Eric Chiang
e5f60fe9dd
vendor: revendor
2017-03-08 10:33:36 -08:00
Eric Chiang
777eeafabc
*: update go-oidc and use standard library's context package
2017-03-08 10:33:19 -08:00
Eric Chiang
3e5480a859
Merge pull request #829 from ericchiang/fix-keys-expiry
...
server: fix expiry detection for verification keys
2017-03-01 12:46:23 -08:00
Eric Chiang
920f6fb5cd
Merge pull request #825 from ericchiang/http2
...
storage/kubernetes: enable HTTP/2 support
2017-03-01 12:46:07 -08:00
Eric Chiang
2c4752d5d4
server: fix expiry detection for verification keys
2017-03-01 12:43:45 -08:00
rithu leena john
3797a71ec9
Merge pull request #812 from rithujohn191/example-client
...
examples: adding a gRPC client example.
2017-02-28 13:34:23 -08:00
Eric Chiang
38c77e0f33
storage/kubernetes: enable HTTP/2 support
2017-02-28 12:42:06 -08:00
rithu john
fa2f76bcdb
examples: adding a gRPC client example.
2017-02-28 12:06:44 -08:00
rithu leena john
bb896a8222
Merge pull request #823 from ericchiang/tpr-already-exists
...
storage/kubernetes: fix conflict error detection in TRP creation
2017-02-27 11:21:43 -08:00
Eric Chiang
a7b8e52b92
storage/kubernetes: fix conflict error detection in TRP creation
...
PR #815 fixed the Kubernetes storage implementation by correctly
returning storage.ErrAlreadyExists on POST conflicts. This caused a
regression in TPR creation (#822 ) when some, but not all, of the
resources already existed. E.g. for users upgrading from old
versions of dex.
Fixes #822
2017-02-27 11:01:47 -08:00
rithu leena john
8e562dac2d
Merge pull request #819 from SEJeff/patch-1
...
[storage.md] Fix the ThirdPartyResource syntax
2017-02-24 13:55:19 -08:00
Jeff Schroeder
58d80547ef
[storage.md] Fix the ThirdPartyResource syntax
...
This makes manually creating the `o-auth2-client.oidc.coreos.com` actually work.
2017-02-24 15:35:29 -06:00
Eric Chiang
cd93930934
Merge pull request #817 from ericchiang/fix-hash-bug
...
storage/kubernetes: fix hash initialization bug
2017-02-24 12:58:22 -08:00
Eric Chiang
1da2ae279c
storage/kubernetes: fix hash initialization bug
2017-02-24 12:55:04 -08:00
Eric Chiang
25b902b0c2
Merge pull request #815 from ericchiang/fix-k8s-storage
...
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:31:45 -08:00
Eric Chiang
4be029c6c1
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:23:19 -08:00
Eric Chiang
58eb25aa60
Merge pull request #813 from SEJeff/patch-1
...
[Makefile] Allow specifying VERSION as an env var
2017-02-23 10:44:25 -08:00
Jeff Schroeder
4630f69f17
[Makefile] Allow specifying VERSION as an env var
...
This makes specifying the VERSION when building native operating system packages require less hacks.
Refs: #811
2017-02-23 12:23:33 -06:00
Eric Chiang
af0d9cebd1
Merge pull request #810 from caarlos0/patch-1
...
simplified clone: using go get
2017-02-22 08:38:13 -08:00
Carlos Alexandro Becker
f57e19e6ab
simplified clone: using go get
2017-02-22 09:33:01 -03:00
rithu leena john
c76832eaea
Merge pull request #809 from rithujohn191/set-error-flag
...
storage: Surface "already exists" errors.
2017-02-21 16:09:48 -08:00
rithu john
3df1db1864
storage: Surface "already exists" errors.
2017-02-21 15:00:22 -08:00
rithu leena john
90c80e700a
Merge pull request #807 from rithujohn191/fix-typo
...
web/static/main.css: fix typo.
2017-02-21 13:30:07 -08:00
rithu john
0ee40865a2
web/static/main.css: fix typo.
2017-02-20 08:48:36 -08:00
rithu leena john
7e9dc836eb
Merge pull request #802 from rithujohn191/token-revocation
...
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 08:43:58 -08:00
rithu john
1ec19d4fbf
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 07:48:20 -08:00
rithu leena john
b119ffddcb
Merge pull request #801 from rithujohn191/token-revocation
...
api: adding a gRPC call for listing refresh tokens.
