Commit graph

2136 commits

Author SHA1 Message Date
rithu leena john
15242a86b8 Merge pull request #967 from rithujohn191/err-msg
connector: improve error message for callback URL mismatch
2017-06-13 15:59:43 -07:00
rithu john
682d78f527 connector: improve error message for callback URL mismatch 2017-06-13 15:52:33 -07:00
rithu leena john
1d7abf8923 Merge pull request #949 from rithujohn191/add-docs
Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction.
2017-05-16 22:58:35 -07:00
rithu john
081e68a16a Documentation/ldap-connector.md: Warn about LDAP connector's bindPW restriction. 2017-05-16 14:32:15 -07:00
Eric Chiang
f4f7146f04 Merge pull request #941 from ericchiang/fix-public-client-localhost
server: fix localhost redirect validation for public clients
2017-05-15 16:23:34 -07:00
Eric Chiang
95334ad51d Documentation: add docs on public clients 2017-05-09 17:09:49 -07:00
Eric Chiang
fcb9c5a1c4 server: fix localhost redirect validation for public clients 2017-05-09 17:09:20 -07:00
rithu leena john
583bf91ab4 Merge pull request #936 from rithujohn191/fix-comment
connector/ldap: correct a comment.
2017-05-04 16:03:24 -07:00
rithu john
0dd024d669 connector/ldap: correct a comment. 2017-05-04 15:39:08 -07:00
rithu leena john
a7097c80e3 Merge pull request #933 from rithujohn191/ldap-fix
connector/ldap: check for blank passwords and return error.
2017-05-04 14:05:15 -07:00
rithu john
6e3e174100 connector/ldap: check for blank passwords and return error. 2017-05-04 13:42:23 -07:00
rithu leena john
81d24f180e Merge pull request #931 from rithujohn191/local-connector
cmd/dex/serve: add local connector directly to static connectors in storage
2017-05-01 16:57:58 -07:00
rithu john
dc4b97b851 cmd/dex/serve: add local connector directly to static connectors in storage 2017-05-01 15:53:37 -07:00
rithu leena john
951fb053a1 Merge pull request #929 from rithujohn191/api-resp-fix
server/api: return empty list of refresh tokens if user does not have any
2017-05-01 15:34:17 -07:00
rithu john
aefdd6e004 server/api: return empty list of refresh tokens if user does not have any 2017-04-28 15:35:52 -07:00
rithu leena john
9514bf9afe Merge pull request #913 from rithujohn191/dynamic-connector
server: account for dynamically changing connector object in storage.
2017-04-25 09:29:23 -07:00
rithu john
8c9c2518f5 server: account for dynamically changing connector object in storage. 2017-04-25 09:19:02 -07:00
rithu leena john
52b121a470 Merge pull request #923 from ericchiang/update-readme
README.md: reorganize README
2017-04-24 13:43:01 -07:00
Eric Chiang
c400e860fe Documentation: more diagrams 2017-04-21 14:51:46 -07:00
Eric Chiang
8a7665b5a1 README.md: reorganize README
* Highlights that dex is NOT a user-management system.
* Highlights ID Tokens as dex's primary feature.
* General cleanup.
2017-04-21 14:51:46 -07:00
rithu leena john
aae9bb6477 Merge pull request #922 from gambtho/patch-1
Update kubernetes.md
2017-04-21 13:32:34 -07:00
Tom Gamble
0edd0b2fb4 Update kubernetes.md
fixed typo
2017-04-21 15:33:42 -04:00
Eric Chiang
47f48658c2 Merge pull request #917 from ericchiang/add-using-dex-doc
Documentation: add a doc describing how to use dex
2017-04-21 11:45:58 -07:00
Eric Chiang
a4cb57ab5d Documentation: add a doc describing how to use dex 2017-04-21 11:35:34 -07:00
rithu leena john
4507e99ae3 Merge pull request #919 from ericchiang/update-maintainers
*: update maintainers
2017-04-21 11:03:29 -07:00
rithu leena john
5c56fb76df Merge pull request #909 from AirHelp/master
Dex on Kubernetes with RBAC authorization - documentation updated
2017-04-21 11:03:16 -07:00
Eric Chiang
49e05b95c0 *: update maintainers 2017-04-21 09:39:31 -07:00
Eric Chiang
2b8caf9b39 Merge pull request #906 from ericchiang/fix-saml-test
connector/saml/testdata: fix bad status test case
2017-04-19 15:39:11 -07:00
Eric Chiang
2edfec5d45 Merge pull request #916 from ericchiang/readme-security-diclosure
README: add section about reporting security vulnerabilities
2017-04-19 15:16:23 -07:00
Eric Chiang
a12d2f85a8 README: add section about reporting security vulnerabilities
It was pointed out by @davidillsley that we don't point this out
anywhere in our docs.
2017-04-19 13:42:03 -07:00
rithu leena john
521dbff7cf Merge pull request #912 from zhuguihua/fix_typo
Fix two typos
2017-04-18 15:32:46 -07:00
zhuguihua
4e99ec3eeb Fix two typos
Signed-off-by: zhuguihua <zhuguihua@cmss.chinamobile.com>

