feat: connector for Atlassian Crowd
This commit is contained in:
parent
0f1927a1ba
commit
7ef1179e75
6 changed files with 650 additions and 0 deletions
39
Documentation/connectors/atlassian-crowd.md
Normal file
39
Documentation/connectors/atlassian-crowd.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
Authentication through Atlassian Crowd
|
||||
|
||||
## Overview
|
||||
|
||||
Atlassian Crowd is a centralized identity management solution providing single sign-on and user identity.
|
||||
|
||||
Current connector uses request to [Crowd REST API](https://developer.atlassian.com/server/crowd/json-requests-and-responses/) endpoints:
|
||||
* `/user` - to get user-info
|
||||
* `/session` - to authenticate the user
|
||||
|
||||
Offline Access scope support provided with a new request to user authentication and user info endpoints.
|
||||
|
||||
## Configuration
|
||||
To start using the Atlassian Crowd connector, firstly you need to register an application in your Crowd like specified in the [docs](https://confluence.atlassian.com/crowd/adding-an-application-18579591.html).
|
||||
|
||||
The following is an example of a configuration for dex `examples/config-dev.yaml`:
|
||||
|
||||
```yaml
|
||||
connectors:
|
||||
- type: atlassian-crowd
|
||||
# Required field for connector id.
|
||||
id: crowd
|
||||
# Required field for connector name.
|
||||
name: Crowd
|
||||
config:
|
||||
# Required field to connect to Crowd.
|
||||
baseURL: https://crowd.example.com/crowd
|
||||
# Credentials can be string literals or pulled from the environment.
|
||||
clientID: $ATLASSIAN_CROWD_APPLICATION_ID
|
||||
clientSecret: $ATLASSIAN_CROWD_CLIENT_SECRET
|
||||
# Optional groups whitelist, communicated through the "groups" scope.
|
||||
# If `groups` is omitted, all of the user's Crowd groups are returned when the groups scope is present.
|
||||
# If `groups` is provided, this acts as a whitelist - only the user's Crowd groups that are in the configured `groups` below will go into the groups claim.
|
||||
# Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
|
||||
groups:
|
||||
- my-group
|
||||
# Prompt for username field.
|
||||
usernamePrompt: Login
|
||||
```
|
437
connector/atlassiancrowd/atlassiancrowd.go
Normal file
437
connector/atlassiancrowd/atlassiancrowd.go
Normal file
|
@ -0,0 +1,437 @@
|
|||
// Package atlassiancrowd provides authentication strategies using Atlassian Crowd.
|
||||
package atlassiancrowd
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/dexidp/dex/connector"
|
||||
"github.com/dexidp/dex/pkg/groups"
|
||||
"github.com/dexidp/dex/pkg/log"
|
||||
)
|
||||
|
||||
// Config holds configuration options for Atlassian Crowd connector.
|
||||
// Crowd connectors require executing two queries, the first to find
|
||||
// the user based on the username and password given to the connector.
|
||||
// The second to use the user entry to search for groups.
|
||||
//
|
||||
// An example config:
|
||||
//
|
||||
// type: atlassian-crowd
|
||||
// config:
|
||||
// baseURL: https://crowd.example.com/context
|
||||
// clientID: applogin
|
||||
// clientSecret: appP4$$w0rd
|
||||
// # users can be restricted by a list of groups
|
||||
// groups:
|
||||
// - admin
|
||||
// # Prompt for username field
|
||||
// usernamePrompt: Login
|
||||
//
|
||||
type Config struct {
|
||||
BaseURL string `json:"baseURL"`
|
||||
ClientID string `json:"clientID"`
|
||||
ClientSecret string `json:"clientSecret"`
|
||||
Groups []string `json:"groups"`
|
||||
|
||||
// UsernamePrompt allows users to override the username attribute (displayed
|
||||
// in the username/password prompt). If unset, the handler will use.
|
||||
// "Username".
