Commits · 608260d0f197c271220740ec079cdd5eb1402437 · go / dex

28 Feb, 2018 1 commit

saml: add tests case covering tampered NameID field (comment) · 608260d0

Stephan Renatus authored Feb 28, 2018

As sketched here:

https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability

Thought it was interesting to see how our SAML connector behaved. And
it seems to be behaving well. :)
Signed-off-by: Stephan Renatus <srenatus@chef.io>

608260d0

27 Feb, 2018 1 commit
- Merge pull request #1195 from Skn0tt/patch-1 · 39a66d14
  Eric Chiang authored Feb 27, 2018
```
Add missing word
```
  39a66d14
24 Feb, 2018 1 commit
- Add missing word · 822a10ce
  Simon Knott authored Feb 24, 2018
  
  822a10ce
03 Feb, 2018 2 commits
- Merge pull request #1176 from vyshane/master · 01d63b08
  Eric Chiang authored Feb 03, 2018
```
New id_provider scope that adds the connector ID and user ID to the ID token claims
```
  01d63b08
- Add new federated:id scope that causes Dex to add a federated_claims claim… · b03c85e5
  Vy-Shane Xie authored Jan 23, 2018
```
Add new federated:id scope that causes Dex to add a federated_claims claim containing the connector_id and user_id to the ID token
```
  b03c85e5
01 Feb, 2018 2 commits
- Merge pull request #1144 from srenatus/sr/support-direct-post-without-get-first · ce686390
  Eric Chiang authored Feb 01, 2018
```
handlers/connector_login: update AuthRequest irregardless of method
```
  ce686390
- Merge pull request #1171 from pmcgrath/1170-fix-typos · c0bcc819
  Eric Chiang authored Feb 01, 2018
```
1170 - Fix comment typos
```
  c0bcc819
14 Jan, 2018 1 commit
- 1170 - Fix comment typos · 4aec353a
  pmcgrath authored Jan 14, 2018
```
  BsaeDN should be BaseDN
```
  4aec353a
08 Jan, 2018 1 commit
- Merge pull request #1166 from ericchiang/coc · 1dbecefa
  Eric Chiang authored Jan 08, 2018
```
automated PR: update CoC and legalese
```
  1dbecefa
05 Jan, 2018 2 commits
- Merge pull request #1168 from ericchiang/connector-docs · f83c86ce
  Eric Chiang authored Jan 05, 2018
```
README: expand connector docs and assign each a level of support
```
  f83c86ce
- README: expand connector docs and assign each a level of support · ea2c63d7
  Eric Chiang authored Jan 04, 2018
  
  ea2c63d7
04 Jan, 2018 3 commits
- Merge pull request #1167 from ericchiang/restructure-connector-docs · 2851b3c7
  Eric Chiang authored Jan 04, 2018
```
Documentation: restructure connector docs to a single folder
```
  2851b3c7
- Documentation: restructure connector docs to a single folder · 460f4832
  Eric Chiang authored Jan 04, 2018
  
  460f4832
- update CoC and legalese · 2215158b
  Eric Chiang authored Jan 04, 2018
  
  2215158b
21 Dec, 2017 5 commits
- Merge pull request #1155 from brancz/prometheus · 6ef8cd51
  Eric Chiang authored Dec 21, 2017
```
Add Prometheus metrics
```
  6ef8cd51
- vendor: Add metrics packages · 0930b09e
  Frederic Branczyk authored Dec 21, 2017
  
  0930b09e
- *: Add go runtime, process, HTTP and gRPC metrics · 5f03479d
  Frederic Branczyk authored Dec 20, 2017
  
  5f03479d
- Merge pull request #1157 from ericchiang/conn-oidc-doc-groups · 053c476c
  Eric Chiang authored Dec 21, 2017
```
document limitations in the OpenID Connect connector
```
  053c476c
- document limitations in the OpenID Connect connector · 0811d1a0
  Eric Chiang authored Dec 21, 2017
  
  0811d1a0
19 Dec, 2017 2 commits
- Merge pull request #1152 from diegs/bom · b5baf6b1
  Eric Chiang authored Dec 19, 2017
```
license: add bill of materials.
```
  b5baf6b1
- license: add bill of materials. · 6d4fef4b
  Diego Pontoriero authored Dec 19, 2017
  
