Commit graph

1052 commits

Author SHA1 Message Date
Joel Speed
5c88713177
Remove connectordata from other structs 2019-11-19 15:43:03 +00:00
Joel Speed
0352258093
Update handleRefreshToken logic 2019-11-19 15:43:01 +00:00
Joel Speed
575c792156
Store most recent refresh token in offline sessions 2019-11-19 15:40:56 +00:00
Nándor István Krácser
c392236f4f
Merge pull request #1586 from serhiimakogon/fix/refresh-handler
preferred_username claim added on refresh token
2019-11-19 15:39:17 +01:00
serhiimakogon
b793afd375 preferred_username claim added on refresh token 2019-11-19 16:27:34 +02:00
Nándor István Krácser
b7184be3dd
Merge pull request #1569 from bhageena/master
Fix spelling errors in docs
2019-11-05 10:34:40 +01:00
Nándor István Krácser
6d41541964
Merge pull request #1544 from kenperkins/saml-groups
Adding support for allowed groups in SAML Connector
2019-10-30 13:28:34 +01:00
Nándor István Krácser
f2590ee07d
Merge pull request #1545 from jacksontj/getUserInfo
Run getUserInfo prior to claim enforcement
2019-10-30 13:26:18 +01:00
Nándor István Krácser
d5d3abca6a
Merge pull request #1566 from dexidp/preferred_username
add preffered_username to idToken
2019-10-30 13:25:23 +01:00
Nándor István Krácser
0b56a47571
Merge pull request #1558 from aijingyc/fix_readme_branch
Fix URLs in curl cmd as stated in the overview doc.
2019-10-30 13:20:28 +01:00
Nándor István Krácser
799f29fdb5
Merge pull request #1571 from gosharplite/patch-1
Fix typo
2019-10-30 13:20:04 +01:00
Nándor István Krácser
a58d77a499
Merge pull request #1550 from dexidp/mysql-tx-isolation
storage/mysql: support pre-5.7.20 instances with tx_isolation only
2019-10-30 13:14:43 +01:00
Nándor István Krácser
0b55f121b4
Fix missing email in log message
Co-Authored-By: Felix Fontein <ff@dybuster.com>
2019-10-30 13:13:33 +01:00
Nándor István Krácser
3f8fd74185
Merge pull request #1568 from life1347/patch-1
Add note for redirect uri
2019-10-30 13:12:46 +01:00
Nandor Kracser
c1b421fa04 add preffered_username to idToken
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
2019-10-30 13:06:37 +01:00
Tony Hsu
6e35f24399
Fix typo 2019-10-22 11:27:12 +08:00
Chandan Rai
efdb5de6d8 Fix spelling errors in docs 2019-10-14 18:52:40 +05:30
Ta-Ching Chen
76c76a0b39
Add note for redirect uri 2019-10-13 15:24:22 +08:00
Joel Speed
4bede5eb80
Merge pull request #1554 from yanniszark/feature-web-templates-use-relative-urls
server: templates: use relative URLs to refer to assets
2019-10-03 10:49:18 +01:00
Yannis Zarkadas
69d13b766d gitignore: add .idea folder
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
2019-10-02 17:08:06 +03:00
Yannis Zarkadas
59beb7425f web: change header template to use new url function
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
2019-10-02 17:08:06 +03:00
Yannis Zarkadas
27944d4f8f templates: add new relativeURL function
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
2019-10-02 17:08:06 +03:00
Yannis Zarkadas
839130f01c handlers: change all handlers to pass down http request
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
2019-10-02 17:08:06 +03:00
j.ai
2c52c52686 Fix URLs in curl cmd as stated in the overview doc. 2019-09-27 17:45:52 -07:00
Nandor Kracser
d2c33db8a8 storage/mysql: support pre-5.7.20 instances with tx_isolation only 2019-09-23 09:36:01 +02:00
Thomas Jackson
512cb3169e Run getUserInfo prior to claim enforcement
If you have an oidc connector configured *and* that IDP provides thin
tokens (e.g. okta) then the majority of the requested claims come in the
getUserInfo call (such as email_verified). So if getUserInfo is
configured it should be run before claims are validated.
2019-09-13 11:10:44 -07:00
Ken Perkins
285c1f162e connector/saml: Adding group filtering
- 4 new tests
- Doc changes to use the group filtering
2019-09-10 10:53:19 -07:00
Stephan Renatus
8427f0f15c
Merge pull request #1543 from wassan128/fix-typo
Fix typo
2019-09-06 08:14:29 +02:00
wassan128
42e8619830 Fix typo 2019-09-06 09:55:09 +09:00
Stephan Renatus
3b7292a08f
Merge pull request #1520 from dexidp/gitlab-groups-scope
gitlab: add groups scope by default when filtering is requested
2019-09-04 12:21:57 +02:00
Joel Speed
179cce36ef
Merge pull request #1540 from stevendanna/ssd/cipher-suites
Use a more conservative set of CipherSuites
2019-09-02 11:36:43 +01:00
Steven Danna
46f48b33a1
Use a more conservative set of CipherSuites
The default cipher suites used by Go include a number of ciphers that
have known weaknesses. In addition to leaving users open to these
weaknesses, the inclusion of these weaker ciphers causes problems with
various automated scanning tools.

