adfbbc3fb0
Controller Metrics & Network Config Request Fix ( #2003 )
...
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
3 years ago
e5fc89821f
use cpp-httplib for HTTP control plane ( #1979 )
...
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib ) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
3 years ago
64b7f8e445
quiet down logs more
4 years ago
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
4 years ago
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
4 years ago
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.
4 years ago
c492bf7eea
Forgot to send error on v0 auth expiry.
4 years ago
cb086ff97f
Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot.
4 years ago
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
4 years ago
58119598ae
comment out some new deauth code
4 years ago
42a2afaef9
This may improve controller behavior with SSO and mixed SSO, needs testing!
4 years ago
b3fbbd3124
refresh tokens now working
...
Still investigating the best way to do a couple things, but we have something working
4 years ago
7cce23ae79
wip
4 years ago
a33d7c64fe
more fixin
4 years ago
fa21fdc1cc
rename stuff for clarity
...
authenticationURL will still be used by the client for v1 and v2 of sso
4 years ago
43433cdb5a
integrate rust build of zeroidc to linux
4 years ago
8d39c9a861
plumbing full flow from controller -> client network
4 years ago
eabe091038
Backport only the COM mitigation instead of everything from 1.8
5 years ago
75a45eeb27
Revert "Backport guts of 1.8 to 1.6 tree so we can point release without waiting for UI quirks to be fixed."
...
This reverts commit 48ce7632fa
5 years ago
48ce7632fa
Backport guts of 1.8 to 1.6 tree so we can point release without waiting for UI quirks to be fixed.
5 years ago
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
5 years ago
7c3166e9be
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
5 years ago
20721491e8
kill some noisy logs
5 years ago
9eae444104
kill some verbose logs
5 years ago
576b4f03a5
Adjust deauth time window and send revocation when SSO members expire.
5 years ago
461810b06a
Move return so record gets created before URL.
5 years ago
613d7b5ece
fix backwards logic
5 years ago
663e748b8d
Deauth expiring members right away.
5 years ago
0cf62d334d
Remove pointless check.
5 years ago
0310bfa3e3
Include authentication URL in config
5 years ago
efe0e8aa7b
Notification of about-to-expire status... almost there.
5 years ago
34de579c91
Handling of soon-to-expire members
5 years ago
10215af96d
whoops
5 years ago
e67fee0264
debug logging
5 years ago
364ad87e2b
add ssoEnabled flag to network config
5 years ago
e6b4fb5af7
add "ssoRedirectURL" to local.conf
...
plumbed it through to the central controller code
5 years ago
1dfe909bab
Increase authentication URL sizes.
5 years ago
74a678c1e1
chicken or egg problem.
...
member must exist in the database before we can generate a nonce & SSO URL
5 years ago
f27d193cf6
.
5 years ago
7ca2ecb421
put expiry time back on nc object
5 years ago
0702e581a1
remove some noisy log lines & fix a query error
5 years ago
c78792a705
moar temporary debug printfs
5 years ago
287c19e822
move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not
5 years ago
4f521baafd
Big SSO update
...
make things hopefully work
5 years ago
fc6d90a04a
set the correct default
5 years ago
d2f1d05a06
handle cases where authenticationURL and authenticationExpiryTime don't exist
5 years ago
c470c6255e
Postgres code for SSO (almost certainly needs work)
5 years ago
6b3a7ec827
Fix a few things...
5 years ago
1ce71f9dc0
Build fix.
5 years ago
18508b5a2e
Build fix.
5 years ago
Grant Limberg
Grant Limberg
Adam Ierymenko