  6d4fef4b
17 Dec, 2017 2 commits
- Merge pull request #1151 from topos-ai/email-address · 9d4b1041
  Eric Chiang authored Dec 17, 2017
```
Clarify email scope description
```
  9d4b1041
- email scope only allows access to a user's email address · da45adcb
  Eric Buth authored Dec 17, 2017
  
  da45adcb
11 Dec, 2017 1 commit
- handlers/connector_login: check before update (optimization) · f013a445
  Stephan Renatus authored Dec 11, 2017
```
Signed-off-by: Stephan Renatus <srenatus@chef.io>
```
  f013a445
08 Dec, 2017 3 commits

Merge pull request #1135 from mpashka/master · ec5e2cc3
Eric Chiang authored Dec 08, 2017
```
Update slapd.sh
```
ec5e2cc3
Add note for OpenLDAP installation · 5ef1312b
Pavel Moukhataev authored Nov 27, 2017

5ef1312b

handlers/connector_login: update AuthRequest irregardless of method · f18d7afc

Stephan Renatus authored Dec 08, 2017

Before, you could not POST your credentials to a password-connector's
endpoint without GETing that endpoint first. While this makes sense for
browser clients; automated interactions with Dex don't need to look at
the password form to fill it in.

A symptom of that missing GET was that the POST succeeded (!) with

    login successful: connector "", username="admin", email="admin@example.com", groups=[]

Note the connector "". A subsequent call to finalizeLogin would then
fail with

    connector with ID "" not found: failed to get connector object from storage: not found

Now, the connector ID of an auth request will be updated for both GETs
and POSTs.
Signed-off-by: Stephan Renatus <srenatus@chef.io>

f18d7afc

05 Dec, 2017 2 commits
- Merge pull request #1143 from wkalt/fix-verifier-creation-typo · 5172a461
  Eric Chiang authored Dec 05, 2017
```
Correct "Verifier" method name in using-dex doc
```
  5172a461
- Correct "Verifier" method name in using-dex doc · e7d57bb3
  Wyatt Alt authored Dec 05, 2017
```
Change provider.NewVerifier to provider.Verifier per the godocs:
https://godoc.org/github.com/coreos/go-oidc#Provider.Verifier
```
  e7d57bb3
04 Dec, 2017 1 commit
- Merge pull request #1142 from zlabjp/status-code · 18da6288
  Eric Chiang authored Dec 04, 2017
```
Bugfix: Set a proper status code before sending an error status page
```
  18da6288
01 Dec, 2017 5 commits
- Merge pull request #1140 from ericchiang/fix-proto-build · 32257bcf
  rithu leena john authored Dec 01, 2017
```
*: fix proto build
```
  32257bcf
- *: regenerate proto · c5de6fa7
  Eric Chiang authored Dec 01, 2017
  
  c5de6fa7
- *: revendor · ab102b81
  Eric Chiang authored Dec 01, 2017
  
  ab102b81
- *: pin protoc-gen-go dependencies · 35063da4
  Eric Chiang authored Dec 01, 2017
  
  35063da4
- Set a proper status code before sending an error status page · 9948228e
  Kazumasa Kohtaka authored Dec 01, 2017
  
  9948228e
28 Nov, 2017 3 commits
- Merge pull request #1131 from pborzenkov/microsoft · 861d4ae4
  Eric Chiang authored Nov 28, 2017
```
Implement Microsoft (Azure AD) connector
```
  861d4ae4
- Merge pull request #1136 from vyshane/master · c8729382
  Eric Chiang authored Nov 28, 2017
```
Specify Java package for dex Protobuf API
```
  c8729382
- Specify Java package option · 19cb2a5f
  Vy-Shane Xie authored Nov 28, 2017
  
  19cb2a5f
23 Nov, 2017 2 commits

connector/microsoft: add support for groups · 47df6ea2

Pavel Borzenkov authored Nov 21, 2017

Microsoft connector now provides support for 'groups' claim in case
'tenant' is configured in Dex config for the connector. It's possible to
deny user authentication if the user is not a member of at least one
configured groups.
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

47df6ea2

connector: implement Microsoft connector · 6193bf55

Pavel Borzenkov authored Nov 19, 2017

connector/microsoft implements authorization strategy via Microsoft's
OAuth2 endpoint + Graph API. It allows to choose what kind of tenants
are allowed to authenticate in Dex via Microsoft:
  * common - both personal and business/school accounts
  * organizations - only business/school accounts
  * consumers - only personal accounts
  * <tenant uuid> - only account of specific tenant
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>

6193bf55