Commit graph

16 commits

Author SHA1 Message Date
bobbyrullo
f51125f555 Merge pull request #304 from ericchiang/sqlite3
move to sqlite3 for --no-db mode and tests
2016-02-19 16:03:15 -08:00
Frode Nordahl
bedd4716b9 Make constants for default values, simplify logic 2016-02-16 23:58:41 +01:00
Frode Nordahl
508c24b10e Get DN from entry, not entryDN attribute
Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
2016-02-14 09:33:38 +01:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
bobbyrullo
376b1bcb67 Merge pull request #209 from ericchiang/conn_docs
connector: document Connector and ConnectorConfig interfaces
2015-12-21 10:00:22 -08:00
Eric Chiang
a5feafc80d connector: document Connector and ConnectorConfig interfaces
closes #203
2015-12-17 16:33:54 -08:00
Eric Chiang
f63ec158a5 Merge pull request #197 from ericchiang/oauth2_connector
connector: github and bitbucket oauth2 connectors added
2015-12-10 08:56:09 -08:00
Eric Chiang
3a23f6bc33 connector: add bitbucket connector
Add bitbucket implementation of oauth2 connector.
2015-12-08 10:19:29 -08:00
Eric Chiang
0d0790e05c connector: add github connector
Add interface for oauth2 connectors and a github implementation.
2015-12-08 10:17:18 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00