9b0af83604
Merge pull request #905 from rithujohn191/error-msg
...
server/rotation.go: avoid displaying the "keys already rotated" error
2017-04-11 14:17:22 -07:00
3d7b1477e7
Merge pull request #903 from ericchiang/ldap-groups-on-user
...
connector/ldap: fix case where groups are listed on the user entity
2017-04-11 14:06:42 -07:00
dd1e901dd9
server/rotation.go: avoid displaying the "keys already rotated" error
2017-04-11 10:48:08 -07:00
c3cafc8f39
Merge pull request #902 from ericchiang/saml-stable
...
*: promote SAML to stable
2017-04-11 10:13:22 -07:00
5f377f07d4
*: promote SAML to stable
...
This means we no longer refer to it as "experimental" and wont make
breaking changes.
2017-04-11 10:09:48 -07:00
d4274eb0ff
Merge pull request #901 from rithujohn191/github-api
...
connector/github: add support for github enterprise.
2017-04-11 10:09:23 -07:00
43ad9cc37c
Merge pull request #904 from ericchiang/add-gitlab-to-readme
...
*: add GitLab connector to README
2017-04-11 10:06:28 -07:00
76b9eb1db9
connector/github: add support for github enterprise.
2017-04-11 10:04:59 -07:00
cf089025ae
*: add GitLab connector to README
2017-04-11 10:04:48 -07:00
97813ff4fc
connector/ldap: fix case where groups are listed on the user entity
...
Support schemas that determine membership by having fields on the
user entity, instead of listing users on a groups entity. E.g. the
following schema is now supported when it wasn't previously:
cn=eric,cn=user,dn=exapmle,dn=com
objectClass=myPerson
cn: eric
uid: eric
email: eric@example.com
memberOf: foo
memberOf: bar
cn=foo,cn=group,dn=exapmle,dn=com
objectClass=myGroup
cn: foo
cn=bar,cn=group,dn=exapmle,dn=com
objectClass=myGroup
cn: bar
2017-04-11 09:48:48 -07:00
7395f05e95
Merge pull request #900 from ericchiang/ldap-tests
...
connector/ldap: add LDAP integration tests
2017-04-10 16:48:40 -07:00
b8ba59d7f6
*: run LDAP tests in travis
2017-04-10 15:33:07 -07:00
0ac11d93e6
connector/ldap/testdata: add LDAP schema files
2017-04-10 15:33:07 -07:00
4a93b55c8b
connector/ldap: add LDAP integration tests
2017-04-10 15:33:07 -07:00
943253fece
Merge pull request #898 from ericchiang/saml-cleanup
...
connector/saml: clean up SAML verification logic and comments
2017-04-07 14:22:22 -07:00
362e0798a4
connector/saml: clean up SAML verification logic and comments
2017-04-07 14:13:05 -07:00
258ec4ff4b
Merge pull request #897 from Calpicow/issuer_typo
...
Fix entityIssuer -> ssoIssuer typo
2017-04-06 14:57:33 -07:00
bd754e2b2d
Fix entityIssuer -> ssoIssuer typo
2017-04-06 14:50:44 -07:00
53acaa9e7c
Merge pull request #896 from Calpicow/audience_validate_fix
...
Validate audience with entityIssuer if present, use redirectURI otherwise
2017-04-06 14:47:05 -07:00
47897f73fa
Validate audience with entityIssuer if present, use redirectURI otherwise
2017-04-06 14:40:56 -07:00
40f0265ab4
Merge pull request #885 from Calpicow/saml_issuer_fix
...
Add ssoIssuer to fix Response issuer checking
2017-04-06 11:19:47 -07:00
8c0eb67ecd
Update documentation
2017-04-06 11:06:30 -07:00
217b5ca2c7
Add ssoIssuer to fix Response issuer checking
...
Rename issuer to entityIssuer
2017-04-06 11:05:49 -07:00
207d20777b
Merge pull request #893 from ericchiang/fix-saml-validation
...
connector/saml: fix validation bug with multiple Assertion elements
2017-04-04 11:18:12 -07:00
a97cffcd52
connector/saml: refactor tests and add self-signed responses
...
Introduces SAML tests which execute full response processing and
compare user attributes. tesdata now includes a full, self-signed
CA and documents signed using xmlsec1.
Adds deprication notices to existing tests, but don't remove them
since they still provide coverage.
2017-04-04 11:11:35 -07:00
e0709dc2ac
connector/saml: fix validation bug with multiple Assertion elements
...