|
||||
UsernamePrompt string `json:"usernamePrompt"`
|
||||
}
|
||||
|
||||
type crowdUser struct {
|
||||
Key string
|
||||
Name string
|
||||
Active bool
|
||||
Email string
|
||||
}
|
||||
|
||||
type crowdGroups struct {
|
||||
Groups []struct {
|
||||
Name string
|
||||
} `json:"groups"`
|
||||
}
|
||||
|
||||
type crowdAuthentication struct {
|
||||
Token string
|
||||
User struct {
|
||||
Name string
|
||||
} `json:"user"`
|
||||
CreatedDate uint64 `json:"created-date"`
|
||||
ExpiryDate uint64 `json:"expiry-date"`
|
||||
}
|
||||
|
||||
type crowdAuthenticationError struct {
|
||||
Reason string
|
||||
Message string
|
||||
}
|
||||
|
||||
// Open returns a strategy for logging in through Atlassian Crowd
|
||||
func (c *Config) Open(_ string, logger log.Logger) (connector.Connector, error) {
|
||||
if c.BaseURL == "" {
|
||||
return nil, fmt.Errorf("crowd: no baseURL provided for crowd connector")
|
||||
}
|
||||
return &crowdConnector{Config: *c, logger: logger}, nil
|
||||
}
|
||||
|
||||
type crowdConnector struct {
|
||||
Config
|
||||
logger log.Logger
|
||||
}
|
||||
|
||||
var (
|
||||
_ connector.PasswordConnector = (*crowdConnector)(nil)
|
||||
_ connector.RefreshConnector = (*crowdConnector)(nil)
|
||||
)
|
||||
|
||||
type refreshData struct {
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
func (c *crowdConnector) Login(ctx context.Context, s connector.Scopes, username, password string) (ident connector.Identity, validPass bool, err error) {
|
||||
// make this check to avoid empty passwords.
|
||||
if password == "" {
|
||||
return connector.Identity{}, false, nil
|
||||
}
|
||||
|
||||
// We want to return a different error if the user's password is incorrect vs
|
||||
// if there was an error.
|
||||
incorrectPass := false
|
||||
var user crowdUser
|
||||
|
||||
client := c.crowdAPIClient()
|
||||
|
||||
if incorrectPass, err = c.authenticateWithPassword(ctx, client, username, password); err != nil {
|
||||
return connector.Identity{}, false, err
|
||||
}
|
||||
|
||||
if incorrectPass {
|
||||
return connector.Identity{}, false, nil
|
||||
}
|
||||
|
||||
if user, err = c.user(ctx, client, username); err != nil {
|
||||
return connector.Identity{}, false, err
|
||||
}
|
||||
|
||||
if ident, err = c.identityFromCrowdUser(user); err != nil {
|
||||
return connector.Identity{}, false, err
|
||||
}
|
||||
|
||||
if s.Groups {
|
||||
userGroups, err := c.getGroups(ctx, client, s.Groups, ident.Username)
|
||||
if err != nil {
|
||||
return connector.Identity{}, false, fmt.Errorf("crowd: failed to query groups: %v", err)
|
||||
}
|
||||
ident.Groups = userGroups
|
||||
}
|
||||
|
||||
if s.OfflineAccess {
|
||||
refresh := refreshData{Username: username}
|
||||
// Encode entry for following up requests such as the groups query and refresh attempts.
|
||||
if ident.ConnectorData, err = json.Marshal(refresh); err != nil {
|
||||
return connector.Identity{}, false, fmt.Errorf("crowd: marshal refresh data: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return ident, true, nil
|
||||
}
|
||||
|
||||
func (c *crowdConnector) Refresh(ctx context.Context, s connector.Scopes, ident connector.Identity) (connector.Identity, error) {
|
||||
var data refreshData
|
||||
if err := json.Unmarshal(ident.ConnectorData, &data); err != nil {
|
||||
return ident, fmt.Errorf("crowd: failed to unmarshal internal data: %v", err)
|
||||
}
|
||||
|
||||
var user crowdUser
|
||||
client := c.crowdAPIClient()
|
||||
|
||||
user, err := c.user(ctx, client, data.Username)
|
||||
if err != nil {
|
||||
return ident, fmt.Errorf("crowd: get user %q: %v", data.Username, err)
|
||||
}
|
||||
|
||||
newIdent, err := c.identityFromCrowdUser(user)
|
||||
if err != nil {
|
||||
return ident, err
|
||||
}
|
||||
newIdent.ConnectorData = ident.ConnectorData
|
||||
|
||||
// If user exists, authenticate it to prolong sso session.
