Commit graph

26 commits

Author SHA1 Message Date
Pavel Borzenkov
6193bf5566 connector: implement Microsoft connector
connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
  * common - both personal and business/school accounts
  * organizations - only business/school accounts
  * consumers - only personal accounts
  * <tenant uuid> - only account of specific tenant

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-11-23 17:01:34 +03:00
Stephan Renatus
41f663f70c show "back" link for password connectors
This way, the user who has selected, say, "Log in with Email" can make up
their mind, and select a different connector instead.

However, if there's only one connector set up, none of this makes sense -- and
the link will thus not be displayed.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-13 08:39:59 +01:00
Stephan Renatus
b09a13458f password connectors: allow overriding the username attribute (password prompt)
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Geoff Greer
3dfc4b430e Add tectonic-ldap matching rule to ldap icon. Fixes an issue where the ldap icon was missing in the tectonic console. 2017-11-02 15:33:30 -07:00
Pavel Borzenkov
ab06119431 connector: implement LinkedIn connector
connector/linkedin implements authorization strategy via LinkedIn's
OAuth2 endpoint + profile API.

It doesn't implement RefreshConnector as LinkedIn doesn't provide any
refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5
— Refresh your Access Tokens) and recommends ordinary AuthCode exchange
flow when token refresh is required.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2017-10-27 12:54:28 +03:00
cpanato
620695ed2b
tests: add ids to elements for testing automation 2017-10-10 11:38:14 +02:00
Amruta Chitnis
df8fc84851 Updates coreos themes and icons for various providers 2017-09-14 09:37:07 -07:00
rithu john
0ee40865a2 web/static/main.css: fix typo. 2017-02-20 08:48:36 -08:00
Eric Chiang
7f860e09b5 Merge pull request from ericchiang/html-template
{web,server}: use html/template and reduce use of auth request ID
2017-02-02 17:33:06 -08:00
Eric Chiang
72a431dd4b {web,server}: use html/template and reduce use of auth request ID
Switch from using "text/template" to "html/template", which provides
basic XSS preventions. We haven't identified any particular place
where unsanitized user data is rendered to the frontend. This is
just a preventative step.

At the same time, make more templates take pure URL instead of
forming an URL themselves using an "authReqID" argument. This will
help us stop using the auth req ID in certain places, preventing
garbage collection from killing login flows that wait too long at
the login screen.

Also increase the login session window (time between initial
redirect and the user logging in) from 30 minutes to 24 hours,
and display a more helpful error message when the session expires.

How to test:

1. Spin up dex and example with examples/config-dev.yaml.
2. Login through both the password prompt and the direct redirect.
3. Edit examples/config-dev.yaml removing the "connectors" section.
4. Ensure you can still login with a password.

(email/password is "admin@example.com" and "password")
2017-02-02 11:11:00 -08:00
Ali Javadi
e623ad4d35 connector: add GitLab connector 2017-01-28 01:36:02 +03:30
rithu john
75aa1c67ce server: add error HTML templates with error description. 2016-12-16 10:42:54 -08:00
Amruta Chitnis
b7439d1a75 Address PR comments 2016-12-01 14:06:08 -08:00
Amruta Chitnis
577d1af029 web: Updates classes in templates 2016-12-01 13:41:56 -08:00
Amruta Chitnis
2bc690591e web: Updates css 2016-12-01 13:41:50 -08:00
Amruta Chitnis
ea75973547 web: Adds tectonic specific files 2016-12-01 13:41:45 -08:00
Amruta Chitnis
0dc7870f39 web: Adds svg files for icons 2016-12-01 13:41:33 -08:00
Eric Chiang
5e61d5fe83 Revert "Merge pull request from amrutac/refactor-css"
This reverts commit 4d88eabb50, reversing
changes made to b38d355202.
2016-12-01 13:18:32 -08:00
Amruta Chitnis
170727454d web: Updates classes in templates 2016-12-01 12:18:12 -08:00
Amruta Chitnis
fabdae8e71 web: Updates css 2016-12-01 12:17:48 -08:00
Amruta Chitnis
da872ecd35 web: Adds tectonic specific files 2016-12-01 12:16:18 -08:00
Amruta Chitnis
513525c0ab web: Adds svg files for icons 2016-12-01 12:15:47 -08:00
Eric Chiang
391dc51c13 *: add theme based frontend configuration
This PR reworks the web layout so static files can be provided and
a "themes" directory to allow a certain degree of control over logos,
styles, etc.

This PR does NOT add general support for frontend customization,
only enough to allow us to start exploring theming internally.
The dex binary also must now be run from the root directory since
templates are no longer "compiled into" the binary.

The docker image has been updated with frontend assets.
2016-11-30 17:20:21 -08:00
Eric Chiang
7c2289e0de *: rename internally used "state" form value to "req"
"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.
2016-10-27 10:26:01 -07:00
Eric Chiang
7084a801d7 *: port oob template 2016-10-19 12:45:17 -07:00
Eric Chiang
91ff8a16cd web/templates: port templates from v1 2016-09-05 17:25:12 -07:00