Commits · c2e0f43c1f204f2beef2d8992d99ac6fdb17bba7 · id / go-sso

Dec 17, 2019

We no longer need a gorilla/mux in the main app · c2e0f43c
ale authored 5 years ago
```
Session handling no longer depends on gorilla/sessions.
```
c2e0f43c

Switch to a simpler session implementation · 1418640d

ale authored 5 years ago

Drop gorilla/sessions in favor of using gorilla/securecookie
directly (we use a single cookie anyway). Since securecookie already
has its own expiration timestamp, we can drop some stuff from httputil
as well.

1418640d

Fix callers of SSOWrapper · 655b0a9f
ale authored 5 years ago

655b0a9f

Dec 16, 2019

Use securecookie for the httpsso handler · 42482e82

ale authored 5 years ago

There is no need for the complex gorilla/sessions machinery for what
is basically a single cookie, so we switch to using
gorilla/securecookie directly.

42482e82

Update SRI and bindata for the latest css fix · 891862ab
ale authored 5 years ago

891862ab

Use securecookie for long-term device ID cookie · 821df6df

ale authored 5 years ago

There is no point in using the complex gorilla/sessions machinery for
storing a simple long-term cookie, just use gorilla/securecookie directly.

821df6df

Dec 15, 2019

Lighten background a bit · 4de18c1c
ale authored 5 years ago

4de18c1c
Add script to run a local server for UI testing purposes · 1284ea50
ale authored 5 years ago

1284ea50

Block default favicon requests · 6387bf4c

ale authored 5 years ago

If we don't, they will trigger the login handler and invalidate the
current session (if any), which prevents the user from being able to
log in.

6387bf4c

Bindata update for the 2fa forms · c9da7d18
ale authored 5 years ago

c9da7d18
Generate the SRI map in sorted order · 6e9891f4
ale authored 5 years ago
```
Being consistent across runs avoids generating spurious git changes.
```
6e9891f4
Improve error message when the 2FA constraints are not met · c8f18956
ale authored 5 years ago

c8f18956
Fix submission URLs for 2FA login forms · b3cd8da3
ale authored 5 years ago

b3cd8da3
Use the merged context when calling ExecuteTemplate · a714fb79
ale authored 5 years ago
```
Fix a bug where global variables were missing.
```
a714fb79

Simpler mechanism for embedding SRI hashes · e6ce37fb

ale authored 5 years ago

Remove the build-time dependency on Python, the sri_map is now
generated via a small Go script.

e6ce37fb

Refactor the login handler · 4d70b167

ale authored 5 years ago

The login handler is now a simpler, standalone http.Handler
wrapper. The separation between the SSO application and the login
handler is now fairly complete.

The login handler no longer forces the user to a specific workflow via
session cookies, but it works on a request-by-request basis instead,
which makes the "back" button works as expected (allowing the user to
bail out of a broken 2FA process, for example).

Session handling has been simplified as well: there is a single
session for authentication and login state, which should remove the
opportunity for session synchronization errors.

4d70b167

Oct 24, 2019
- Update id/auth dependency · 6d3a620e
  ale authored 5 years ago
  
  6d3a620e
Aug 18, 2019
- Set the NameID in the saml.Session · 45c4f032
  ale authored 5 years ago
  
  45c4f032
Aug 17, 2019
- Properly parse the x509 cert in saml-server · 6fe09ec2
  ale authored 5 years ago
  
  6fe09ec2
- Fix PathPrefix usage · 62a48de8
  ale authored 5 years ago
  
  62a48de8
- Fix /login/ URL handling · ab608be7
  ale authored 5 years ago
  
  ab608be7
- Tie the SSO service to the SSO URL · 66477d1a
  ale authored 5 years ago
  
  66477d1a
- Fix the /login/ URL to have a slash, to limit SSO to it · 41f0137e
  ale authored 5 years ago
  
  41f0137e
- Modify the SSO URL to /login · 3badc383
  ale authored 5 years ago
  
  3badc383
- Improve error reporting · 8d9e7f2b
  ale authored 5 years ago
  
  And fix a bug with inline XML descriptors.
  8d9e7f2b
- Support reading SAML XML descriptors from file or inline · 1df6f233
  ale authored 5 years ago
  
  1df6f233
- Set default port for saml-server to :5007 · 6182a298
  ale authored 5 years ago
  
  6182a298
- Fix user creation in saml-server package · 1b41e34b
  ale authored 5 years ago
  
  1b41e34b
Aug 01, 2019
- Add SSO group ACLs to the SAML-bridge provider configuration · f20eaef0
  ale authored 5 years ago
  
  One can now restrict providers to specific SSO groups.
  f20eaef0
- Store the session in the http.Request context · 3ec9dca3
  ale authored 5 years ago
  
  Add methods to the httpsso package to retrieve authentication info from the current session (by passing an *http.Request object).
  3ec9dca3
Jul 03, 2019
- Always convert usernames to lowercase in form input · 285b177c
  ale authored 5 years ago
  
  285b177c
Jun 30, 2019
- Update go-common/clientutil · a218499d
  ale authored 5 years ago
  
  a218499d
Jun 28, 2019
- Merge branch 'logo_align' into 'master' · bfbb9a7f
  ale authored 5 years ago
  
  Vertically align SiteLogo with form See merge request !5
  bfbb9a7f
- Vertically align SiteLogo with form · f2262bbe
  godog authored 5 years ago
  
  f2262bbe
Jun 24, 2019
- Merge branch 'master' into 'master' · 4ae2127c
  ale authored 5 years ago
  
  Fix documentation and add missing logo if configured See merge request !4
  4ae2127c
- Merge branch '34-logo' · 454efa6e
  blallo authored 5 years ago
  
  454efa6e
- Add the logo if present in config. · 1033a3fd
  blallo authored 5 years ago
  
  Verified
  
  1033a3fd
Jun 22, 2019
- Allow all headers in CORS requests · d3811907
  ale authored 5 years ago
  
  Temporary workaround if we do not want to maintain a whitelist.
  d3811907
- Add CORS tests · b2b75382
  ale authored 5 years ago
  
  And move the CORS handler only on the homepage endpoint.
  b2b75382
Jun 21, 2019

Always use query args for the / endpoint parameters · 466c1d30

ale authored 5 years ago

This allows eventual future usage of 307 redirects and us accepting
POST requests without having to decode the request body.

466c1d30