- 06 Apr, 2017 1 commit
-
-
Phu Kieu authored
Rename issuer to entityIssuer
-
- 04 Apr, 2017 5 commits
-
-
Eric Chiang authored
connector/saml: fix validation bug with multiple Assertion elements
-
Eric Chiang authored
Introduces SAML tests which execute full response processing and compare user attributes. tesdata now includes a full, self-signed CA and documents signed using xmlsec1. Adds deprication notices to existing tests, but don't remove them since they still provide coverage.
-
Eric Chiang authored
When a SAML response provided multiple Assertion elements, only the first one is checked for a valid signature. If the Assertion is verified, the original Assertion is removed and the canonicalized version is prepended to the Response. However, if there were multiple assertions, the second assertion could end up first in the list of Assertions, even if it was unsigned. For example this: <Response> <!-- Response unsigned. According to SAML spec must check assertion signature. --> <Assertion> <Signature> <!-- Correrctly signed assertion --> </Signature> </Assertion> <Assertion> <!-- Unsigned assertion inserted by attacker--> </Assertion> </Response> could be verified then re-ordered to the following: <Response> <!-- Response unsigned. According to SAML spec must check assertion signature. --> <Assertion> <!-- Unsigned assertion inserted by attacker--> </Assertion> <Assertion> <!-- Canonicalized, correrctly signed assertion --> </Assertion> </Response> Fix this by removing all unverified child elements of the Response, not just the original assertion.
-
Lucas Servén authored
server/server.go: make successful garbage collection log at info level
-
Lucas Serven authored
-
- 29 Mar, 2017 4 commits
-
-
rithu leena john authored
storage/static.go: correct the error message that gets displayed.
-
rithu john authored
-
Eric Chiang authored
Documentation: document dex scopes, claims, and client features
-
Eric Chiang authored
server: use client connected to remove server for gRPC tests
-
- 28 Mar, 2017 4 commits
-
-
Eric Chiang authored
-
Eric Chiang authored
-
rithu leena john authored
storage: add connector object to backend storage.
-
rithu john authored
-
- 24 Mar, 2017 7 commits
-
-
Eric Chiang authored
cmd/example-app: fix custom CA behavior
-
Eric Chiang authored
-
Eric Chiang authored
Fix assertion fallback
-
Phu Kieu authored
-
Phu Kieu authored
-
Phu Kieu authored
-
rithu leena john authored
examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.
-
- 23 Mar, 2017 3 commits
-
-
rithu john authored
-
rithu leena john authored
connector: Connectors without a RefreshConnector should not error out
-
rithu john authored
connector: Connectors without a RefreshConnector should not return a refresh token instead of erroring
-
- 22 Mar, 2017 2 commits
-
-
Eric Chiang authored
*: validate InResponseTo SAML response field and make issuer optional
-
Eric Chiang authored
-
- 21 Mar, 2017 3 commits
-
-
Eric Chiang authored
glide.yaml: update goxmldsig
-
Eric Chiang authored
-
Eric Chiang authored
-
- 20 Mar, 2017 7 commits
-
-
Eric Chiang authored
storage: make static storages query real storages for some actions
-
Eric Chiang authored
*: fix spelling using github.com/client9/misspell
-
Eric Chiang authored
connector/oidc: expose oauth2.RegisterBrokenAuthHeaderProvider
-
Eric Chiang authored
If dex is configured with static passwords or clients, let the API still add or modify objects in the backing storage, so long as their IDs don't conflict with the static ones. List options now aggregate resources from the static list and backing storage.
-
Eric Chiang authored
-
Eric Chiang authored
-
Eric Chiang authored
-
- 17 Mar, 2017 3 commits
-
-
rithu leena john authored
api: Update timestamp type for RefreshTokenRef to int64.
-
rithu john authored
-
rithu leena john authored
storage/conformance: update conformance tests with multiple entries per resource
-
- 16 Mar, 2017 1 commit
-
-
rithu john authored
-