Commit graph

2153 commits

Author SHA1 Message Date
Stephan Renatus
26c0206627
connector/saml: make unparsable (trailing, non-space/newline) data an error
Fixes #1304, if we want to be harsh.

However, I think if it was the user's intention to pass two certs, and
the second one couldn't be read, that shouldn't just disappear. After
all, when attempting to login later, that might fail because the
expected IdP cert data isn't there.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-29 11:09:33 +02:00
Stephan Renatus
ff70c0453f
Merge pull request #1278 from veily/master
Support used self-signed certificates LDAP.
2018-09-22 18:05:26 +02:00
veily
317f433a14
support self-signed certificates ldap
Format ldap.go

Format ldap.go: with a space for golint

with a space

Rename clientCA is to clientCert

Update ldap.go

modified the ldap client certificate file comments.

modified load ldap client cert error.

modified load ldap client cert error: fmt.Errorf("ldap: load client cert failed: %v", err)
2018-09-22 12:15:11 +08:00
Scott Reisor
2707302054 add Refresh() to mock passwordConnector 2018-09-21 11:55:14 -04:00
Eric Chiang
316acbee03
Merge pull request #1299 from fajran/update-go-jose
Update go-jose to v2.1.8
2018-09-18 15:31:32 -07:00
Fajran Iman Rusadi
a823c021c8 Update go-jose to v2.1.8 2018-09-18 23:55:14 +02:00
Eric Chiang
06241eae9f
Merge pull request #1297 from tburko/use-github-team-slug-instead-of-name
Allow using GitHub Team slug instead of name via connector config option
2018-09-14 10:26:11 -07:00
Taras Burko
bf39130bab Configurable team name field for GitHub connector 2018-09-14 01:09:48 +03:00
Eric Chiang
29bc098620
Merge pull request #1290 from srenatus/sr/release-process/update-quay-notes
release process: update quay notes
2018-09-10 08:58:38 -07:00
Stephan Renatus
1260c62a80
Merge pull request #1296 from srenatus/sr/nuke-check-go-version
scripts,Makefile: nuke check-go-version
2018-09-10 17:55:01 +02:00
Stephan Renatus
86a3346b64 scripts,Makefile: nuke check-go-version
Fixes #1291

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-10 16:34:00 +02:00
Stephan Renatus
666356d22d
Merge pull request #1266 from byxorna/gabe/fix-etcd-timeout-bug
fix timeout bug for etcd3 client connect
2018-09-10 10:36:38 +02:00
Stephan Renatus
4a6da13097
Merge pull request #1253 from vasartori/master
Fix #1252
2018-09-10 08:12:17 +02:00
Victor Sartori
1ea1d809a1 Update alpine to 3.8 2018-09-06 16:31:58 -03:00
Stephan Renatus
9cc85c447c examples/k8s: reference quay.io/dexidp
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-06 09:10:01 +02:00
Stephan Renatus
1309c1f037 dev-releases.md, Makefile: update release process
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-06 09:09:46 +02:00
Eric Chiang
bb75dcd793
Merge pull request #1283 from srenatus/sr/move-github-org/fix-imports
Finish GitHub org move
2018-09-05 09:14:06 -07:00
Stephan Renatus
9f10e5d020 revendor
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
Stephan Renatus
14b89029c9 bill-of-materials: nuke
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
Stephan Renatus
b9f6594bf0 *: github.com/coreos/dex -> github.com/dexidp/dex
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
Stephan Renatus
974617a426
Merge pull request #1285 from srenatus/sr/ldap/treat-bind-constraint-violation-as-bad-login
connectors/ldap: treat 'constraint violation' on bind as bad credentials
2018-09-05 10:18:51 +02:00
Stephan Renatus
6a2d4ab6b4 connectors/ldap: treat 'constraint violation' on bind as bad credentials
Some directory servers (I think it's Oracle) return

    Constraint Violation: Exceed password retry limit. Account locked.

when attempting to login too many times. While constraint violation can
mean many things, we're checking this as an error on BIND, so it's
more likely that something like this has happened than any other thing.

Hence, we should treat it as an "incorrect password" situation, not an
internal error.

