mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity
558 commits 27 branches 73 tags 23 MiB
Commit graph

77 commits

Author SHA1 Message Date
rithu john 6f9127b4ae Documentation: add a group query example for the ldap connector. 2017-07-13 12:41:40 -07:00
rithu leena john a5d218fd08 Merge pull request #974 from roguePanda/google-hosted-domain 
Google hosted domain support
 2017-07-07 10:26:28 -07:00
rithu leena john 92a988e4cc Merge pull request #977 from Zakjholt/patch-1 
Update using-dex.md
 2017-06-22 17:36:34 -07:00
Zak Holt 43f0e8530b Update using-dex.md 2017-06-22 10:53:57 -04:00
Zak Holt 41a20dbb2a Update using-dex.md 2017-06-22 09:13:12 -04:00
Ben Navetta cbb007663f add documentation and tests 2017-06-21 22:56:02 -07:00
rithu john d6c1b0f42b Documentation/github-connector: warn user that GitHub email id should be public. 2017-06-20 09:53:27 -07:00
rithu john 081e68a16a Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction. 2017-05-16 14:32:15 -07:00
Eric Chiang 95334ad51d Documentation: add docs on public clients 2017-05-09 17:09:49 -07:00
Eric Chiang c400e860fe Documentation: more diagrams 2017-04-21 14:51:46 -07:00
Tom Gamble 0edd0b2fb4 Update kubernetes.md 
fixed typo
 2017-04-21 15:33:42 -04:00
Eric Chiang 47f48658c2 Merge pull request #917 from ericchiang/add-using-dex-doc 
Documentation: add a doc describing how to use dex
 2017-04-21 11:45:58 -07:00
Eric Chiang a4cb57ab5d Documentation: add a doc describing how to use dex 2017-04-21 11:35:34 -07:00
Filip 57aa32562b Updated documentation for dex on k8s when RBAC authorization is used 2017-04-13 15:14:21 +02:00
Eric Chiang 74f5eaf47e connector/ldap: support the StartTLS flow for secure connections 
When connecting to an LDAP server, there are three ways to connect:

1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).

This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.

See a writeup here:

http://www.openldap.org/faq/data/cache/185.html
 2017-04-12 15:25:42 -07:00
Eric Chiang c3cafc8f39 Merge pull request #902 from ericchiang/saml-stable 
*: promote SAML to stable
 2017-04-11 10:13:22 -07:00
Eric Chiang 5f377f07d4 *: promote SAML to stable 
This means we no longer refer to it as "experimental" and wont make
breaking changes.
 2017-04-11 10:09:48 -07:00
rithu john 76b9eb1db9 connector/github: add support for github enterprise. 2017-04-11 10:04:59 -07:00
Phu Kieu 47897f73fa Validate audience with entityIssuer if present, use redirectURI otherwise 2017-04-06 14:40:56 -07:00
Phu Kieu 8c0eb67ecd Update documentation 2017-04-06 11:06:30 -07:00
Eric Chiang 5e34f0d1a6 Documentation: document dex scopes, claims, and client features 2017-03-28 16:53:06 -07:00
Eric Chiang 50b223a9db *: validate InResponseTo SAML response field and make issuer optional 2017-03-22 13:02:44 -07:00
Eric Chiang f503ff7950 *: add documentation for the OpenID Connect provider 2017-03-20 08:47:02 -07:00
Derek McQuay 9b052f37c9
clearified redirect-uri and make cmd location 2017-03-09 22:36:37 -08:00
Derek McQuay a6ab82d6c0
update kubernetes example-app explanation 
Clarify some potentially confusing issues with how to run and build the
example-app binary.
 2017-03-09 17:17:07 -08:00
Eric Chiang ee27a4f9f4 *: only use docker when releasing, update to Go 1.8, remove aci scripts 
This change modifies our release process to only require Docker
when building a release and updates our released binary to use Go
1.8. It also removes our .aci scripts, which we've not been
regularly building.

A nice consequence is that OSX users can now build a release image.
 2017-03-09 10:46:09 -08:00
Paul Burt a660e7cd7a Added produciton-users and integrations pages 2017-03-03 13:49:22 -05:00
rithu john fa2f76bcdb examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
Jeff Schroeder 58d80547ef [storage.md] Fix the ThirdPartyResource syntax 
This makes manually creating the `o-auth2-client.oidc.coreos.com` actually work.
 2017-02-24 15:35:29 -06:00
Carlos Alexandro Becker f57e19e6ab simplified clone: using go get 2017-02-22 09:33:01 -03:00
Eric Chiang adf3703962 Documentation: warn admins not to edit dex ThirdPartyResources manually 2017-02-06 10:35:27 -08:00
rithu john fecd596ae2 Documentation: Minor changes to SAML connector doc. 2017-02-01 11:28:46 -08:00
rithu leena john 27224cdc98 Merge pull request #788 from givia/gitlab-connector 
connector: add GitLab connecor
 2017-02-01 09:39:37 -08:00
Ali Javadi e623ad4d35 connector: add GitLab connector 2017-01-28 01:36:02 +03:30
rithu john d114b8ffc7 Documentation/proposals: Add a proposal for refresh token revocation. 2017-01-27 09:37:01 -08:00
rithu john 31e8009441 cmd/dex: make connector name field mandatory in dex configuration. 2017-01-23 15:14:41 -08:00
Eric Chiang 613d160ad9 Merge pull request #782 from marians/patch-1 
Docs: Added a name to the LDAP connector
 2017-01-23 09:07:24 -08:00
Marian Steinbach 38a2e41e0a Added a name to the connector 
Without a name, the example app's login form will only show `Log in with` as a button label.
 2017-01-23 10:46:29 +01:00
Andrew Johnstone b10c0a1c87 Update kubernetes.md 2017-01-23 06:28:21 +00:00
rithu john 265cfacd17 Documentation: add docs on patch release process. 2017-01-17 11:49:09 -08:00
y2kenny 4d4cb99459 Removed extra o typo 2017-01-11 15:47:55 -05:00
Eric Chiang 0f4a1f69c5 *: wire up SAML POST binding 2017-01-09 18:30:58 -08:00
Eric Chiang d87a4c35b9 *: add 'make revendor' and tests to catch incorrect glide usage 
Introducing glide-vc caused us to unknowingly removed our Go
protobuf compiler (since it's a main). Add flags to glide-vc usage
to remedy this.

Since we now require several glide and glide-vc flags, add a Makfile
target and tests to catch when PRs don't use the correct flags.
 2016-12-22 11:52:24 -08:00
Eric Chiang 566bb2d1af Documentation: add notes on patch release branches 2016-12-12 15:29:00 -08:00
Eric Chiang 6dbe6e8ab5 Documentation: add examples of mapping LDAP schema to a search 2016-12-09 09:42:28 -08:00
Eric Chiang e2aa095680 Documentation: add document on managing dependencies 2016-12-07 13:23:19 -08:00
Eric Chiang e267dbd236 Merge pull request #708 from ericchiang/ldap-security-docs 
Documentation: clarify difference between LDAP ports and security guarentees
 2016-11-28 17:07:24 -08:00
Ev 5144ef643b Updated openid-connect.md: small typo 
Protocol is written protocl.
 2016-11-24 14:01:47 -05:00
Eric Chiang 8b8c076ecf Documentation: clarify difference between LDAP ports and security guarantees 
Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.

However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.

We probably want an overaching security doc at some point, but that
can be another PR.
 2016-11-23 12:26:44 -08:00
Eric Chiang 6980920a3a *: document the GitHub connector 2016-11-22 12:53:46 -08:00