|
||||
err = c.authenticateUser(ctx, client, data.Username)
|
||||
if err != nil {
|
||||
return ident, fmt.Errorf("crowd: authenticate user: %v", err)
|
||||
}
|
||||
|
||||
if s.Groups {
|
||||
userGroups, err := c.getGroups(ctx, client, s.Groups, newIdent.Username)
|
||||
if err != nil {
|
||||
return connector.Identity{}, fmt.Errorf("crowd: failed to query groups: %v", err)
|
||||
}
|
||||
newIdent.Groups = userGroups
|
||||
}
|
||||
return newIdent, nil
|
||||
}
|
||||
|
||||
func (c *crowdConnector) Prompt() string {
|
||||
return c.UsernamePrompt
|
||||
}
|
||||
|
||||
func (c *crowdConnector) crowdAPIClient() *http.Client {
|
||||
return &http.Client{
|
||||
Transport: &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
DialContext: (&net.Dialer{
|
||||
Timeout: 30 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).DialContext,
|
||||
MaxIdleConns: 100,
|
||||
IdleConnTimeout: 90 * time.Second,
|
||||
TLSHandshakeTimeout: 10 * time.Second,
|
||||
ExpectContinueTimeout: 1 * time.Second,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// authenticateWithPassword creates a new session for user and validates a password with Crowd API
|
||||
func (c *crowdConnector) authenticateWithPassword(ctx context.Context, client *http.Client, username string, password string) (invalidPass bool, err error) {
|
||||
req, err := c.crowdUserManagementRequest(ctx,
|
||||
"POST",
|
||||
"/session",
|
||||
struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}{Username: username, Password: password},
|
||||
)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("crowd: new auth pass api request %v", err)
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("crowd: api request %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := c.validateCrowdResponse(resp)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusCreated {
|
||||
var authError crowdAuthenticationError
|
||||
if err := json.Unmarshal(body, &authError); err != nil {
|
||||
return false, fmt.Errorf("unmarshal auth pass response: %d %v %q", resp.StatusCode, err, string(body))
|
||||
}
|
||||
|
||||
if authError.Reason == "INVALID_USER_AUTHENTICATION" {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return false, fmt.Errorf("%s: %s", resp.Status, authError.Message)
|
||||
}
|
||||
|
||||
var authResponse crowdAuthentication
|
||||
|
||||
if err := json.Unmarshal(body, &authResponse); err != nil {
|
||||
return false, fmt.Errorf("decode auth response: %v", err)
|
||||
}
|
||||
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// authenticateUser creates a new session for user without password validations with Crowd API
|
||||
func (c *crowdConnector) authenticateUser(ctx context.Context, client *http.Client, username string) error {
|
||||
req, err := c.crowdUserManagementRequest(ctx,
|
||||
"POST",
|
||||
"/session?validate-password=false",
|
||||
struct {
|
||||
Username string `json:"username"`
|
||||
}{Username: username},
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("crowd: new auth api request %v", err)
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("crowd: api request %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := c.validateCrowdResponse(resp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusCreated {
|
||||
return fmt.Errorf("%s: %s", resp.Status, body)
|
||||
}
|
||||
|
||||
var authResponse crowdAuthentication
|
||||
|
||||
if err := json.Unmarshal(body, &authResponse); err != nil {
|
||||
return fmt.Errorf("decode auth response: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// user retrieves user info from Crowd API
|
||||
func (c *crowdConnector) user(ctx context.Context, client *http.Client, username string) (crowdUser, error) {
|
||||
var user crowdUser
|
||||
|
||||
req, err := c.crowdUserManagementRequest(ctx,
|
||||
"GET",
|
||||
fmt.Sprintf("/user?username=%s", username),
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
return user, fmt.Errorf("crowd: new user api request %v", err)
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return user, fmt.Errorf("crowd: api request %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := c.validateCrowdResponse(resp)
|
||||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return user, fmt.Errorf("%s: %s", resp.Status, body)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(body, &user); err != nil {
|
||||