It would of course be preferrable to surface more information about this
precise error (and similar ones), but I think this is beyond this small
change.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 10:03:17 +02:00
rithu leena john
3bbc2c0bde
Merge pull request #1280 from rithujohn191/maintainer-list
*: update the maintainers list
2018-09-04 10:36:57 -07:00
Eric Chiang
4dc3347106
Merge pull request #1279 from AnianZ/master
fix default baseURL for GitLab connector
2018-09-04 08:09:37 -07:00
Stephan Renatus
4caf82c1e9
Merge pull request #1258 from montaro/fix-odic-doc-broken-link
Fix a broken link in the oidc readme
2018-09-03 09:16:19 +02:00
Stephan Renatus
cabdcb1eb0
Merge pull request #1259 from montaro/fix-typo-in-README
fix typo in README
2018-09-03 09:15:18 +02:00
Stephan Renatus
e3e37504ca
Merge pull request #1269 from tw3rp/patch-1
[version_update] Update the version to the latest
2018-09-03 09:09:05 +02:00
rithu john
9de19cb899 *: update the maintainers list 2018-08-31 17:26:49 -07:00
Anian Z
5454a4729f fix default baseURL for gitlab connector 2018-08-28 19:05:30 +02:00
tw3rp
49bbcd343f
[version_update] Update the version to the latest
Version mentioned in this example is very old and was causing issues
2018-08-05 15:48:11 -07:00
Gabe Conradi
94bd948aac fix timeout bug for etcd3 client connect 2018-08-02 17:41:38 -04:00
Ahmed ElRefaey
b71bec2ba1
fix typo in README 2018-07-04 15:11:52 +02:00
Ahmed ElRefaey
32e9570116
Fix a breoken link in the oidc readme
Fixed a broken link to An overview of OpenID Connect
2018-07-04 14:56:29 +02:00
Victor Sartori
780a359f8e Fix #1252 2018-06-19 10:45:20 -03:00
Eric Chiang
036e5d050d
Merge pull request #1226 from joedborg/examples-cleanup
Removing whitespace
2018-05-14 16:11:00 -07:00
Eric Chiang
384db1f33e
Merge pull request #1231 from mklan/patch-1
Update using-dex.md
2018-05-14 16:10:41 -07:00
Eric Chiang
0822f1d4d3
Merge pull request #1232 from silenceshell/patch-1
fix typo
2018-05-14 16:10:19 -07:00
Eric Chiang
bf3ffb53a0
Merge pull request #1233 from kpschuck/master
Updates go to 1.10.2 to support SHA-512 for ldaps
2018-05-14 09:23:00 -07:00
Kevin Schuck
ca3d73c36d Updates go to 1.10.2 to support SHA-512 for ldaps 2018-05-10 11:23:50 -05:00
silenceshell
468b5e3f0a
fix typo
Should `pulic`  be `public`?
2018-05-10 11:55:11 +08:00
Matthias Klan
481f1276a8
Update using-dex.md
fix wrong port from example
2018-05-04 16:14:16 +02:00
Joe Borg
fc8b20ba35 Removing whitespace 2018-04-27 09:28:52 +01:00
Eric Chiang
0d3edf2456
Merge pull request #1208 from ericchiang/go10
*: update build to Go 1.10
2018-03-20 15:08:43 -07:00
Eric Chiang
264484075a
*: update build to Go 1.10 2018-03-20 14:50:33 -07:00
Eric Chiang
f2eac0e723
Merge pull request #1200 from carbin-gun/master
Update check go major version way
2018-03-07 10:38:48 -07:00
charles.deng
d92c21b9f9
Update check go major version way
the previous one just keep one prefix number as the major number, it should be the whole number after the dot.
2018-03-07 23:34:08 +08:00
Eric Chiang
218d671a96
Merge pull request #1198 from srenatus/sr/add-test-case-for-tampered-nameid-field-with-comment
saml: add tests case covering tampered NameID field (comment)
2018-03-01 15:17:32 -08:00
Stephan Renatus
608260d0f1 saml: add tests case covering tampered NameID field (comment)
As sketched here:

https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability

Thought it was interesting to see how our SAML connector behaved. And
it seems to be behaving well. :)

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-02-28 08:42:17 +01:00
Eric Chiang
39a66d1496
Merge pull request #1195 from Skn0tt/patch-1
Add missing word
2018-02-27 10:37:31 -08:00
Simon Knott
822a10cede
Add missing word 2018-02-24 11:31:51 +01:00