Ryan Richard
dc6874e9cd
Move remaining open q's to answered q's
2022-05-16 16:20:42 -07:00
Ryan Richard
0f2a984308
Merge branch 'main' into ldap-login-ui
2022-05-11 11:32:15 -07:00
Ryan Richard
4101a55001
Update docs for new LDAP/AD browser-based login flow
...
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Ryan Richard
aa732a41fb
Add LDAP browser flow login failure tests to supervisor_login_test.go
...
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e
Add LDAP browser flow login test to supervisor_login_test.go
2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7
Add AD via browser login e2e test and refactor e2e tests to share code
2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d
Extract browsertest.LoginToUpstreamLDAP() integration test helper
2022-05-09 15:43:36 -07:00
Ryan Richard
831abc315e
Update audit log proposal key names and timestamp format
2022-05-09 14:45:18 -07:00
Monis Khan
6bb34130fe
Add asymmetric crypto based client secret generation
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 15:58:52 -04:00
Margo Crawford
22aea6ab9d
Address some small comments to make the doc more understandable
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-09 12:55:32 -07:00
Monis Khan
58f8a10919
Add data model and secret generation alternatives
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 00:05:06 -04:00
Monis Khan
1c4ed8b404
Add recommendation for solving the audience confusion problem
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-06 22:26:59 -04:00
Pinny
afc73221d6
Updated versions in docs for v0.17.0 release
2022-05-06 19:28:56 +00:00
Ryan Richard
4c44f583e9
Don't add pinniped_idp_name pinniped_idp_type params into upstream state
2022-05-06 12:00:46 -07:00
Margo Crawford
408e390094
Add more detail on how we should display errors
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-06 11:00:01 -07:00
Ryan Richard
ec22b5715b
Add Pinniped favicon to login UI page 🦭
2022-05-05 14:46:07 -07:00
Ryan Richard
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
Ryan Richard
00d68845c4
Add --flow
to choose login flow in prepare-supervisor-on-kind.sh
2022-05-05 13:42:23 -07:00
Ryan Richard
cffa353ffb
Login page styling/structure for users, screen readers, passwd managers
...
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
are different from the form_post page
2022-05-05 13:13:25 -07:00
Ryan Richard
6ca7c932ae
Add unit test for rendering form_post response from POST /login
2022-05-05 13:13:25 -07:00
Margo Crawford
b458cd43b9
Merge pull request #1159 from vmware-tanzu/fix-openldap-typo
...
Tiny fix to openldap group name: pinninpeds->pinnipeds
2022-05-05 12:50:43 -07:00
Margo Crawford
07a3faf449
Merge branch 'main' into fix-openldap-typo
2022-05-05 10:51:09 -07:00
Margo Crawford
329d41aac7
Add the full end to end test for ldap web ui
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
Margo Crawford
079908fb50
Update to reflect further conversations we've had
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 13:28:54 -07:00
anjalitelang
1a59b6a686
Update ROADMAP.md
...
Changes made to reflect status as of May 4th, 2022
2022-05-04 16:06:33 -04:00
Margo Crawford
eb891d77a5
Tiny fix: pinninpeds->pinnipeds
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
Ryan Richard
572474605f
Merge pull request #1151 from vmware-tanzu/more_unit_tests_for_ldap_escaping
...
More unit tests for LDAP DNs which contain special chars
2022-05-04 09:49:20 -07:00
Ryan Richard
656f221fb7
Merge branch 'main' into ldap-login-ui
2022-05-04 09:29:15 -07:00
Ryan Richard
a36688573b
Merge pull request #1150 from vmware-tanzu/prepare_supervisor_on_kind_active_directory
...
Support AD in hack/prepare-supervisor-on-kind.sh
2022-05-04 09:16:13 -07:00
Ryan Richard
2e031f727b
Use security headers for the form_post page in the POST /login endpoint
...
Also use more specific test assertions where security headers are
expected. And run the unit tests for the login package in parallel.
2022-05-03 16:46:09 -07:00
Ryan Richard
acc6c50e48
More unit tests for LDAP DNs which contain special chars
...
Adding explicit coverage for PerformRefresh().
2022-05-03 15:43:01 -07:00
Margo Crawford
388cdb6ddd
Fix bug where form was posting to the wrong path
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-03 15:18:38 -07:00
Ryan Richard
eaa87c7628
support AD in hack/prepare-supervisor-on-kind.sh
2022-05-03 12:59:39 -07:00
Ryan Richard
d6e61012c6
Merge pull request #1149 from vmware-tanzu/update_kube_versions
...
Update kube codegen versions
2022-05-02 15:35:49 -07:00
Ryan Richard
cc1f0b8db9
Merge pull request #1148 from vmware-tanzu/ldap_group_search_escape
...
Escape special characters in LDAP DNs when used in search filters
2022-05-02 14:44:45 -07:00
Ryan Richard
90e88bb83c
Update kube codegen versions
...
Note that attempting to update 1.18.18 to 1.18.20 didn't work for some
reason, so I skipped that one. The code generator didn't like 1.18.20
and it deleted all the generated code. Avoiding 1.18.19 because it is
listed as having a regression at
https://kubernetes.io/releases/patch-releases/#non-active-branch-history
2022-05-02 14:33:33 -07:00
Ryan Richard
2ad181c7dd
Merge branch 'main' into ldap_group_search_escape
2022-05-02 13:49:55 -07:00
Mo Khan
ee881aa406
Merge pull request #1146 from enj/enj/i/bump_0007
...
Bump deps to latest and go mod compat to 1.17
2022-05-02 16:44:49 -04:00
Ryan Richard
c74dea6405
Escape special characters in LDAP DNs when used in search filters
2022-05-02 13:37:32 -07:00
Ryan Richard
dfbc33b933
Apply suggestions from code review
...
Co-authored-by: Mo Khan <i@monis.app>
2022-05-02 09:47:09 -07:00
Ryan Richard
69e5169fc5
Implement post_login_handler.go to accept form post and auth to LDAP/AD
...
Also extract some helpers from auth_handler.go so they can be shared
with the new handler.
2022-04-29 16:02:00 -07:00
Ryan Richard
56c8b9f884
Add recommendations to dynamic client proposal
2022-04-29 12:48:03 -07:00
Margo Crawford
646c6ec9ed
Show error message on login page
...
Also add autocomplete attribute and title element
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-29 10:36:13 -07:00
Monis Khan
2cdb55e7da
Bump deps to latest and go mod compat to 1.17
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-28 15:37:51 -04:00
Margo Crawford
453c69af7d
Fix some errors and pass state as form element
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 12:07:04 -07:00
Margo Crawford
07b2306254
Add basic outline of login get handler
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
Margo Crawford
77f016fb64
Allow browser_authcode flow for pinniped login command
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:53:53 -07:00
Margo Crawford
ae60d4356b
Some refactoring of shared code between OIDC and LDAP browser flows
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:51:37 -07:00
Margo Crawford
379a803509
when password header but not username is sent to password grant, error
...
also add more unit tests
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 16:46:58 -07:00
Ryan Richard
65eed7e742
Implement login_handler.go to defer to other handlers
...
The other handlers for GET and POST requests are not yet implemented in
this commit. The shared handler code in login_handler.go takes care of
things checking the method, checking the CSRF cookie, decoding the state
param, and adding security headers on behalf of both the GET and POST
handlers.
Some code has been extracted from callback_handler.go to be shared.
2022-04-26 15:37:30 -07:00