mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity
1045 commits 27 branches 73 tags 23 MiB
Commit graph

150 commits

Author SHA1 Message Date
Nándor István Krácser 6d41541964
Merge pull request #1544 from kenperkins/saml-groups 
Adding support for allowed groups in SAML Connector
 2019-10-30 13:28:34 +01:00
Nándor István Krácser f2590ee07d
Merge pull request #1545 from jacksontj/getUserInfo 
Run getUserInfo prior to claim enforcement
 2019-10-30 13:26:18 +01:00
Nandor Kracser c1b421fa04 add preffered_username to idToken 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-10-30 13:06:37 +01:00
Thomas Jackson 512cb3169e Run getUserInfo prior to claim enforcement 
If you have an oidc connector configured *and* that IDP provides thin
tokens (e.g. okta) then the majority of the requested claims come in the
getUserInfo call (such as email_verified). So if getUserInfo is
configured it should be run before claims are validated.
 2019-09-13 11:10:44 -07:00
Ken Perkins 285c1f162e connector/saml: Adding group filtering 
- 4 new tests
- Doc changes to use the group filtering
 2019-09-10 10:53:19 -07:00
wassan128 42e8619830 Fix typo 2019-09-06 09:55:09 +09:00
Nandor Kracser ef08ad8317 gitlab: add groups scope by default when filtering is requested 2019-08-14 13:33:46 +02:00
Stephan Renatus d9487e553b
*: fix some lint issues 
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 11:29:08 +02:00
Nandor Kracser ff34e570b4 connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-28 19:49:49 +02:00
Maxime Desrosiers 458585008b
microsoft: option for group UUIDs instead of name and group whitelist 2019-07-25 09:14:33 -04:00
Stephan Renatus 51f50fcad8
connectors: refactor filter code into a helper package 
I hope I didn't miss any :D

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-03 13:09:40 +02:00
Stephan Renatus d6fad19d95
Merge pull request #1459 from flarno11/master 
make userName configurable
 2019-06-04 09:47:19 +02:00
tan 8613c78863 update LinkedIn connector to use v2 APIs 
This updates LinkedIn connector to use the more recent v2 APIs. Necessary because v1 APIs are not able to retrieve email ids any more with the default permissions.

The API URLs are now different. Fetching the email address is now a separate call, made after fetching the profile details. The `r_basicprofile` permission is not needed any more, and `r_liteprofile` (which seems to be the one assigned by default) is sufficient.

The relevant API specifications are at:
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
- https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api
- https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq#how-do-i-retrieve-the-members-email-address
 2019-06-03 22:59:37 +05:30
flarno11 8c1716d356 make userName configurable 2019-06-03 14:09:07 +02:00
Stephan Renatus 4e8cbf0f61
connectors/oidc: truely ignore "email_verified" claim if configured that way 
Fixes #1455, I hope.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-05-28 16:15:06 +02:00
cappyzawa 9650836851 make userID configurable 2019-05-24 19:52:33 +09:00
Thomas Jackson 52d09a2dfa Add option in oidc to hit the optional userinfo endpoint 
Some oauth providers return "thin tokens" which won't include all of the
claims requested. This simply adds an option which will make the oidc
connector use the userinfo endpoint to fetch all the claims.
 2019-05-23 09:20:48 -07:00
Eric Chiang 35f51957c0
Merge pull request #1430 from mkontani/fix/typo 
fix typo
 2019-05-12 10:39:18 -07:00
Nandor Kracser 7b416b5a8e gitlab: add tests 2019-05-02 08:06:56 +02:00
Nandor Kracser a08a5811d4 gitlab: support for group whitelist 2019-04-25 12:50:29 +02:00
mkontani 6ae76662de
fix ssoURL 2019-04-20 21:12:01 +09:00
Gerald Barker fc723af0fe Add option to OIDC connecter to override email_verified to true 2019-03-05 21:24:02 +00:00
Mark Sagi-Kazar 06521ffa49
Remove the logrus logger wrapper 2019-02-22 21:31:46 +01:00
Mark Sagi-Kazar be581fa7ff
Add logger interface and stop relying on Logrus directly 2019-02-22 13:38:57 +01:00
Stephan Renatus 7bd4071b4c
Merge pull request #1396 from jtnord/useLoginId-dexidp 
Use github login as the id
 2019-02-05 13:54:49 +01:00
James Nord fe247b106b remove blank line that tripped up make verify-proto 2019-02-04 14:06:06 +00:00
James Nord 9840fccdbb rename useLoginAsId -> useLoginAsID 2019-02-04 14:05:57 +00:00
Stephan Renatus df18cb0c22
ldap_test: add filter tests 
The filters for user and group searches hadn't been included in our LDAP
tests. Now they are.

