This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
dex/glide.yaml
Holger Koser e46f2ebe40 Improve SAML Signature and Response Validation
* Improve Order of Namespace Declarations and Attributes in Canonical XML. This is related to an issue in goxmldsig for which I created an [pull request](https://github.com/russellhaering/goxmldsig/pull/17).
* Do not compress the AuthnRequest if `HTTP-POST` binding is used.
* SAML Response is valid if the Message and/or the Assertion is signed.
* Add `AssertionConsumerServiceURL` to `AuthnRequest`
* Validate Status on the Response
* Validate Conditions on the Assertion
* Validation SubjectConfirmation on the Subject
2017-01-26 19:05:40 +01:00

141 lines
4.2 KiB
YAML

# For detailed docs on how to add new dependencies or
# update dependencies see Documentation/dev-dependencies.md
#
# The TL;DR is:
# * Use glide and glide-vc.
# * List transitive dependencies.
# * Create a separate block for each dependency group.
# * Keep updates to "vendor/" in a seperate commit from actual changes.
package: github.com/coreos/dex
import:
- package: github.com/spf13/cobra
version: bc81c21bd0d8be5ba2d6630a505d79d4467566e7
- package: github.com/spf13/pflag
version: 367864438f1b1a3c7db4da06a2f55b144e6784e0
- package: github.com/inconshreveable/mousetrap
version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
# LDAP dependencies.
- package: gopkg.in/ldap.v2
version: 0e7db8eb77695b5a952f0e5d78df9ab160050c73
- package: gopkg.in/asn1-ber.v1
version: 4e86f4367175e39f69d9358a5f17b4dda270378d
# Used for JOSE functionality (JWKs, JWTs, etc.).
- package: gopkg.in/square/go-jose.v2
version: v2.0.0
subpackages:
- cipher
- json
# Imported directly and by several third party packages.
- package: golang.org/x/net
version: 6a513affb38dc9788b449d59ffed099b8de18fa0
subpackages:
- context
- context/ctxhttp
- http2
- http2/hpack
- internal/timeseries
- lex/httplex
- trace
# Used for parsing configs.
- package: github.com/ghodss/yaml
version: bea76d6a4713e18b7f5321a2b020738552def3ea
- package: gopkg.in/yaml.v2
version: a83829b6f1293c91addabc89d0571c246397bbf4
# Router used by the server.
- package: github.com/gorilla/mux
version: 9fa818a44c2bf1396a17f9d5a3c0f6dd39d2ff8e
- package: github.com/gorilla/context
version: aed02d124ae4a0e94fea4541c8effd05bf0c8296
- package: github.com/gorilla/handlers
version: 3a5767ca75ece5f7f1440b1d16975247f8d8b221
# Package with a bunch of sane crypto defaults. Consider just
# copy the code (as recommended by the repo itself) instead
# of importing.
- package: github.com/gtank/cryptopasta
version: e7e23673cac3f529f49e22f94e4af6d12bb49dba
- package: golang.org/x/crypto
version: 2c99acdd1e9b90d779ca23f632aad86af9909c62
subpackages:
- bcrypt
# Used for server integration tests and OpenID Connect connector.
- package: github.com/coreos/go-oidc
version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
- package: github.com/pquerna/cachecontrol
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
- package: golang.org/x/oauth2
version: 08c8d727d2392d18286f9f88ad775ad98f09ab33
subpackages: []
# The oauth2 package only imports the appengine code when it's given a
# specific build tags, but glide detects it anyway.
#
# https://github.com/golang/oauth2/blob/d5040cdd/client_appengine.go
- package: google.golang.org/appengine
version: 267c27e7492265b84fc6719503b14a1e17975d79
subpackages:
- urlfetch
- internal
- internal/urlfetch
- internal/base
- internal/datastore
- internal/log
- internal/remote_api
# Testing conveniences.
- package: github.com/kylelemons/godebug
subpackages:
- diff
- pretty
version: eadb3ce320cbab8393bea5ca17bebac3f78a021b
# SQL drivers
- package: github.com/mattn/go-sqlite3
version: 3fb7a0e792edd47bf0cf1e919dfc14e2be412e15
- package: github.com/lib/pq
version: 50761b0867bd1d9d069276790bcd4a3bccf2324a
- package: github.com/go-sql-driver/mysql
version: 0b58b37b664c21f3010e836f1b931e1d0b0b0685
- package: github.com/cockroachdb/cockroach-go
version: 31611c0501c812f437d4861d87d117053967c955
subpackages:
- crdb
# gRPC and protobuf are use for the API. Also import x/net/http2 stack.
- package: google.golang.org/grpc
version: b1a2821ca5a4fd6b6e48ddfbb7d6d7584d839d21
subpackages:
- codes
- credentials
- grpclog
- internal
- metadata
- naming
- peer
- transport
- package: github.com/golang/protobuf
version: 874264fbbb43f4d91e999fecb4b40143ed611400
subpackages:
- proto
- protoc-gen-go
# Structured logging
- package: github.com/Sirupsen/logrus
version: v0.11.0
- package: golang.org/x/sys/unix
version: 833a04a10549a95dc34458c195cbad61bbb6cb4d
# XML signature validation for SAML connector
- package: github.com/russellhaering/goxmldsig
version: e2990269f42f6ddfea940870a0800a14acdb8c21
- package: github.com/beevik/etree
version: 4cd0dd976db869f817248477718071a28e978df0
- package: github.com/jonboulle/clockwork
version: bcac9884e7502bb2b474c0339d889cb981a2f27f