Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Packages Projects Releases Wiki Activity
1275 commits 27 branches 73 tags 23 MiB
Commit graph

211 commits

Author SHA1 Message Date
Nandor Kracser a572ad8fec storage/sql: rework of the original MySQL PR 2019-07-23 14:27:10 +02:00
Stephan Renatus 447f24a81b
ADOPTERS: replace Documentation/production-users.md, add Chef 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-23 14:01:17 +02:00
flarno11 8c1716d356 make userName configurable 2019-06-03 14:09:07 +02:00
cappyzawa 9650836851 make userID configurable 2019-05-24 19:52:33 +09:00
Thomas Jackson 52d09a2dfa Add option in oidc to hit the optional userinfo endpoint 
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
 2019-05-23 09:20:48 -07:00
Eric Chiang 0babb2df18
Merge pull request #1435 from bonifaido/bitbucket-docs 
docs: update bitbucket permission requirements
 2019-05-12 10:33:01 -07:00
Nandor Kracser a08a5811d4 gitlab: support for group whitelist 2019-04-25 12:50:29 +02:00
Nandor Kracser b1931fc9bd docs: update bitbucket permission requirements 2019-04-25 10:45:00 +02:00
Gerald Barker fc723af0fe Add option to OIDC connecter to override email_verified to true 2019-03-05 21:24:02 +00:00
Takashi Okamoto ac290f77aa Fix typo. 2019-02-23 16:34:10 +00:00
Eric Chiang e913a252cd
Merge pull request #1410 from sagikazarmark/fix-typo 
Fix typo
 2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar c48cb36e8f
Fix typo 2019-02-22 20:54:19 +01:00
Nandor Kracser 6c71b330a8 production users: add Banzai Cloud 2019-02-22 16:40:34 +01:00
Stephan Renatus 7bd4071b4c
Merge pull request #1396 from jtnord/useLoginId-dexidp 
Use github login as the id
 2019-02-05 13:54:49 +01:00
James Nord 9840fccdbb rename useLoginAsId -> useLoginAsID 2019-02-04 14:05:57 +00:00
Stephan Renatus b6f4740a15
Merge pull request #1390 from okamototk/activedirectory 
Add Active Directory and kubelogin integration sample.
 2019-02-03 11:09:33 +01:00
James Nord 1911b52c6b Add documentation for the new GitHub useLoginAsId option 2019-02-01 11:37:40 +00:00
Stephan Renatus 4abf3b2102
docs: mirror resolution of #1281 in dev doc 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-01-29 10:29:12 +01:00
Takashi Okamoto 337bbe5f09 fix typos. 2019-01-26 10:44:50 +00:00
Takashi Okamoto 1b7b3515d7 Add Active Directory instruction. 2019-01-26 04:26:01 +00:00
Takashi Okamoto fbdb55aba9 Add doc for kubelogin and Active Directory ingtegration sample. 2019-01-26 04:16:55 +00:00
Joshua M. Dotson 46296ab9d0 Documentation/dev-dependencies.md: Update for Go modules 2018-12-04 20:06:22 +00:00
Stephan Renatus 007e4dae3c
Merge pull request #1358 from OwenTuz/issue-1132-initial-kubernetes-documentation-improvements 
Kubernetes docs: clarify steps around use/creation of TLS assets.
 2018-11-26 13:54:44 +01:00
Owen Tuz 9ea2ade208 LDAP docs - remove extra wording re DN 2018-11-26 11:50:44 +00:00
Owen Tuz e603a5e631 LDAP connector - Document that 'DN' must be in capitals 2018-11-26 10:02:41 +00:00
Owen Tuz 9b5122568a Kubernetes docs: replace absolute link with relative 2018-11-23 13:54:49 +00:00
Owen Tuz 72c9cf43a9 Fix comment in LDAP query documentation 2018-11-23 11:00:18 +00:00
Owen Tuz 45eb9b279b Kubernetes docs: wording nitpicks 2018-11-23 10:53:37 +00:00
Owen Tuz 58093dbb29 Kubernetes example: Add RBAC resources and serviceAccount to YAML manifest, remove some references to deprecated TPR approach 2018-11-23 10:48:00 +00:00
Owen Tuz e028b79c97 Kubernetes docs: clarify steps around use/creation of TLS assets. 2018-11-22 13:37:50 +00:00
Stephan Renatus 58b546a5be
dev-integration-test: add etcd notes 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-11-20 16:41:12 +01:00
Stephan Renatus cbcb1f61f3
dev-integration-tests: update database steps (just use docker) 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-11-20 16:41:12 +01:00
Josh Winters bb11a1ebee github: add 'both' team name field option 
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
 2018-11-20 10:12:44 -05:00
Stephan Renatus 7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups 
Add config to explicitly enable loading all github groups

Follow-up for #1102.
 2018-11-20 15:15:25 +01:00
Stephan Renatus 84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups 
Gitlab connector should not require the api scope.