The concrete test cases are somewhat contrived, but that shouldn't
matter too much. Also note that the example queries I've used are not
supported in AD: https://stackoverflow.com/a/10043452

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-02-03 11:06:11 +01:00
James Nord 5822a5ce9e fix formatting of connector/github/github_test.go 2019-02-01 11:47:45 +00:00
James Nord 03ffd0798c Allow an option to use the github user handle rather than an id. 
For downstream apps using a github handle is much simpler than working
with numbers.

WHilst the number is stable and the handle is not - GitHUb does give you
a big scary wanring if you try and change it that bad things may happen
to you, and generally few users ever change it.

This can be enabled with a configuration option `useLoginAsId`
 2019-02-01 11:37:40 +00:00
Krzysztof Balka e8ba848907 keystone: fetching groups only if requested, refactoring. 2019-01-11 15:14:59 +01:00
joannano 88d1e2b041 keystone: test cases, refactoring and cleanup 2019-01-11 15:14:56 +01:00
Krzysztof Balka a965365a2b keystone: refresh token and groups 2019-01-11 15:14:11 +01:00
knangia 0774a89066 keystone: squashed changes from knangia/dex 2019-01-11 15:12:59 +01:00
Daniel Kessler ee54a50956 LDAP connector - add emailSuffix config option 2019-01-08 19:01:42 -08:00
Josh Winters bb11a1ebee github: add 'both' team name field option 
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
 2018-11-20 10:12:44 -05:00
Stephan Renatus 7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups 
Add config to explicitly enable loading all github groups

Follow-up for #1102.
 2018-11-20 15:15:25 +01:00
Stephan Renatus 84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups 
Gitlab connector should not require the api scope.

Fixes #1347.
 2018-11-20 14:49:11 +01:00
gypsydiver f21e6a0f00 gypsydiver/1347-pr-gitlab-groups 2018-11-20 11:18:50 +01:00
Stephan Renatus 4738070951
Merge pull request #1338 from srenatus/sr/update-go-ldap 
update go-ldap, improve errors
 2018-11-20 08:02:13 +01:00
Alexander Matyushentsev 7bd084bc07 Issue #1102 - Add config to explicitly enable loading all github groups 2018-11-19 10:14:38 -08:00
Alexander Matyushentsev 20bc6cd353 Full list of groups should include group names as well as group_name:team_name 2018-11-15 14:12:50 -08:00
Alexander Matyushentsev ce3cd53a11 Bug fix: take into account 'teamNameField' settings while fetching all user groups 2018-11-15 09:23:57 -08:00
Alexander Matyushentsev e876353128 Rename variables to stop shadowing package name 2018-11-15 09:00:37 -08:00
Alexander Matyushentsev a9f71e378f Update getPagination method comment 2018-11-15 08:57:31 -08:00
Alexander Matyushentsev e10b8232d1 Apply reviewer notes: style changes, make sure unit test verifies pagination 2018-11-15 08:12:28 -08:00
Alexander Matyushentsev 51d9b3d3ca Issue #1184 - Github connector now returns a full group list when no org is specified 2018-11-14 15:31:31 -08:00
Stephan Renatus c14b2fd5a5
connector/ldap: slightly improve error output 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-11-13 09:40:40 +01:00
Stephan Renatus 65b0c91992
Merge pull request #1245 from scotthew1/mock-connector-refresh 
add Refresh() to mock passwordConnector
 2018-10-25 16:38:08 +02:00
Ed Tan 50afa921b5 Remove unused DisplayName 2018-10-06 12:13:55 -04:00