When a SAML response provided multiple Assertion elements, only the
first one is checked for a valid signature. If the Assertion is
verified, the original Assertion is removed and the canonicalized
version is prepended to the Response. However, if there were
multiple assertions, the second assertion could end up first in the
list of Assertions, even if it was unsigned.
For example this:
<Response>
<!--
Response unsigned. According to SAML spec must check
assertion signature.
-->
<Assertion>
<Signature>
<!-- Correrctly signed assertion -->
</Signature>
</Assertion>
<Assertion>
<!-- Unsigned assertion inserted by attacker-->
</Assertion>
</Response>
could be verified then re-ordered to the following:
<Response>
<!--
Response unsigned. According to SAML spec must check
assertion signature.
-->
<Assertion>
<!-- Unsigned assertion inserted by attacker-->
</Assertion>
<Assertion>
<!-- Canonicalized, correrctly signed assertion -->
</Assertion>
</Response>
Fix this by removing all unverified child elements of the Response,
not just the original assertion.
2017-04-04 11:11:35 -07:00
a7d443ea2b
Merge pull request #891 from squat/garbage_log_info
...
server/server.go: make successful garbage collection log at info level
2017-04-04 10:14:43 -07:00
f3d9bd5008
server/server.go: make successful garbage collection log at info level
2017-04-04 09:47:53 -07:00
f4865a354c
Merge pull request #886 from rithujohn191/error-msg-update
...
storage/static.go: correct the error message that gets displayed.
2017-03-29 11:54:00 -07:00
5abb4b3df6
storage/static.go: correct the error message that gets displayed.
2017-03-29 11:32:02 -07:00
5eb8210eb4
Merge pull request #883 from ericchiang/scopes-docs
...
Documentation: document dex scopes, claims, and client features
2017-03-28 21:26:01 -07:00
8902ddc061
Merge pull request #881 from ericchiang/api-test-use-client
...
server: use client connected to remove server for gRPC tests
2017-03-28 21:25:55 -07:00
5e34f0d1a6
Documentation: document dex scopes, claims, and client features
2017-03-28 16:53:06 -07:00
f734b140cd
server: use client connected to remove server for gRPC tests
2017-03-28 16:41:39 -07:00
42c1eed231
Merge pull request #880 from rithujohn191/connector-object
...
storage: add connector object to backend storage.
2017-03-28 14:31:08 -07:00
bc55b86d0d
storage: add connector object to backend storage.
2017-03-28 14:12:38 -07:00
6e50c18458
Merge pull request #875 from ericchiang/fix-example-app-custom-ca
...
cmd/example-app: fix custom CA behavior
2017-03-24 13:21:20 -07:00
9b0e9ab2ca
cmd/example-app: fix custom CA behavior
2017-03-24 11:53:28 -07:00
2a6ae0a6ea
Merge pull request #870 from Calpicow/fix_assertion_fallback
...
Fix assertion fallback
2017-03-24 11:34:30 -07:00
6f9ef961bb
Use etreeutils.NSSelectOne to select Assertion element
2017-03-24 11:20:53 -07:00
4b457d8c82
vendor: revendor
2017-03-24 11:03:30 -07:00
b5f70dac36
glide.yaml: update goxmldsig
2017-03-24 11:02:55 -07:00
5d49e18478
Merge pull request #873 from rithujohn191/client-example
...
examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.
2017-03-23 17:24:11 -07:00
562eae3fc7
examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.
2017-03-23 16:57:23 -07:00
6146e23396
Merge pull request #872 from rithujohn191/offline-access-error
...
connector: Connectors without a RefreshConnector should not error out
2017-03-23 16:11:45 -07:00
59502850f0
connector: Connectors without a RefreshConnector should not return a refresh token instead of erroring
2017-03-23 14:56:34 -07:00
b112aa2ecd
Merge pull request #869 from ericchiang/saml-response-to
...
*: validate InResponseTo SAML response field and make issuer optional
2017-03-22 13:04:41 -07:00
50b223a9db
*: validate InResponseTo SAML response field and make issuer optional
2017-03-22 13:02:44 -07:00
8b2956ddbc
Merge pull request #867 from ericchiang/xml-validation
...
glide.yaml: update goxmldsig
2017-03-21 10:27:04 -07:00
910d59865b
vendor: revendor
2017-03-21 09:27:22 -07:00
rithu leena john
Eric Chiang
Eric Chiang
Phu Kieu
Lucas Servén