Eric Chiang
2cfcdfb80f
storage/kubernetes: fix hash initialization bug
2017-02-24 15:16:02 -08:00
Eric Chiang
f8aec4c1c5
Merge pull request #816 from ericchiang/cherry-pick-k8s-storage-fix
...
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:42:42 -08:00
Eric Chiang
7968f283f2
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:34:49 -08:00
Eric Chiang
af0d9cebd1
Merge pull request #810 from caarlos0/patch-1
...
simplified clone: using go get
2017-02-22 08:38:13 -08:00
Carlos Alexandro Becker
f57e19e6ab
simplified clone: using go get
2017-02-22 09:33:01 -03:00
rithu leena john
c76832eaea
Merge pull request #809 from rithujohn191/set-error-flag
...
storage: Surface "already exists" errors.
2017-02-21 16:09:48 -08:00
rithu john
3df1db1864
storage: Surface "already exists" errors.
2017-02-21 15:00:22 -08:00
rithu leena john
90c80e700a
Merge pull request #807 from rithujohn191/fix-typo
...
web/static/main.css: fix typo.
2017-02-21 13:30:07 -08:00
rithu john
0ee40865a2
web/static/main.css: fix typo.
2017-02-20 08:48:36 -08:00
rithu leena john
7e9dc836eb
Merge pull request #802 from rithujohn191/token-revocation
...
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 08:43:58 -08:00
rithu john
1ec19d4fbf
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 07:48:20 -08:00
rithu leena john
b119ffddcb
Merge pull request #801 from rithujohn191/token-revocation
...
api: adding a gRPC call for listing refresh tokens.
2017-02-13 18:36:56 -08:00
rithu john
d201e49248
api: adding a gRPC call for listing refresh tokens.
2017-02-13 16:12:16 -08:00
rithu leena john
53e383670a
Merge pull request #793 from rithujohn191/token-revocation
...
storage: Add OfflineSession object to backend storage.
2017-02-09 19:46:00 -08:00
rithu john
d928ac0677
storage: Add OfflineSession object to backend storage.
2017-02-09 19:01:28 -08:00
rithu leena john
49f446c1a7
Merge pull request #800 from ericchiang/server-test-comments
...
server: clean up test comments and code flow
2017-02-07 10:37:32 -08:00
Eric Chiang
80038847de
server: clean up test comments and code flow
2017-02-07 10:31:51 -08:00
Eric Chiang
dd415f5e2f
Merge pull request #799 from ericchiang/thirdpartyresources
...
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 15:04:40 -08:00
rithu leena john
167d7be281
Merge pull request #790 from givia/github-teams-pagination
...
Fixes #706
2017-02-06 11:13:03 -08:00
Eric Chiang
adf3703962
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 10:35:27 -08:00
Eric Chiang
7f860e09b5
Merge pull request #796 from ericchiang/html-template
...
{web,server}: use html/template and reduce use of auth request ID
2017-02-02 17:33:06 -08:00
Eric Chiang
72a431dd4b
{web,server}: use html/template and reduce use of auth request ID
...
Switch from using "text/template" to "html/template", which provides
basic XSS preventions. We haven't identified any particular place
where unsanitized user data is rendered to the frontend. This is
just a preventative step.
At the same time, make more templates take pure URL instead of
forming an URL themselves using an "authReqID" argument. This will
help us stop using the auth req ID in certain places, preventing
garbage collection from killing login flows that wait too long at
the login screen.
Also increase the login session window (time between initial
redirect and the user logging in) from 30 minutes to 24 hours,
and display a more helpful error message when the session expires.
How to test:
1. Spin up dex and example with examples/config-dev.yaml.
2. Login through both the password prompt and the direct redirect.
3. Edit examples/config-dev.yaml removing the "connectors" section.
4. Ensure you can still login with a password.
(email/password is "admin@example.com" and "password")
2017-02-02 11:11:00 -08:00
rithu leena john
12f969364e
Merge pull request #794 from rithujohn191/saml-doc
...
Documentation: Minor changes to SAML connector doc.
2017-02-02 09:49:00 -08:00
rithu john
fecd596ae2
Documentation: Minor changes to SAML connector doc.
2017-02-01 11:28:46 -08:00
rithu leena john
42d0728048
Merge pull request #785 from holgerkoser/master
...