Fixes #1347.
 2018-11-20 14:49:11 +01:00
gypsydiver f21e6a0f00 gypsydiver/1347-pr-gitlab-groups 2018-11-20 11:18:50 +01:00
Alexander Matyushentsev 7bd084bc07 Issue #1102 - Add config to explicitly enable loading all github groups 2018-11-19 10:14:38 -08:00
Alex Suraci 7c63be4104 remove incomplete mysql and cockroachdb support 2018-11-16 18:07:20 +00:00
Alexander Matyushentsev e5ebcf518a Update github connector documentation 2018-11-15 09:24:21 -08:00
Tiago Matias 44e988fb41
point users to storage/RBAC docs 2018-11-05 17:43:23 -02:00
Danny Sauer b9b21260bc
Add mention of scopes parameter in OIDC doc 2018-10-17 10:48:39 -05:00
Ed Tan 6ffc8fcd8d Rename bitbucket to bitbucketcloud 2018-10-06 11:45:56 -04:00
Ed Tan d26e23c16f Make suggested code changes 2018-10-05 10:43:49 -04:00
Ed Tan 8c75d85b60 Add Bitbucket connector 2018-09-30 15:08:07 -04:00
Eric Chiang 06241eae9f
Merge pull request #1297 from tburko/use-github-team-slug-instead-of-name 
Allow using GitHub Team slug instead of name via connector config option
 2018-09-14 10:26:11 -07:00
Taras Burko bf39130bab Configurable team name field for GitHub connector 2018-09-14 01:09:48 +03:00
Stephan Renatus 1309c1f037 dev-releases.md, Makefile: update release process 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-09-06 09:09:46 +02:00
Stephan Renatus b9f6594bf0 *: github.com/coreos/dex -> github.com/dexidp/dex 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-09-05 17:57:08 +02:00
Eric Chiang 4dc3347106
Merge pull request #1279 from AnianZ/master 
fix default baseURL for GitLab connector
 2018-09-04 08:09:37 -07:00
Anian Z 5454a4729f fix default baseURL for gitlab connector 2018-08-28 19:05:30 +02:00
Ahmed ElRefaey 32e9570116
Fix a breoken link in the oidc readme 
Fixed a broken link to An overview of OpenID Connect
 2018-07-04 14:56:29 +02:00
Matthias Klan 481f1276a8
Update using-dex.md 
fix wrong port from example
 2018-05-04 16:14:16 +02:00
Simon Knott 822a10cede
Add missing word 2018-02-24 11:31:51 +01:00
Vy-Shane Xie b03c85e56e Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token 2018-02-03 18:40:03 +08:00
Eric Chiang 460f48320e Documentation: restructure connector docs to a single folder 2018-01-04 13:50:14 -08:00
Eric Chiang 0811d1a07a document limitations in the OpenID Connect connector 2017-12-20 17:12:00 -08:00
Wyatt Alt e7d57bb31b Correct "Verifier" method name in using-dex doc 
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
 2017-12-05 13:38:11 -08:00
Pavel Borzenkov 47df6ea2ff connector/microsoft: add support for groups 
Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
 2017-11-23 17:01:34 +03:00
Pavel Borzenkov 6193bf5566 connector: implement Microsoft connector 
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
  * common - both personal and business/school accounts
  * organizations - only business/school accounts
  * consumers - only personal accounts
  * <tenant uuid> - only account of specific tenant

