Commit graph

172 commits

Author SHA1 Message Date
Thomas Jackson
21ab30d207 Add option to enable groups for oidc connectors
There's been some discussion in #1065 regarding what to do about
refreshing groups. As it stands today dex doesn't update any of the
claims on refresh (groups would just be another one). The main concern
with enabling it is that group claims may change more frequently. While
we continue to wait on the upstream refresh flows, this adds an option
to enable the group claim. This is disabled by default (so no behavioral
change) but enables those that are willing to have the delay in group
claim change to use oidc IDPs.

Workaround to #1065
2019-09-13 15:50:33 -07:00
Stephan Renatus
15ec95bca9
Merge pull request #1521 from erwinvaneyk/patch-1
Clarify the origin of the ca file in the Kubernetes guide
2019-08-29 16:24:48 +02:00
Erwin van Eyk
5c99525ed3 Clarify the origin of openid-ca 2019-08-29 16:15:00 +02:00
Michael Venezia
395febf808
storage/kubernetes: Removing Kubernetes TPR support
Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years.  This commit removes the support dex had for them.

Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support
2019-08-14 09:28:18 -04:00
Stephan Renatus
d9f6ab4a68
Merge pull request #1512 from venezia/add_reflection
Add reflection to gRPC API (configurable)
2019-08-07 13:56:33 +02:00
Michael Venezia
b65966d744
cmd/dex: adding reflection to grpc api, enabled through configuration 2019-08-07 07:37:39 -04:00
Marc-André Dufresne
d458e882aa
Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
mkontani
c067761df6 fix mysql sample query 2019-07-30 03:49:53 +09:00
Nandor Kracser
ff34e570b4 connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-28 19:49:49 +02:00
Maxime Desrosiers
458585008b
microsoft: option for group UUIDs instead of name and group whitelist 2019-07-25 09:14:33 -04:00
Stephan Renatus
e3203382fc
Merge pull request #1493 from srenatus/sr/adopters
ADOPTERS: replace Documentation/production-users.md, add Chef
2019-07-23 17:08:11 +02:00
Nandor Kracser
a572ad8fec storage/sql: rework of the original MySQL PR 2019-07-23 14:27:10 +02:00
Stephan Renatus
447f24a81b
ADOPTERS: replace Documentation/production-users.md, add Chef
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-07-23 14:01:17 +02:00
flarno11
8c1716d356 make userName configurable 2019-06-03 14:09:07 +02:00
cappyzawa
9650836851 make userID configurable 2019-05-24 19:52:33 +09:00
Thomas Jackson
52d09a2dfa Add option in oidc to hit the optional userinfo endpoint
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
2019-05-23 09:20:48 -07:00
Eric Chiang
0babb2df18
Merge pull request #1435 from bonifaido/bitbucket-docs
docs: update bitbucket permission requirements
2019-05-12 10:33:01 -07:00
Nandor Kracser
a08a5811d4 gitlab: support for group whitelist 2019-04-25 12:50:29 +02:00
Nandor Kracser
b1931fc9bd docs: update bitbucket permission requirements 2019-04-25 10:45:00 +02:00
Gerald Barker
fc723af0fe Add option to OIDC connecter to override email_verified to true 2019-03-05 21:24:02 +00:00
Takashi Okamoto
ac290f77aa Fix typo. 2019-02-23 16:34:10 +00:00
Eric Chiang
e913a252cd
Merge pull request #1410 from sagikazarmark/fix-typo
Fix typo
2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar
c48cb36e8f
Fix typo 2019-02-22 20:54:19 +01:00
Nandor Kracser
6c71b330a8 production users: add Banzai Cloud 2019-02-22 16:40:34 +01:00
Stephan Renatus
7bd4071b4c
Merge pull request #1396 from jtnord/useLoginId-dexidp
Use github login as the id
2019-02-05 13:54:49 +01:00
James Nord
9840fccdbb rename useLoginAsId -> useLoginAsID 2019-02-04 14:05:57 +00:00
Stephan Renatus
b6f4740a15
Merge pull request #1390 from okamototk/activedirectory
Add Active Directory and kubelogin integration sample.
2019-02-03 11:09:33 +01:00
James Nord
1911b52c6b Add documentation for the new GitHub useLoginAsId option 2019-02-01 11:37:40 +00:00
Stephan Renatus
4abf3b2102
docs: mirror resolution of #1281 in dev doc
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:29:12 +01:00
Takashi Okamoto
337bbe5f09 fix typos. 2019-01-26 10:44:50 +00:00
Takashi Okamoto
1b7b3515d7 Add Active Directory instruction. 2019-01-26 04:26:01 +00:00
Takashi Okamoto
fbdb55aba9 Add doc for kubelogin and Active Directory ingtegration sample. 2019-01-26 04:16:55 +00:00
Joshua M. Dotson
46296ab9d0 Documentation/dev-dependencies.md: Update for Go modules 2018-12-04 20:06:22 +00:00
Stephan Renatus
007e4dae3c
Merge pull request #1358 from OwenTuz/issue-1132-initial-kubernetes-documentation-improvements
Kubernetes docs: clarify steps around use/creation of TLS assets.
2018-11-26 13:54:44 +01:00
Owen Tuz
9ea2ade208 LDAP docs - remove extra wording re DN 2018-11-26 11:50:44 +00:00
Owen Tuz
e603a5e631 LDAP connector - Document that 'DN' must be in capitals 2018-11-26 10:02:41 +00:00
Owen Tuz
9b5122568a Kubernetes docs: replace absolute link with relative 2018-11-23 13:54:49 +00:00
Owen Tuz
72c9cf43a9 Fix comment in LDAP query documentation 2018-11-23 11:00:18 +00:00
Owen Tuz
45eb9b279b Kubernetes docs: wording nitpicks 2018-11-23 10:53:37 +00:00
Owen Tuz
58093dbb29 Kubernetes example: Add RBAC resources and serviceAccount to YAML manifest, remove some references to deprecated TPR approach 2018-11-23 10:48:00 +00:00
Owen Tuz
e028b79c97 Kubernetes docs: clarify steps around use/creation of TLS assets. 2018-11-22 13:37:50 +00:00
Stephan Renatus
58b546a5be
dev-integration-test: add etcd notes
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
cbcb1f61f3
dev-integration-tests: update database steps (just use docker)
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Josh Winters
bb11a1ebee github: add 'both' team name field option
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
2018-11-20 10:12:44 -05:00
Stephan Renatus
7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups
Add config to explicitly enable loading all github groups

Follow-up for #1102.
2018-11-20 15:15:25 +01:00
Stephan Renatus
84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups
Gitlab connector should not require the api scope.

Fixes #1347.
2018-11-20 14:49:11 +01:00
gypsydiver
f21e6a0f00 gypsydiver/1347-pr-gitlab-groups 2018-11-20 11:18:50 +01:00
Alexander Matyushentsev
7bd084bc07 Issue #1102 - Add config to explicitly enable loading all github groups 2018-11-19 10:14:38 -08:00
Alex Suraci
7c63be4104 remove incomplete mysql and cockroachdb support 2018-11-16 18:07:20 +00:00
Alexander Matyushentsev
e5ebcf518a Update github connector documentation 2018-11-15 09:24:21 -08:00