2017-02-13 18:36:56 -08:00
rithu john
d201e49248
api: adding a gRPC call for listing refresh tokens.
2017-02-13 16:12:16 -08:00
rithu leena john
53e383670a
Merge pull request #793 from rithujohn191/token-revocation
...
storage: Add OfflineSession object to backend storage.
2017-02-09 19:46:00 -08:00
rithu john
d928ac0677
storage: Add OfflineSession object to backend storage.
2017-02-09 19:01:28 -08:00
rithu leena john
49f446c1a7
Merge pull request #800 from ericchiang/server-test-comments
...
server: clean up test comments and code flow
2017-02-07 10:37:32 -08:00
Eric Chiang
80038847de
server: clean up test comments and code flow
2017-02-07 10:31:51 -08:00
Eric Chiang
dd415f5e2f
Merge pull request #799 from ericchiang/thirdpartyresources
...
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 15:04:40 -08:00
rithu leena john
167d7be281
Merge pull request #790 from givia/github-teams-pagination
...
Fixes #706
2017-02-06 11:13:03 -08:00
Eric Chiang
adf3703962
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 10:35:27 -08:00
Eric Chiang
7f860e09b5
Merge pull request #796 from ericchiang/html-template
...
{web,server}: use html/template and reduce use of auth request ID
2017-02-02 17:33:06 -08:00
Eric Chiang
72a431dd4b
{web,server}: use html/template and reduce use of auth request ID
...
Switch from using "text/template" to "html/template", which provides
basic XSS preventions. We haven't identified any particular place
where unsanitized user data is rendered to the frontend. This is
just a preventative step.
At the same time, make more templates take pure URL instead of
forming an URL themselves using an "authReqID" argument. This will
help us stop using the auth req ID in certain places, preventing
garbage collection from killing login flows that wait too long at
the login screen.
Also increase the login session window (time between initial
redirect and the user logging in) from 30 minutes to 24 hours,
and display a more helpful error message when the session expires.
How to test:
1. Spin up dex and example with examples/config-dev.yaml.
2. Login through both the password prompt and the direct redirect.
3. Edit examples/config-dev.yaml removing the "connectors" section.
4. Ensure you can still login with a password.
(email/password is "admin@example.com" and "password")
2017-02-02 11:11:00 -08:00
rithu leena john
12f969364e
Merge pull request #794 from rithujohn191/saml-doc
...
Documentation: Minor changes to SAML connector doc.
2017-02-02 09:49:00 -08:00
rithu john
fecd596ae2
Documentation: Minor changes to SAML connector doc.
2017-02-01 11:28:46 -08:00
rithu leena john
42d0728048
Merge pull request #785 from holgerkoser/master
...
Improve SAML Signature and Response Validation
2017-02-01 11:14:13 -08:00
rithu leena john
27224cdc98
Merge pull request #788 from givia/gitlab-connector
...
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
Ali Javadi
e623ad4d35
connector: add GitLab connector
2017-01-28 01:36:02 +03:30
Eric Chiang
0dcf1bcf79
Merge pull request #792 from ericchiang/auth-endpoint-post
...
server: support POSTing to authorization endpoint
2017-01-27 13:36:02 -08:00
Eric Chiang
8541184afb
server: support POSTing to authorization endpoint
...
Fixes #791
2017-01-27 11:42:46 -08:00
rithu leena john
36883d0bbf
Merge pull request #789 from rithujohn191/token-revocation-proposal
...
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:39:13 -08:00
rithu john
d114b8ffc7
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:37:01 -08:00
Ali Javadi
98bfa4fbb1
Fixes #706
2017-01-27 05:12:58 +03:30
Holger Koser
27a1e9f1bd
vendor: revendor
2017-01-26 19:06:54 +01:00
Holger Koser
e46f2ebe40
Improve SAML Signature and Response Validation
...
* Improve Order of Namespace Declarations and Attributes in Canonical XML. This is related to an issue in goxmldsig for which I created an [pull request](https://github.com/russellhaering/goxmldsig/pull/17 ).
* Do not compress the AuthnRequest if `HTTP-POST` binding is used.
* SAML Response is valid if the Message and/or the Assertion is signed.
* Add `AssertionConsumerServiceURL` to `AuthnRequest`
* Validate Status on the Response
* Validate Conditions on the Assertion
* Validation SubjectConfirmation on the Subject
2017-01-26 19:05:40 +01:00
rithu leena john
48fcf66a35
Merge pull request #783 from rithujohn191/config-validation
...
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 17:03:50 -08:00