m.nabokikh
1f2771b57e
fix: do not run LDAP tests locally by default
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-20 12:55:52 +04:00
Mark Sagi-Kazar
6f70272bc3
test(connector/ldap): remove ldap test gate
...
Now that the ldap tests don't create containers on the fly
they can run the same way as other integration tests.
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-15 16:46:43 +01:00
Mark Sagi-Kazar
f11db50369
test(connector/ldap): rewrite tests to use a single server instance
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-15 16:37:03 +01:00
m.nabokikh
b2e9f67edc
Enable unparam, prealloc, sqlclosecheck linters
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-01-15 19:29:13 +04:00
Mark Sagi-Kazar
b8ac640c4f
Update oidc library
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-01-13 19:56:09 +01:00
Márk Sági-Kazár
4f326390aa
Merge pull request #1839 from seuf/authproxy-header-configuration
...
Allow configuration of returned auth proxy header
2021-01-07 10:40:57 +01:00
Márk Sági-Kazár
ee50c09313
Merge pull request #1888 from VF-mbrauer/UPN-Lowercase
...
Added the possibility to activate lowercase for UPN-Strings
2021-01-06 20:36:43 +01:00
Maik Brauer
0d53fa2f42
Merge branch 'UPN-Lowercase' of https://github.com/VF-mbrauer/dex into UPN-Lowercase
...
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
2021-01-05 21:48:02 +01:00
Maik Brauer
c55f17ea64
Adapted recommendation from Maintainer for PR #1888
...
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
2021-01-05 21:36:41 +01:00
Maik Brauer
4d246bc9dc
Adapted recommendation from Maintainer for PR #1888
...
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
2021-01-05 17:12:45 +01:00
Maik Brauer
eb9ef3b0ec
Added the possibility to acticate lowercase for UPN-Strings
...
Signed-off-by: Maik Brauer <maik.brauer@vodafone.com>
2021-01-04 15:07:14 +01:00
Josh Soref
84e9cb6947
spelling: verified
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:29 -05:00
Josh Soref
97d3e8fa7f
spelling: signature
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:29 -05:00
Josh Soref
801fd64a11
spelling: serviceaccount
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:29 -05:00
Josh Soref
791ad900cb
spelling: reuse
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:29 -05:00
Josh Soref
d3d447fcf1
spelling: readable
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:26 -05:00
Josh Soref
a996c4ba54
spelling: guaranteeing
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-19 22:53:26 -05:00
Thierry Sallé
e164bb381e
Apply suggestions from code review
...
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: seuf <seuf76@gmail.com>
2020-12-17 16:50:00 +01:00
seuf
a1c7198738
Rename config header to userHeader
...
Signed-off-by: seuf <seuf76@gmail.com>
2020-12-17 16:50:00 +01:00
seuf
f19bccfc92
Allow configuration of groups for authproxy
...
Signed-off-by: seuf <seuf76@gmail.com>
2020-12-17 16:50:00 +01:00
seuf
a12a919d3e
Allow configuration of returned auth proxy header
...
Signed-off-by: seuf <seuf76@gmail.com>
2020-12-17 16:50:00 +01:00
Stephen Augustus
57640cc7a9
connector/saml: Validate XML roundtrip data before processing request
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-12-08 07:26:48 -05:00
Mark Sagi-Kazar
349832b380
Run fixer
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-11-03 20:52:14 +01:00
m.nabokikh
a5ad5eaf08
fix: Minor style fixes after merging PKCE implementation
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-26 23:20:33 +04:00
m.nabokikh
1d83e4749d
Add gocritic
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-18 01:54:27 +04:00
m.nabokikh
4d63e9cd68
fix: Bump golangci-lint version and fix some linter's problems
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-18 01:02:29 +04:00
m.nabokikh
ec66cedfcc
feat: Add team groups support to bitbucket connector
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-04 20:50:59 +03:00
m.nabokikh
4b94469547
fix: Replace teams endpoint for bitbucket connector
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-03 20:30:23 +03:00
Márk Sági-Kazár
a64e7c2986
Merge pull request #1769 from batara666/master
...
ldap.go: drop else on returned if block
2020-09-16 17:47:52 +02:00
Rui Yang
058202d007
revert changes for user id and user name
...