return user, fmt.Errorf("failed to decode response: %v", err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// groups retrieves groups from Crowd API
|
||||
func (c *crowdConnector) groups(ctx context.Context, client *http.Client, username string) (userGroups []string, err error) {
|
||||
var crowdGroups crowdGroups
|
||||
|
||||
req, err := c.crowdUserManagementRequest(ctx,
|
||||
"GET",
|
||||
fmt.Sprintf("/user/group/nested?username=%s", username),
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("crowd: new groups api request %v", err)
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("crowd: api request %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := c.validateCrowdResponse(resp)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("%s: %s", resp.Status, body)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(body, &crowdGroups); err != nil {
|
||||
return nil, fmt.Errorf("failed to decode response: %v", err)
|
||||
}
|
||||
|
||||
for _, group := range crowdGroups.Groups {
|
||||
userGroups = append(userGroups, group.Name)
|
||||
}
|
||||
|
||||
return userGroups, nil
|
||||
}
|
||||
|
||||
// identityFromCrowdUser converts crowdUser to Identity
|
||||
func (c *crowdConnector) identityFromCrowdUser(user crowdUser) (connector.Identity, error) {
|
||||
identity := connector.Identity{
|
||||
Username: user.Name,
|
||||
UserID: user.Key,
|
||||
Email: user.Email,
|
||||
EmailVerified: true,
|
||||
}
|
||||
|
||||
return identity, nil
|
||||
}
|
||||
|
||||
// getGroups retrieves a list of user's groups and filters it
|
||||
func (c *crowdConnector) getGroups(ctx context.Context, client *http.Client, groupScope bool, userLogin string) ([]string, error) {
|
||||
crowdGroups, err := c.groups(ctx, client, userLogin)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(c.Groups) > 0 {
|
||||
filteredGroups := groups.Filter(crowdGroups, c.Groups)
|
||||
if len(filteredGroups) == 0 {
|
||||
return nil, fmt.Errorf("crowd: user %q is not in any of the required groups", userLogin)
|
||||
}
|
||||
return filteredGroups, nil
|
||||
} else if groupScope {
|
||||
return crowdGroups, nil
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// crowdUserManagementRequest create a http.Request with basic auth, json payload and Accept header
|
||||
func (c *crowdConnector) crowdUserManagementRequest(ctx context.Context, method string, apiURL string, jsonPayload interface{}) (*http.Request, error) {
|
||||
var body io.Reader
|
||||
if jsonPayload != nil {
|
||||
jsonData, err := json.Marshal(jsonPayload)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("crowd: marshal API json payload: %v", err)
|
||||
}
|
||||
body = bytes.NewReader(jsonData)
|
||||
}
|
||||
|
||||
req, err := http.NewRequest(method, fmt.Sprintf("%s/rest/usermanagement/1%s", c.BaseURL, apiURL), body)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("new API req: %v", err)
|
||||
}
|
||||
req = req.WithContext(ctx)
|
||||
|
||||
// Crowd API requires a basic auth
|
||||
req.SetBasicAuth(c.ClientID, c.ClientSecret)
|
||||
req.Header.Set("Accept", "application/json")
|
||||
if jsonPayload != nil {
|
||||
req.Header.Set("Content-type", "application/json")
|
||||
}
|
||||
return req, nil
|
||||
}
|
||||
|
||||
// validateCrowdResponse validates unique not JSON responses from API
|
||||
func (c *crowdConnector) validateCrowdResponse(resp *http.Response) ([]byte, error) {
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("crowd: read user body: %v", err)
|
||||
}
|
||||
|
||||
if resp.StatusCode == http.StatusForbidden && strings.Contains(string(body), "The server understood the request but refuses to authorize it.") {
|
||||
c.logger.Debugf("crowd response validation failed: %s", string(body))
|
||||
return nil, fmt.Errorf("dex is forbidden from making requests to the Atlassian Crowd application by URL %q", c.BaseURL)
|
||||
}
|
||||
|
||||
if resp.StatusCode == http.StatusUnauthorized && string(body) == "Application failed to authenticate" {
|
||||
c.logger.Debugf("crowd response validation failed: %s", string(body))
|
||||
return nil, fmt.Errorf("dex failed to authenticate Crowd Application with ID %q", c.ClientID)
|
||||
}
|
||||
return body, nil
|
||||
}
|
150
connector/atlassiancrowd/atlassiancrowd_test.go
Normal file
150
connector/atlassiancrowd/atlassiancrowd_test.go
Normal file
|
@ -0,0 +1,150 @@
|
|||
// Package atlassiancrowd provides authentication strategies using Atlassian Crowd.