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
 2017-11-23 17:01:34 +03:00
Stephan Renatus b09a13458f password connectors: allow overriding the username attribute (password prompt) 
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2017-11-09 09:30:03 +01:00
Eric Chiang ccf85a7269
Merge pull request #1108 from dqminh/etcd-storage 
Add etcd backed storage
 2017-11-06 08:36:43 -08:00
Daniel Dao a2188bebf1 add documentation for etcd storage 
This adds references to etcd storage, including:
- only supports etcd v3
- list of options and their meanings when connecting to etcd cluster
 2017-11-06 14:40:25 +00:00
rithu leena john 42ef8fd802
Merge pull request #1072 from ericchiang/k8s-test 
*: run kubernetes tests in travis
 2017-10-31 10:34:26 -07:00
Eric Chiang 3d2d92b31b *: run kubernetes tests in travis 2017-10-31 10:29:52 -07:00
Pavel Borzenkov d5a9712aae Documentation: add LinkedIn connector documentation 
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
 2017-10-27 12:54:28 +03:00
Eric Chiang 3d65b774d6 Merge pull request #1103 from stapelberg/authproxy 
authproxy.md: strip X-Remote-User
 2017-10-26 14:29:43 -07:00
Michael Stapelberg 4931f30a80 authproxy.md: strip X-Remote-User 
follow-up for https://github.com/coreos/dex/pull/1100
 2017-10-26 20:13:37 +02:00
Eric Chiang d099145921 authproxy: update docs and set a userID 2017-10-26 10:47:16 -07:00
Michael Stapelberg a41d93db4a Implement the “authproxy” connector (for Apache2 mod_auth etc.) 2017-10-25 21:53:51 +02:00
Laurent Rolaz cca0275b0b Add Documentation about customresourcedefinitions creation role 2017-09-26 20:20:05 +02:00
rithu john 34dcf6c9a0 Documentation: add docs for TPR to CRD migration 2017-09-18 14:24:50 -07:00
rithu john 1311caf864 storage/kubernetes: add CRD support 2017-09-14 11:48:17 -07:00
rithu leena john e10fddee2e Merge pull request #1031 from estroz/docs-update 
Documentation: fix redirect caveat description
 2017-08-25 14:58:40 -07:00
Eric Stroczynski 7079bb5316 Documentation: add org info req, remove redirect caveat 
The redirect caveat is being removed to avoid user confusion and is
not important outside of testing.
 2017-08-25 14:51:10 -07:00
Eric Stroczynski 9c6b6d565e Documentation: oidc conformance test case and issue tables 2017-08-25 13:43:21 -07:00
Eric Stroczynski a065533256 Documentation: OIDC conformance test setup 2017-08-25 01:05:53 -07:00
rithu leena john e40c01ec39 Merge pull request #1022 from ericchiang/ldap-example 
*: add "getting started" example for LDAP
 2017-08-22 10:46:55 -07:00
Eric Chiang 50f2905cac *: add standup script for LDAP 2017-08-22 10:37:29 -07:00
Eric Stroczynski bb36c96674 Documentation: fixed GitHub link syntax 2017-08-16 14:10:23 -07:00
Eric Stroczynski 71de7e8414 Documentation: github org redirect caveat 2017-08-11 16:42:33 -07:00
Eric Stroczynski 26527011ab connector/github: enable private, primary emails; refactor API calls 
Documentation: removed private emails caveats section
 2017-08-08 18:04:34 -07:00
Eric Stroczynski 45bf061236 Merge pull request #1013 from estroz/multi-org-team-filters 
connector/github: multiple orgs, query by teams
 2017-08-08 11:37:21 -07:00
Eric Stroczynski 9d154802a2 connector/github: multiple orgs, query by teams 
Documentation: examples of GitHub `orgs` field with multiple orgs
and org with teams; note legacy behavior
 2017-08-08 10:57:42 -07:00
Luk Burchard 4365d97162 Update api.md 2017-08-07 18:10:56 +02:00
rithu john 6f9127b4ae Documentation: add a group query example for the ldap connector. 2017-07-13 12:41:40 -07:00
rithu leena john a5d218fd08 Merge pull request #974 from roguePanda/google-hosted-domain 
Google hosted domain support
 2017-07-07 10:26:28 -07:00
rithu leena john 92a988e4cc Merge pull request #977 from Zakjholt/patch-1 
Update using-dex.md
 2017-06-22 17:36:34 -07:00
Zak Holt 43f0e8530b Update using-dex.md 2017-06-22 10:53:57 -04:00
Zak Holt 41a20dbb2a Update using-dex.md 2017-06-22 09:13:12 -04:00
Ben Navetta cbb007663f add documentation and tests 2017-06-21 22:56:02 -07:00
rithu john d6c1b0f42b Documentation/github-connector: warn user that GitHub email id should be public. 2017-06-20 09:53:27 -07:00
rithu john 081e68a16a Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction. 2017-05-16 14:32:15 -07:00
Eric Chiang 95334ad51d Documentation: add docs on public clients 2017-05-09 17:09:49 -07:00
Eric Chiang c400e860fe Documentation: more diagrams 2017-04-21 14:51:46 -07:00
Tom Gamble 0edd0b2fb4 Update kubernetes.md 
fixed typo
 2017-04-21 15:33:42 -04:00
Eric Chiang 47f48658c2 Merge pull request #917 from ericchiang/add-using-dex-doc 
Documentation: add a doc describing how to use dex
 2017-04-21 11:45:58 -07:00
Eric Chiang a4cb57ab5d Documentation: add a doc describing how to use dex 2017-04-21 11:35:34 -07:00
Filip 57aa32562b Updated documentation for dex on k8s when RBAC authorization is used 2017-04-13 15:14:21 +02:00
Eric Chiang 74f5eaf47e connector/ldap: support the StartTLS flow for secure connections 
When connecting to an LDAP server, there are three ways to connect:

1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).

This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.

See a writeup here:

http://www.openldap.org/faq/data/cache/185.html
 2017-04-12 15:25:42 -07:00
Eric Chiang c3cafc8f39 Merge pull request #902 from ericchiang/saml-stable 
*: promote SAML to stable
 2017-04-11 10:13:22 -07:00