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-09-08 13:12:59 -04:00
Rui Yang
0494993326
update oidc documentation and email claim err msg
...
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-09-08 10:03:57 -04:00
Rui Yang
41207ba265
Combine #1691 and #1776 to unify OIDC provider claim mapping
...
add tests for groups key mapping
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Scott Lemmon
a783667c57
Add groupsClaimMapping to the OIDC connector
...
The groupsClaimMapping setting allows one to specify which claim to pull
group information from the OIDC provider. Previously it assumed group
information was always in the "groups" claim, but that isn't the case
for many OIDC providers (such as AWS Cognito using the "cognito:groups"
claim instead)
Signed-off-by: Scott Lemmon <slemmon@aurora.tech>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Cyrille Nofficial
61312e726e
Add parameter configuration to override email claim key
...
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
52c39fb130
check if upstream contains preferrend username claim first
...
Signed-off-by: Rui Yang <ryang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
4812079647
add tests when preferred username key is not set
...
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Rui Yang
d9afb7e59c
default to preferred_username claim
...
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
Josh Winters
9a4e0fcd00
Make OIDC username key configurable
...
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2020-08-11 16:26:55 -04:00
batara666
6499f5bfd3
ldap.go: drop else on returned if block
2020-07-27 22:27:55 +07:00
Nándor István Krácser
62efe7bf07
Merge pull request #1441 from jimmythedog/1440-fix-msoft-refresh-token
...
dexidp#1440 Add offline_access scope, if required
2020-07-08 16:13:26 +02:00
Joel Speed
9d7e472c63
Merge pull request #1720 from candlerb/fix-google
...
Allow the "google" connector to work without a service account
2020-06-19 17:10:23 +01:00
techknowlogick
0a9f56527e
Add Gitea connector ( #1715 )
...
* Add Gitea connector
* Add details to readme
* resolve lint issue
2020-05-26 13:54:40 +02:00
Brian Candler
442d3de11d
Allow the "google" connector to work without a service account
...
Fixes #1718
2020-05-22 09:24:26 +00:00
Márk Sági-Kazár
709d4169d6
Merge pull request #1694 from flant/fix-openshift-root-ca
...
Fix OpenShift connector rootCA option
2020-05-12 13:55:45 +02:00
m.nabokikh
521aa0802f
Fix OpenShift connector rootCA option
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-05-12 15:31:27 +04:00
Stephan Renatus
4a0feaf589
connector/saml: add 'FilterGroups' setting
...
This should make AllowedGroups equivalent to an LDAP group filter:
When set to true, only the groups from AllowedGroups will be included in the
user's identity.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2020-05-12 13:29:05 +02:00
poh chiat
d87cf1c924
create github oauthconfig with redirecturl ( #1700 )
2020-05-12 13:23:00 +02:00
Martijn
0a85a97ba9
Allow preferred_username claim to be set for Crowd connector ( #1684 )
...
* Add atlassiancrowd connector to list in readme
* Add TestIdentityFromCrowdUser
* Set preferred_username claim when configured
* Add preferredUsernameField option to docs
* Log warning when mapping invalid crowd field
2020-04-23 20:14:15 +02:00
Ken Perkins
f6476b62f2
Added Email of Keystone to Identity ( #1681 )
...
* Added Email of Keystone to Identity
After the successful login to keystone, the Email of the logged in user
is fetch from keystone and provided to `identity.Email`.
This is useful for upstream software that uses the Email as the primary
identification.
* Removed unnecessary code from getUsers
* Changed creation of userResponse in keystone
* Fixing linter error
Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de>
2020-04-06 15:40:17 +02:00
Joel Speed
30ea963bb6
Merge pull request #1656 from taxibeat/oidc-prompt-type
...
Make prompt configurable for oidc offline_access
2020-02-28 10:56:13 +00:00