mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Eric Chiang	258ec4ff4b	Merge pull request #897 from Calpicow/issuer_typo Fix entityIssuer -> ssoIssuer typo	9 years ago
Phu Kieu	bd754e2b2d	Fix entityIssuer -> ssoIssuer typo	9 years ago
Eric Chiang	53acaa9e7c	Merge pull request #896 from Calpicow/audience_validate_fix Validate audience with entityIssuer if present, use redirectURI otherwise	9 years ago
Phu Kieu	47897f73fa	Validate audience with entityIssuer if present, use redirectURI otherwise	9 years ago
Eric Chiang	40f0265ab4	Merge pull request #885 from Calpicow/saml_issuer_fix Add ssoIssuer to fix Response issuer checking	9 years ago
Phu Kieu	8c0eb67ecd	Update documentation	9 years ago
Phu Kieu	217b5ca2c7	Add ssoIssuer to fix Response issuer checking Rename issuer to entityIssuer	9 years ago
Eric Chiang	207d20777b	Merge pull request #893 from ericchiang/fix-saml-validation connector/saml: fix validation bug with multiple Assertion elements	9 years ago
Eric Chiang	a97cffcd52	connector/saml: refactor tests and add self-signed responses Introduces SAML tests which execute full response processing and compare user attributes. tesdata now includes a full, self-signed CA and documents signed using xmlsec1. Adds deprication notices to existing tests, but don't remove them since they still provide coverage.	9 years ago
Eric Chiang	e0709dc2ac	connector/saml: fix validation bug with multiple Assertion elements When a SAML response provided multiple Assertion elements, only the first one is checked for a valid signature. If the Assertion is verified, the original Assertion is removed and the canonicalized version is prepended to the Response. However, if there were multiple assertions, the second assertion could end up first in the list of Assertions, even if it was unsigned. For example this: <Response> <!-- Response unsigned. According to SAML spec must check assertion signature. --> <Assertion> <Signature> <!-- Correrctly signed assertion --> </Signature> </Assertion> <Assertion> <!-- Unsigned assertion inserted by attacker--> </Assertion> </Response> could be verified then re-ordered to the following: <Response> <!-- Response unsigned. According to SAML spec must check assertion signature. --> <Assertion> <!-- Unsigned assertion inserted by attacker--> </Assertion> <Assertion> <!-- Canonicalized, correrctly signed assertion --> </Assertion> </Response> Fix this by removing all unverified child elements of the Response, not just the original assertion.	9 years ago
Lucas Servén	a7d443ea2b	Merge pull request #891 from squat/garbage_log_info server/server.go: make successful garbage collection log at info level	9 years ago
Lucas Serven	f3d9bd5008	server/server.go: make successful garbage collection log at info level	9 years ago
rithu leena john	f4865a354c	Merge pull request #886 from rithujohn191/error-msg-update storage/static.go: correct the error message that gets displayed.	9 years ago
rithu john	5abb4b3df6	storage/static.go: correct the error message that gets displayed.	9 years ago
Eric Chiang	5eb8210eb4	Merge pull request #883 from ericchiang/scopes-docs Documentation: document dex scopes, claims, and client features	9 years ago
Eric Chiang	8902ddc061	Merge pull request #881 from ericchiang/api-test-use-client server: use client connected to remove server for gRPC tests	9 years ago
Eric Chiang	5e34f0d1a6	Documentation: document dex scopes, claims, and client features	9 years ago
Eric Chiang	f734b140cd	server: use client connected to remove server for gRPC tests	9 years ago
rithu leena john	42c1eed231	Merge pull request #880 from rithujohn191/connector-object storage: add connector object to backend storage.	9 years ago
rithu john	bc55b86d0d	storage: add connector object to backend storage.	9 years ago
