Commits · 3f7867d83b00e59fc8d84135031433fd6bde3efe · id / go-sso

14 Jan, 2021 4 commits
- Update module oschwald/maxminddb-golang to v0.2.0 · 3f7867d8
  renovate authored Jan 14, 2021
  
  3f7867d8
- Merge branch 'renovate/github.com-gorilla-mux-1.x' into 'master' · 782d5400
  ale authored Jan 14, 2021
```
Update module gorilla/mux to v1.8.0

See merge request !12
```
  782d5400
- Update module gorilla/mux to v1.8.0 · 72e2e35d
  renovate authored Jan 14, 2021
  
  72e2e35d
- Merge branch 'renovate/configure' into 'master' · 89b52fc0
  ale authored Jan 14, 2021
```
Configure Renovate

See merge request !10
```
  89b52fc0
12 Jan, 2021 1 commit
- Add renovate.json · 6bb5c824
  renovate authored Jan 12, 2021
  
  6bb5c824
10 Jan, 2021 4 commits
- Update github.com/crewjam/saml · 1ab68ebd
  ale authored Jan 10, 2021
  
  1ab68ebd
- Update internal dependencies · 3f6456bc
  ale authored Jan 10, 2021
  
  3f6456bc
- Update id/keystore · 3b53d9f8
  ale authored Jan 10, 2021
  
  3b53d9f8
- Add go.mod, update dependencies, build on Bullseye · 018bd88d
  ale authored Jan 10, 2021
  
  018bd88d
11 Nov, 2020 1 commit

ale authored Nov 11, 2020

Fixes issue #16, the only change is in the u2f/otp login links.

71512831

24 Aug, 2020 1 commit
- Document the allowed_cors_origins option · a0c2b587
  ale authored Aug 24, 2020
  
  a0c2b587
23 Aug, 2020 6 commits
- Merge branch 'saml-enforce-groups' · a64b4480
  ale authored Aug 23, 2020
  
  a64b4480
- Set the logout URL on the SAML server descriptor · 2cd5254c
  ale authored Aug 23, 2020
```
Update the crewjam/saml library too.
```
  2cd5254c
- Merge branch 'saml-enforce-groups' into 'master' · 4c546e2f
  ale authored Aug 23, 2020
```
Enforce group membership checks in the SAML server

See merge request !9
```
  4c546e2f
- Enforce group membership checks in the SAML server · 01df95f6
  ale authored Aug 23, 2020
  
  01df95f6
- Support the case where usernames are already email addresses · d00e7f54
  ale authored Aug 23, 2020
```
In this scenario there is no need to set 'users_file', instead we
introduce the new boolean attribute 'email_usernames'.
```
  d00e7f54
- Upgrade ai3/go-common · f1c2d0bf
  ale authored Aug 23, 2020
  
  f1c2d0bf
06 May, 2020 1 commit

Drop form-action from CSP · b111e43a

ale authored May 06, 2020

Apparently this is applied even after the redirect, so we can't use it.

b111e43a

04 May, 2020 2 commits
- Stricter Content-Security-Policy headers · 81b8bd24
  ale authored May 04, 2020
```
Adds the 'base-uri', 'form-action' and 'frame-ancestors' properties.
```
  81b8bd24
- Set SameSite policy on CSRF cookies · 72bb1ac7
  ale authored May 04, 2020
  
  72bb1ac7
28 Apr, 2020 1 commit
- Add some error logging on saml-server · fb63c3d1
  ale authored Apr 28, 2020
  
  fb63c3d1
27 Apr, 2020 2 commits
- Fix X-Frame-Options header (uppercase) · 65b137a4
  ale authored Apr 27, 2020
  
  65b137a4
- Fix X-Frame-Options header · 8af8979f
  ale authored Apr 27, 2020
  
  8af8979f
29 Mar, 2020 1 commit
- Set default timeouts on the proxy http.Transport · d1e6a380
  ale authored Mar 29, 2020
  
  d1e6a380
20 Mar, 2020 1 commit
- Handle the double-logout case more cleanly · 28fcb558
  ale authored Mar 20, 2020
```
Do not attempt to call backends (keystore) with empty usernames.
```
  28fcb558
14 Mar, 2020 1 commit
- Fix URLs for flipping between otp/u2f · f3fd32c0
  ale authored Mar 14, 2020
  
  f3fd32c0
12 Feb, 2020 1 commit
- Upgrade id/auth (tracing) · 72395351
  ale authored Feb 12, 2020
  
  72395351
06 Feb, 2020 2 commits
- Upgrade go-common: handle a nil pointer deref · a1bb2db9
  ale authored Feb 06, 2020
  
  a1bb2db9
- Upgrade go-common (enforce rpc timeouts) · 7c1711be
  ale authored Feb 06, 2020
  
  7c1711be
06 Jan, 2020 1 commit
- Update ai3/go-common/clientutil · 3ecaec92
  ale authored Jan 06, 2020
  
  3ecaec92
20 Dec, 2019 10 commits
- Register the Prometheus metrics · 0c0c8424
  ale authored Dec 20, 2019
  
  0c0c8424
- Add Prometheus instrumentation for sso server internals · 1d049ac2
  ale authored Dec 20, 2019
```
Metrics cover specifically the authentication workflow.
```
  1d049ac2
- Trim spaces on submitted usernames · 5d8f8021
  ale authored Dec 20, 2019
  
  5d8f8021
- Log the shard when we are unlocking a key · a7b1ae99
  ale authored Dec 20, 2019
  
  a7b1ae99
- Always set the keystore shard in maybeUnlockKeystore() · 8d3f4507
  ale authored Dec 20, 2019
  
  8d3f4507
- Pass a valid UserInfo to the login callback · 0a0ca7d5
  ale authored Dec 20, 2019
```
The sess.UserInfo is still unset at that stage, use valid information
instead. This fixes a bug where keys were not being unlocked for users.
```
  0a0ca7d5
- Improve keystore test · 79a14158
  ale authored Dec 20, 2019
  
  79a14158
- Remove debugging printf · 7417d7d5
  ale authored Dec 20, 2019
  
  7417d7d5
- Add a grace time to the keystore TTL · 10aba630
  ale authored Dec 20, 2019
```
Just to cover edge cases when sessions are about to expire.
```
  10aba630
- Log successful authorizations (with ttl) · c31919d0
  ale authored Dec 20, 2019
  
  c31919d0