This PR disables the CBC-mode, RC4, and 3DES ciphers included in the
Go standard library by passing an explicit cipher suite list.

The ciphers included here are more line with those recommended by
Mozilla for "Intermediate" compatibility. [0]

*Performance Implications*

The Go standard library does capability-based cipher ordering,
preferring AES ciphers if the underlying hardware has AES specific
instructions. [1] Since all of the relevant code is internal modules,
to do the same thing ourselves would require duplicating that
code. Here, I've placed AES based ciphers first.

*Compatibility Implications*

This does reduce the number of clients who will be able to communicate
with dex.

[0] https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&hsts=false&ocsp=false
[1] a8c2e5c6ad/src/crypto/tls/common.go (L1091)

Signed-off-by: Steven Danna <steve@chef.io>
2019-08-31 17:34:55 +01:00
Stephan Renatus
c854e760db
Merge pull request #1539 from erwinvaneyk/replace-context-import
Replace x/net/context with stdlib context
2019-08-31 17:52:18 +02:00
erwinvaneyk
3e2217b3f4 Replace x/net/context with context of stdlib 2019-08-30 11:52:46 +02:00
Stephan Renatus
4f3ab1efb7
Merge pull request #1534 from jthabet/master
Pydio Cells adopters list
2019-08-29 16:25:45 +02:00
Stephan Renatus
15ec95bca9
Merge pull request #1521 from erwinvaneyk/patch-1
Clarify the origin of the ca file in the Kubernetes guide
2019-08-29 16:24:48 +02:00
Erwin van Eyk
5c99525ed3 Clarify the origin of openid-ca 2019-08-29 16:15:00 +02:00
j
a48f73f14a Pydio Cells adopters list 2019-08-28 16:20:37 +02:00
Stephan Renatus
133c2565be
Merge pull request #1530 from dexidp/ldap-error
connector/ldap: display login error
2019-08-23 12:32:23 +02:00
Stephan Renatus
1f31d1889a
Merge pull request #1529 from dkuerner/golang-update
Dockerfile: build with golang 1.12.9
2019-08-22 16:31:47 +02:00
Nandor Kracser
bd61535cb6 connector/ldap: display login error 2019-08-22 15:55:05 +02:00
Daniel Kürner
2dccdc2a1a Dockerfile: build with golang 1.12.9 2019-08-22 08:40:31 +02:00
Joel Speed
ab08d7b3a4
Merge pull request #1517 from venezia/iss-1513
storage/kubernetes: Removing Kubernetes TPR support
2019-08-14 14:45:12 +01:00
Michael Venezia
395febf808
storage/kubernetes: Removing Kubernetes TPR support
Third Party Resources (TPR) have been removed from Kubernetes for
roughly 2 years.  This commit removes the support dex had for them.

Documentation has been updated to reflect this and to instruct users
on how to migrate from TPR-powered dex environment to a Custom Resource
Defintion (CRD) based one that dex > v2.17 will support
2019-08-14 09:28:18 -04:00
Nandor Kracser
ef08ad8317 gitlab: add groups scope by default when filtering is requested 2019-08-14 13:33:46 +02:00
Stephan Renatus
aeb2861a40
Merge pull request #1519 from dexidp/sr/bump-deps-for-http2-issues
bump deps for http2 issues

https://github.com/grpc/grpc-go/releases/tag/v1.23.0

https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
2019-08-14 11:33:54 +02:00
Stephan Renatus
6e5a2b5ea1
deps: bump go-grpc (1.22.1 -> 1.23.0)
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-08-14 10:27:17 +02:00
Stephan Renatus
27b8426704
Dockerfile: build with golang 1.12.8
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-08-14 10:24:17 +02:00
Stephan Renatus
d328a5ebaa
Merge pull request #1516 from tpdownes/doc/oauth2_config
Add examples for recent additions to oauth2 configuration options
2019-08-13 10:24:10 +02:00
Tom Downes
963b8e992d
Add examples for recent additions to oauth2 configuration options 2019-08-09 11:58:37 -05:00