Eric Chiang	6e50c18458	Merge pull request #875 from ericchiang/fix-example-app-custom-ca cmd/example-app: fix custom CA behavior	9 years ago
Eric Chiang	9b0e9ab2ca	cmd/example-app: fix custom CA behavior	9 years ago
Eric Chiang	2a6ae0a6ea	Merge pull request #870 from Calpicow/fix_assertion_fallback Fix assertion fallback	9 years ago
Phu Kieu	6f9ef961bb	Use etreeutils.NSSelectOne to select Assertion element	9 years ago
Phu Kieu	4b457d8c82	vendor: revendor	9 years ago
Phu Kieu	b5f70dac36	glide.yaml: update goxmldsig	9 years ago
rithu leena john	5d49e18478	Merge pull request #873 from rithujohn191/client-example examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.	9 years ago
rithu john	562eae3fc7	examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap.	9 years ago
rithu leena john	6146e23396	Merge pull request #872 from rithujohn191/offline-access-error connector: Connectors without a RefreshConnector should not error out	9 years ago
rithu john	59502850f0	connector: Connectors without a RefreshConnector should not return a refresh token instead of erroring	9 years ago
Eric Chiang	b112aa2ecd	Merge pull request #869 from ericchiang/saml-response-to *: validate InResponseTo SAML response field and make issuer optional	9 years ago
Eric Chiang	50b223a9db	*: validate InResponseTo SAML response field and make issuer optional	9 years ago
Eric Chiang	8b2956ddbc	Merge pull request #867 from ericchiang/xml-validation glide.yaml: update goxmldsig	9 years ago
Eric Chiang	910d59865b	vendor: revendor	9 years ago
Eric Chiang	5888220965	glide.yaml: update goxmldsig	9 years ago
Eric Chiang	95d237003a	Merge pull request #855 from ericchiang/static-storage-fallthrough storage: make static storages query real storages for some actions	9 years ago
Eric Chiang	af54f59202	Merge pull request #864 from ericchiang/spelling *: fix spelling using github.com/client9/misspell	9 years ago
Eric Chiang	25fdaa67a7	Merge pull request #860 from ericchiang/oidc-broken-auth-header connector/oidc: expose oauth2.RegisterBrokenAuthHeaderProvider	9 years ago
Eric Chiang	4c39bc20ae	storage: make static storages query real storages for some actions If dex is configured with static passwords or clients, let the API still add or modify objects in the backing storage, so long as their IDs don't conflict with the static ones. List options now aggregate resources from the static list and backing storage.	9 years ago
Eric Chiang	33f0199077	*: fix spelling using github.com/client9/misspell	9 years ago
Eric Chiang	f503ff7950	*: add documentation for the OpenID Connect provider	9 years ago
Eric Chiang	ac032e99f0	connector/oidc: expose oauth2.RegisterBrokenAuthHeaderProvider	9 years ago
rithu leena john	4bf74d8ac3	Merge pull request #862 from rithujohn191/update-api api: Update timestamp type for RefreshTokenRef to int64.	9 years ago
rithu john	921090f05f	api: Update timestamp type for RefreshTokenRef to int64.	9 years ago
rithu leena john	84af5273c8	Merge pull request #854 from rithujohn191/conformance-tests storage/conformance: update conformance tests with multiple entries per resource	9 years ago
rithu john	9e88924577	storage/conformance: update conformance tests with multiple entries per resource	9 years ago
rithu leena john	7a798844cc	Merge pull request #852 from ericchiang/fix-log-level storage/kubernetes: log INFO level if TPR already exists, not ERROR	9 years ago
Eric Chiang	6cb38604d9	storage/kubernetes: log INFO level if TPR already exists, not ERROR	9 years ago
Eric Chiang	d31bb1c8d5	Merge pull request #848 from ericchiang/fix-sql-where-statement storage/sql: add missing WHERE statement to refresh token update	9 years ago
Eric Chiang	0481fccd76	storage/sql: add missing WHERE statement to refresh token update	9 years ago

1 2 3 4 5 ...

480 Commits (258ec4ff4bdd96398bbdef3fd07c44632d0f91c8) All Branches Search

480 Commits (258ec4ff4bdd96398bbdef3fd07c44632d0f91c8)

All Branches