|
||||
package atlassiancrowd
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func TestUserGroups(t *testing.T) {
|
||||
s := newTestServer(map[string]TestServerResponse{
|
||||
"/rest/usermanagement/1/user/group/nested?username=testuser": {
|
||||
Body: crowdGroups{Groups: []struct{ Name string }{{Name: "group1"}, {Name: "group2"}}},
|
||||
Code: 200,
|
||||
},
|
||||
})
|
||||
defer s.Close()
|
||||
|
||||
c := newTestCrowdConnector(s.URL)
|
||||
groups, err := c.getGroups(context.Background(), newClient(), true, "testuser")
|
||||
|
||||
expectNil(t, err)
|
||||
expectEquals(t, groups, []string{"group1", "group2"})
|
||||
}
|
||||
|
||||
func TestUserGroupsWithFiltering(t *testing.T) {
|
||||
s := newTestServer(map[string]TestServerResponse{
|
||||
"/rest/usermanagement/1/user/group/nested?username=testuser": {
|
||||
Body: crowdGroups{Groups: []struct{ Name string }{{Name: "group1"}, {Name: "group2"}}},
|
||||
Code: 200,
|
||||
},
|
||||
})
|
||||
defer s.Close()
|
||||
|
||||
c := newTestCrowdConnector(s.URL)
|
||||
c.Groups = []string{"group1"}
|
||||
groups, err := c.getGroups(context.Background(), newClient(), true, "testuser")
|
||||
|
||||
expectNil(t, err)
|
||||
expectEquals(t, groups, []string{"group1"})
|
||||
}
|
||||
|
||||
func TestUserLoginFlow(t *testing.T) {
|
||||
s := newTestServer(map[string]TestServerResponse{
|
||||
"/rest/usermanagement/1/session?validate-password=false": {
|
||||
Body: crowdAuthentication{},
|
||||
Code: 201,
|
||||
},
|
||||
"/rest/usermanagement/1/user?username=testuser": {
|
||||
Body: crowdUser{Active: true, Name: "testuser", Email: "testuser@example.com"},
|
||||
Code: 200,
|
||||
},
|
||||
"/rest/usermanagement/1/user?username=testuser2": {
|
||||
Body: `<html>The server understood the request but refuses to authorize it.</html>`,
|
||||
Code: 403,
|
||||
},
|
||||
})
|
||||
defer s.Close()
|
||||
|
||||
c := newTestCrowdConnector(s.URL)
|
||||
user, err := c.user(context.Background(), newClient(), "testuser")
|
||||
expectNil(t, err)
|
||||
expectEquals(t, user.Name, "testuser")
|
||||
expectEquals(t, user.Email, "testuser@example.com")
|
||||
|
||||
_, err = c.identityFromCrowdUser(user)
|
||||
expectNil(t, err)
|
||||
|
||||
err = c.authenticateUser(context.Background(), newClient(), "testuser")
|
||||
expectNil(t, err)
|
||||
|
||||
_, err = c.user(context.Background(), newClient(), "testuser2")
|
||||
expectEquals(t, err, fmt.Errorf("dex is forbidden from making requests to the Atlassian Crowd application by URL %q", s.URL))
|
||||
}
|
||||
|
||||
func TestUserPassword(t *testing.T) {
|
||||
s := newTestServer(map[string]TestServerResponse{
|
||||
"/rest/usermanagement/1/session": {
|
||||
Body: crowdAuthenticationError{Reason: "INVALID_USER_AUTHENTICATION", Message: "test"},
|
||||
Code: 401,
|
||||
},
|
||||
"/rest/usermanagement/1/session?validate-password=false": {
|
||||
Body: crowdAuthentication{},
|
||||
Code: 201,
|
||||
},
|
||||
})
|
||||
defer s.Close()
|
||||
|
||||
c := newTestCrowdConnector(s.URL)
|
||||
invalidPassword, err := c.authenticateWithPassword(context.Background(), newClient(), "testuser", "testpassword")
|
||||
|
||||
expectNil(t, err)
|
||||
expectEquals(t, invalidPassword, true)
|
||||
|
||||
err = c.authenticateUser(context.Background(), newClient(), "testuser")
|
||||
expectNil(t, err)
|
||||
}
|
||||
|
||||
type TestServerResponse struct {
|
||||
Body interface{}
|
||||
Code int
|
||||
}
|
||||
|
||||