Improve SAML Signature and Response Validation
2017-02-01 11:14:13 -08:00
rithu leena john
27224cdc98
Merge pull request #788 from givia/gitlab-connector
...
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
Ali Javadi
e623ad4d35
connector: add GitLab connector
2017-01-28 01:36:02 +03:30
Eric Chiang
0dcf1bcf79
Merge pull request #792 from ericchiang/auth-endpoint-post
...
server: support POSTing to authorization endpoint
2017-01-27 13:36:02 -08:00
Eric Chiang
8541184afb
server: support POSTing to authorization endpoint
...
Fixes #791
2017-01-27 11:42:46 -08:00
rithu leena john
36883d0bbf
Merge pull request #789 from rithujohn191/token-revocation-proposal
...
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:39:13 -08:00
rithu john
d114b8ffc7
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:37:01 -08:00
Ali Javadi
98bfa4fbb1
Fixes #706
2017-01-27 05:12:58 +03:30
Holger Koser
27a1e9f1bd
vendor: revendor
2017-01-26 19:06:54 +01:00
Holger Koser
e46f2ebe40
Improve SAML Signature and Response Validation
...
* Improve Order of Namespace Declarations and Attributes in Canonical XML. This is related to an issue in goxmldsig for which I created an [pull request](https://github.com/russellhaering/goxmldsig/pull/17 ).
* Do not compress the AuthnRequest if `HTTP-POST` binding is used.
* SAML Response is valid if the Message and/or the Assertion is signed.
* Add `AssertionConsumerServiceURL` to `AuthnRequest`
* Validate Status on the Response
* Validate Conditions on the Assertion
* Validation SubjectConfirmation on the Subject
2017-01-26 19:05:40 +01:00
rithu leena john
48fcf66a35
Merge pull request #783 from rithujohn191/config-validation
...
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 17:03:50 -08:00
rithu john
31e8009441
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 15:14:41 -08:00
Eric Chiang
613d160ad9
Merge pull request #782 from marians/patch-1
...
Docs: Added a name to the LDAP connector
2017-01-23 09:07:24 -08:00
Eric Chiang
d3f4ae2ab7
Merge pull request #781 from ajohnstone/patch-1
...
Update kubernetes.md - correct typo
2017-01-23 08:52:37 -08:00
Marian Steinbach
38a2e41e0a
Added a name to the connector
...
Without a name, the example app's login form will only show `Log in with` as a button label.
2017-01-23 10:46:29 +01:00
Andrew Johnstone
b10c0a1c87
Update kubernetes.md
2017-01-23 06:28:21 +00:00
rithu leena john
a3ef8d26bc
Merge pull request #777 from rithujohn191/update-release-doc
...
Documentation: add docs on patch release process.
2017-01-17 14:50:37 -08:00
rithu john
265cfacd17
Documentation: add docs on patch release process.
2017-01-17 11:49:09 -08:00
rithu leena john
fe93f60af4
Merge pull request #775 from xeonx/master
...
Allow CORS on keys and token endpoints
2017-01-17 10:48:06 -08:00
Simon HEGE
415a68f977
Allow CORS on keys and token endpoints
2017-01-14 21:15:51 +01:00
Eric Chiang
ca7d2b8f9e
Merge pull request #772 from ericchiang/at_hash-support
...
server: add at_hash claim support
2017-01-13 10:15:21 -08:00
Eric Chiang
1eda382789
server: add at_hash claim support
...
The "at_hash" claim, which provides hash verification for the
"access_token," is a required claim for implicit and hybrid flow
requests. Previously we did not include it (against spec). This
PR implements the "at_hash" logic and adds the claim to all
responses.
As a cleanup, it also moves some JOSE signing logic out of the
storage package and into the server package.
For details see:
https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
2017-01-13 10:05:24 -08:00
Eric Chiang
79c21f9b0c
Merge pull request #773 from y2kenny/patch-1
...
Removed extra o typo
2017-01-11 13:10:57 -08:00
y2kenny
4d4cb99459
Removed extra o typo
2017-01-11 15:47:55 -05:00
Eric Chiang
3c247db00a
Merge pull request #757 from ericchiang/constant-refresh-tokens
...
*: update refresh tokens instead of deleting and creating another
2017-01-11 12:09:39 -08:00
Eric Chiang
ed20fee2b9
cmd/example-app: fix refreshing
2017-01-11 12:07:48 -08:00