No description
This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
bobbyrullo 7f49efd873 Merge pull request #109 from bobbyrullo/yes_we_DO_have_TLS
Documentation: remove outdated TLS info
2015-09-03 09:57:43 -07:00
admin *: move original project to dex 2015-08-18 11:26:57 -07:00
client *: move original project to dex 2015-08-18 11:26:57 -07:00
cmd cmd,server,static/html: Configurable name, logo 2015-09-02 18:00:28 -07:00
connector *: move original project to dex 2015-08-18 11:26:57 -07:00
contrib contrib: get standup up-to-date 2015-08-26 15:28:09 -07:00
db refresh: bcrypt raw bytes rather than base64 encoded string. 2015-09-02 14:23:20 -07:00
Documentation Documentation: remove outdated TLS info 2015-09-03 09:56:48 -07:00
email *: move original project to dex 2015-08-18 11:26:57 -07:00
examples Merge pull request #92 from yifan-gu/ssl 2015-08-31 10:41:13 -07:00
functional refresh: bcrypt raw bytes rather than base64 encoded string. 2015-09-02 14:23:20 -07:00
Godeps godep: add github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
integration server: check scope in requests. 2015-08-31 13:51:59 -07:00
pkg pkg/crypto: Don't modify ciphertext in place. 2015-08-26 10:43:24 -07:00
refresh refresh: bcrypt raw bytes rather than base64 encoded string. 2015-09-02 14:23:20 -07:00
repo *: move original project to dex 2015-08-18 11:26:57 -07:00
schema *: move original project to dex 2015-08-18 11:26:57 -07:00
server Merge pull request #104 from bobbyrullo/flags_are_good 2015-09-02 18:00:58 -07:00
session server: check scope in requests. 2015-08-31 13:51:59 -07:00
static cmd,server,static/html: Configurable name, logo 2015-09-02 18:00:28 -07:00
user *: move original project to dex 2015-08-18 11:26:57 -07:00
.gitignore *: move original project to dex 2015-08-18 11:26:57 -07:00
build db: add DB migration code and scripts. 2015-08-20 11:44:43 -07:00
build-docker-push build-docker-push: allow override of quay repo 2015-08-26 15:28:09 -07:00
build-units *: move original project to dex 2015-08-18 11:26:57 -07:00
CONTRIBUTING.md *: move original project to dex 2015-08-18 11:26:57 -07:00
cover *: move original project to dex 2015-08-18 11:26:57 -07:00
DCO *: move original project to dex 2015-08-18 11:26:57 -07:00
Dockerfile *: move original project to dex 2015-08-18 11:26:57 -07:00
go-docker go-docker: support functional tests 2015-08-20 16:50:30 -07:00
LICENSE *: move original project to dex 2015-08-18 11:26:57 -07:00
MAINTAINERS *: move original project to dex 2015-08-18 11:26:57 -07:00
NOTICE *: move original project to dex 2015-08-18 11:26:57 -07:00
README.md Update README.md 2015-09-02 18:04:40 -07:00
test *: move original project to dex 2015-08-18 11:26:57 -07:00
test-functional go-docker: support functional tests 2015-08-20 16:50:30 -07:00

dex

Docker Repository on Quay.io

dex is a federated identity management service. It provides OpenID Connect (OIDC) to users, and can proxy to multiple remote identity providers (IdP) to drive actual authentication, as well as managing local username/password credentials.

We named the project 'dex' because it is a central index of users that other pieces of software can authenticate against.

Architecture

dex consists of multiple components:

  • dex-worker is the primary server component of dex
    • host a user-facing API that drives the OIDC protocol
    • proxy to remote identity providers via "connectors"
    • provides an API for administrators to manage users.
  • dex-overlord is an auxiliary process responsible for various administrative tasks:
    • rotation of keys used by the workers to sign identity tokens
    • garbage collection of stale data in the database
    • provides an API for bootstrapping the system.
  • dexctl is a CLI tool used to manage a dex deployment
    • configure identity provider connectors
    • administer OIDC client identities
  • database; a database is used to for persistent storage for keys, users, OAuth sessions and other data. Currently Postgres is the only supported database.

A typical dex deployment consists of N dex-workers behind a load balanacer, and one dex-overlord. The dex-workers directly handle user requests, so the loss of all workers can result in service downtime. The single dex-overlord runs its tasks periodically, so it does not need to maintain 100% uptime.

Who Should Use Dex?

**TODO**

Similar Software

**TODO**

Connectors

Remote IdPs could implement any auth-N protocol. Connectors contain protocol-specific logic and are used to communicate with remote IdPs. Possible examples of connectors could be: OIDC, LDAP, Local credentials, Basic Auth, etc.

dex ships with an OIDC connector, useful for authenticating with services like Google and Salesforce (or even other dex instances!) and a "local" connector, in which dex itself presents a UI for users to authenticate via dex-stored credentials.

Future connectors can be developed and added as future interoperability requirements emerge.

Relevant Specifications

These specs are referenced and implemented to some degree in the jose package of this project.

OpenID Connect (OIDC) is broken up into several specifications. The following (amongst others) are relevant:

Example OIDC Discovery Endpoints

Next steps:

If you want to try out dex quickly with a single process and no database (do not run this way in production!) take a look at the dev guide.

For running the full stack check out the getting started guide.

Coming Soon

  • Multiple backing Identity Providers
  • Identity Management
  • Authorization