func newTestCrowdConnector(baseURL string) crowdConnector {
|
||||
connector := crowdConnector{}
|
||||
connector.BaseURL = baseURL
|
||||
connector.logger = &logrus.Logger{
|
||||
Out: ioutil.Discard,
|
||||
Level: logrus.DebugLevel,
|
||||
Formatter: &logrus.TextFormatter{DisableColors: true},
|
||||
}
|
||||
return connector
|
||||
}
|
||||
|
||||
func newTestServer(responses map[string]TestServerResponse) *httptest.Server {
|
||||
s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
response := responses[r.RequestURI]
|
||||
w.Header().Add("Content-Type", "application/json")
|
||||
w.WriteHeader(response.Code)
|
||||
json.NewEncoder(w).Encode(response.Body)
|
||||
}))
|
||||
return s
|
||||
}
|
||||
|
||||
func newClient() *http.Client {
|
||||
tr := &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
return &http.Client{Transport: tr}
|
||||
}
|
||||
|
||||
func expectNil(t *testing.T, a interface{}) {
|
||||
if a != nil {
|
||||
t.Errorf("Expected %+v to equal nil", a)
|
||||
}
|
||||
}
|
||||
|
||||
func expectEquals(t *testing.T, a interface{}, b interface{}) {
|
||||
if !reflect.DeepEqual(a, b) {
|
||||
t.Errorf("Expected %+v to equal %+v", a, b)
|
||||
}
|
||||
}
|
|
@ -21,6 +21,7 @@ import (
|
|||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
"github.com/dexidp/dex/connector"
|
||||
"github.com/dexidp/dex/connector/atlassiancrowd"
|
||||
"github.com/dexidp/dex/connector/authproxy"
|
||||
"github.com/dexidp/dex/connector/bitbucketcloud"
|
||||
"github.com/dexidp/dex/connector/github"
|
||||
|
@ -471,6 +472,7 @@ var ConnectorsConfig = map[string]func() ConnectorConfig{
|
|||
"microsoft": func() ConnectorConfig { return new(microsoft.Config) },
|
||||
"bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) },
|
||||
"openshift": func() ConnectorConfig { return new(openshift.Config) },
|
||||
"atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) },
|
||||
// Keep around for backwards compatibility.
|
||||
"samlExperimental": func() ConnectorConfig { return new(saml.Config) },
|
||||
}
|
||||
|
|
17
web/static/img/atlassian-crowd-icon.svg
Normal file
17
web/static/img/atlassian-crowd-icon.svg
Normal file
|
@ -0,0 +1,17 @@
|
|||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
|
||||
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
|
||||
width="180.000000pt" height="180.000000pt" viewBox="0 0 180.000000 180.000000"
|
||||
preserveAspectRatio="xMidYMid meet">
|
||||
|
||||
<g transform="translate(0.000000,180.000000) scale(0.100000,-0.100000)"
|
||||
fill="#4169E1" stroke="none">
|
||||
<path d="M580 1422 l-315 -117 3 -214 c4 -298 25 -400 113 -548 73 -122 257
|
||||
-285 302 -267 11 4 157 326 157 347 0 3 -16 11 -35 17 -54 18 -122 92 -140
|
||||
152 -19 65 -19 93 0 149 56 165 256 222 386 110 77 -65 107 -169 74 -260 -22
|
||||
-64 -52 -99 -111 -132 -30 -17 -54 -37 -54 -45 0 -26 133 -336 147 -341 25
|
||||
-10 58 6 128 62 122 97 210 219 255 355 32 96 39 150 46 391 l6 219 -33 14
|
||||
c-48 20 -606 226 -610 226 -2 -1 -146 -54 -319 -118z"/>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 861 B |
|
@ -73,6 +73,11 @@ body {
|
|||
background-image: url(../static/img/bitbucket-icon.svg);
|
||||
}
|
||||
|
||||
.dex-btn-icon--atlassian-crowd {
|
||||
background-color: #CFDCEA;
|
||||
background-image: url(../static/img/atlassian-crowd-icon.svg);
|
||||
}
|
||||
|
||||
.dex-btn-icon--ldap {
|
||||
background-color: #84B6EF;
|
||||
background-image: url(../static/img/ldap-icon.svg);
|
||||
|
|
Reference in a new issue