Commit graph

25 commits

Author SHA1 Message Date
Eric Chiang
8216a3d992 connector: fix path that connectors listen on
When Dex uses a non-root issuer URL, it current assumes that all
path prefixes will be trimmed by an upstream proxy (e.g. nginx).
This means that all paths rendered in HTML will be absolute to the
prefix, but the handlers still listen at the root.

Connectors are currently the only component that registers at a
non-root URL. Make this conform with the rest of Dex by having the
server determine the path the connector listens as rather than the
connector itself.
2016-07-25 14:32:24 -07:00
Eric Chiang
731dadb29d connector: add a group interface and an LDAP implementation 2016-07-19 11:23:04 -07:00
Eric Chiang
0e6adc24d8 connector: remove erroneous logging statement 2016-07-11 10:20:41 -07:00
Eric Chiang
5a78e89807 clean up LDAP connector
* Remove some unlikely to be used fields to help configurability.
  * Combined "serverHost" and "serverPort" into "host"
  * Remove "timeout" (just default to 30 seconds).
  * Remove "maxIdleConn" will add it back if users feel the need
    to control the number of cached connections.
  * Remove "trustedEmailProvider" (just always trust).
  * Remove "skipCertVerification" you can't make this connector
    ingore TLS errors.
* Fix configs that don't search before bind (previously broken).
* Add more examples to Documentation
* Refactor LDAPPool Acquire() and Put() into a Do() function which
  always does the flow correctly.
* Added more comments and renamed some functions.
* Moved methods on LDAPIdentityProvider to the LDAPConnector
2016-06-28 15:01:39 -07:00
Eric Chiang
b7674744ee *: don't let generated comment become package comment 2016-06-10 12:40:58 -07:00
Frode Nordahl
e531dd6be5 Implement connection pooling for LDAP connections
Fixes #309
2016-06-03 11:04:58 +02:00
Eric Chiang
35ea3d9ae1 *: add ability to set and list connectors from admin API
closes #360
2016-06-01 09:31:47 -07:00
Eric Chiang
ac73d3cdf2 *: load password infos from users file in no-db mode not connectors
In --no-db mode, load passwords from the users file instead of the
connectors file. This allows us to remove the password infos field
from the local connector and stop loading them during connector
registration, a case that was causing panics when using a real
database (see #286).

Fixes #286
Closes #340
2016-04-06 11:15:05 -07:00
Eric Chiang
221a1ad7a0 user: fix password info JSON encoding to survive round trips
PasswordInfos are marshaled when storing them in the database as
part of the local connector. However, the custom unmarsheler
defined could not unmarshal the standard marshling of this struct.

Add a struct tag to the Password field to correct this.

Closes #332
2016-02-23 16:25:56 -08:00
bobbyrullo
f51125f555 Merge pull request #304 from ericchiang/sqlite3
move to sqlite3 for --no-db mode and tests
2016-02-19 16:03:15 -08:00
Frode Nordahl
bedd4716b9 Make constants for default values, simplify logic 2016-02-16 23:58:41 +01:00
Frode Nordahl
508c24b10e Get DN from entry, not entryDN attribute
Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
2016-02-14 09:33:38 +01:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
bobbyrullo
376b1bcb67 Merge pull request #209 from ericchiang/conn_docs
connector: document Connector and ConnectorConfig interfaces
2015-12-21 10:00:22 -08:00
Eric Chiang
a5feafc80d connector: document Connector and ConnectorConfig interfaces
closes #203
2015-12-17 16:33:54 -08:00
Eric Chiang
f63ec158a5 Merge pull request #197 from ericchiang/oauth2_connector
connector: github and bitbucket oauth2 connectors added
2015-12-10 08:56:09 -08:00
Eric Chiang
3a23f6bc33 connector: add bitbucket connector
Add bitbucket implementation of oauth2 connector.
2015-12-08 10:19:29 -08:00
Eric Chiang
0d0790e05c connector: add github connector
Add interface for oauth2 connectors and a github implementation.
2015-12-08 10:17:18 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00