Change storace to storage in cmd/dex/config.go,
change userSearch to groupSearch in connector/ldap/ldap.go
2017-04-14 03:30:12 +00:00
Eric Chiang
5859fe1091 Merge pull request #910 from ericchiang/update-grpc
*: update grpc and correct protobuf generation
2017-04-13 13:18:55 -07:00
Eric Chiang
ba1660ae1f *: revendor and regenerate protobuf files 2017-04-13 11:35:41 -07:00
Eric Chiang
ef376b9c69 *: update grpc and correct protobuf generation
Turns out that manually setting PATH in the Makefile doesn't work
so we've been using the protobuf plugins installed on the host. Fix
this by specifying plugins by path.
2017-04-13 11:32:19 -07:00
Filip Haftek
2e10e5a9b1 Merge pull request #1 from AirHelp/dex_on_k8s_rbac_doc
Updated documentation for dex on k8s when RBAC authorization is used
2017-04-13 15:41:06 +02:00
Filip
57aa32562b Updated documentation for dex on k8s when RBAC authorization is used 2017-04-13 15:14:21 +02:00
Eric Chiang
e609de5018 Merge pull request #908 from ericchiang/start-tls
connector/ldap: support the StartTLS flow for secure connections
2017-04-12 17:03:55 -07:00
Eric Chiang
74f5eaf47e connector/ldap: support the StartTLS flow for secure connections
When connecting to an LDAP server, there are three ways to connect:

1. Insecurely through port 389 (LDAP).
2. Securely through port 696 (LDAPS).
3. Insecurely through port 389 then negotiate TLS (StartTLS).

This PR adds support for the 3rd flow, letting dex connect to the
standard LDAP port then negotiating TLS through the LDAP protocol
itself.

See a writeup here:

http://www.openldap.org/faq/data/cache/185.html
2017-04-12 15:25:42 -07:00
Eric Chiang
00b5c99ffc connector/saml/testdata: fix bad status test case
Notice this when inspecting the code coverage results. For some
reason this test wasn't triggering the bad status code path, maybe
due to signature validation. Removing the comment fixed the code
coverage.
2017-04-11 17:20:29 -07:00
rithu leena john
9b0af83604 Merge pull request #905 from rithujohn191/error-msg
server/rotation.go: avoid displaying the "keys already rotated" error
2017-04-11 14:17:22 -07:00
Eric Chiang
3d7b1477e7 Merge pull request #903 from ericchiang/ldap-groups-on-user
connector/ldap: fix case where groups are listed on the user entity
2017-04-11 14:06:42 -07:00
rithu john
dd1e901dd9 server/rotation.go: avoid displaying the "keys already rotated" error 2017-04-11 10:48:08 -07:00
Eric Chiang
c3cafc8f39 Merge pull request #902 from ericchiang/saml-stable
*: promote SAML to stable
2017-04-11 10:13:22 -07:00
Eric Chiang
5f377f07d4 *: promote SAML to stable
This means we no longer refer to it as "experimental" and wont make
breaking changes.
2017-04-11 10:09:48 -07:00
rithu leena john
d4274eb0ff Merge pull request #901 from rithujohn191/github-api
connector/github: add support for github enterprise.
2017-04-11 10:09:23 -07:00
rithu leena john
43ad9cc37c Merge pull request #904 from ericchiang/add-gitlab-to-readme
*: add GitLab connector to README
2017-04-11 10:06:28 -07:00
rithu john
76b9eb1db9 connector/github: add support for github enterprise. 2017-04-11 10:04:59 -07:00
Eric Chiang
cf089025ae *: add GitLab connector to README 2017-04-11 10:04:48 -07:00
Eric Chiang
97813ff4fc connector/ldap: fix case where groups are listed on the user entity
Support schemas that determine membership by having fields on the
user entity, instead of listing users on a groups entity. E.g. the
following schema is now supported when it wasn't previously:

    cn=eric,cn=user,dn=exapmle,dn=com
    objectClass=myPerson
    cn: eric
    uid: eric
    email: eric@example.com
    memberOf: foo
    memberOf: bar

    cn=foo,cn=group,dn=exapmle,dn=com
    objectClass=myGroup
    cn: foo

    cn=bar,cn=group,dn=exapmle,dn=com
    objectClass=myGroup
    cn: bar
2017-04-11 09:48:48 -07:00