22 02:53:10 -05:00
Andrew Block 7e89d8ca24
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block 02c8f85e4d
Resolved newline issues 2019-12-22 02:27:11 -05:00
Andrew Block db7711d72a
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block 5881a2cfca
Test cleanup 2019-12-22 02:27:10 -05:00
Andrew Block 48954ca716
Corrected test formatting 2019-12-22 02:27:09 -05:00
Andrew Block 92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Nándor István Krácser a901e2f204
Merge pull request #1604 from dexidp/fix-linters 
Fix linters
 2019-12-20 07:10:22 +01:00
Lars Lehtonen 8e0ae82034
connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle 2019-12-18 08:27:40 -08:00
Mark Sagi-Kazar 65c77e9db2
Fix bodyclose 2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar 2f8d1f8e42
Fix unconvert 2019-12-18 15:56:46 +01:00
Mark Sagi-Kazar f141f2133b
Fix whitespace 2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar 9bd5ae5197
Fix goimports 2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar 367b187cf4
Fix missspell 2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar 142c96c210
Fix stylecheck 2019-12-18 15:50:36 +01:00
Mark Sagi-Kazar 8c3dc0ca66
Remove unused code (fixed: unused, structcheck, deadcode linters) 2019-12-18 15:46:49 +01:00
Mark Sagi-Kazar d2095bb2d8
Rewrite LDAP tests to use Docker 2019-12-08 20:21:28 +01:00
Nandor Kracser a38e215891
connector/google: support group whitelisting 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-12-03 16:27:07 +01:00
Nándor István Krácser c41035732f
Merge pull request #1434 from jacksontj/groups 
Add option to enable groups for oidc connectors
 2019-11-27 14:00:36 +01:00
Joel Speed 658a2cc477
Make directory service during init 2019-11-19 17:12:44 +00:00
Joel Speed 554870cea0
Add todo for configurable groups key 2019-11-19 17:12:43 +00:00
Joel Speed 6a9bc889b5
Update comments 2019-11-19 17:12:40 +00:00
Joel Speed c03c98b951
Check config before getting groups 2019-11-19 17:12:39 +00:00
Joel Speed 3f55e2da72
Get groups from directory api 2019-11-19 17:12:38 +00:00
Joel Speed 36370f8f2a
No need to configure issuer 2019-11-19 17:12:37 +00:00
Joel Speed 97ffa21262
Create separate Google connector 2019-11-19 17:12:36 +00:00
Joel Speed 3156553843
OIDC: Rename refreshToken to RefreshToken 2019-11-19 15:43:25 +00:00
Joel Speed 77fcf9ad77
Use a struct for connector data within OIDC connector 2019-11-19 15:43:22 +00:00
Joel Speed f6077083c9
Identify error as failure to retrieve refresh token 2019-11-19 15:43:21 +00:00
Joel Speed 8b344fe4d3
Fix Refresh comment 2019-11-19 15:43:20 +00:00