Ryan Richard
1092fc4a9e
Add PR link to LDAP UI proposal
2022-05-16 16:21:17 -07:00
Ryan Richard
dc6874e9cd
Move remaining open q's to answered q's
2022-05-16 16:20:42 -07:00
Ryan Richard
0f2a984308
Merge branch 'main' into ldap-login-ui
2022-05-11 11:32:15 -07:00
Ryan Richard
4101a55001
Update docs for new LDAP/AD browser-based login flow
...
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Ryan Richard
aa732a41fb
Add LDAP browser flow login failure tests to supervisor_login_test.go
...
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e
Add LDAP browser flow login test to supervisor_login_test.go
2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7
Add AD via browser login e2e test and refactor e2e tests to share code
2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d
Extract browsertest.LoginToUpstreamLDAP() integration test helper
2022-05-09 15:43:36 -07:00
Ryan Richard
831abc315e
Update audit log proposal key names and timestamp format
2022-05-09 14:45:18 -07:00
Monis Khan
6bb34130fe
Add asymmetric crypto based client secret generation
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 15:58:52 -04:00
Margo Crawford
22aea6ab9d
Address some small comments to make the doc more understandable
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-09 12:55:32 -07:00
Monis Khan
58f8a10919
Add data model and secret generation alternatives
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 00:05:06 -04:00
Monis Khan
1c4ed8b404
Add recommendation for solving the audience confusion problem
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-06 22:26:59 -04:00
Pinny
afc73221d6
Updated versions in docs for v0.17.0 release
2022-05-06 19:28:56 +00:00
Ryan Richard
4c44f583e9
Don't add pinniped_idp_name pinniped_idp_type params into upstream state
2022-05-06 12:00:46 -07:00
Margo Crawford
408e390094
Add more detail on how we should display errors
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-06 11:00:01 -07:00
Ryan Richard
ec22b5715b
Add Pinniped favicon to login UI page 🦭
2022-05-05 14:46:07 -07:00
Ryan Richard
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
Ryan Richard
00d68845c4
Add --flow
to choose login flow in prepare-supervisor-on-kind.sh
2022-05-05 13:42:23 -07:00
Ryan Richard
cffa353ffb
Login page styling/structure for users, screen readers, passwd managers
...
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
are different from the form_post page
2022-05-05 13:13:25 -07:00
Ryan Richard
6ca7c932ae
Add unit test for rendering form_post response from POST /login
2022-05-05 13:13:25 -07:00
Margo Crawford
b458cd43b9
Merge pull request #1159 from vmware-tanzu/fix-openldap-typo
...
Tiny fix to openldap group name: pinninpeds->pinnipeds
2022-05-05 12:50:43 -07:00
Margo Crawford
07a3faf449
Merge branch 'main' into fix-openldap-typo
2022-05-05 10:51:09 -07:00
Margo Crawford
329d41aac7
Add the full end to end test for ldap web ui
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
Margo Crawford
079908fb50
Update to reflect further conversations we've had
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 13:28:54 -07:00
anjalitelang
1a59b6a686
Update ROADMAP.md
...
Changes made to reflect status as of May 4th, 2022
2022-05-04 16:06:33 -04:00
Margo Crawford
eb891d77a5
Tiny fix: pinninpeds->pinnipeds
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
Ryan Richard
572474605f
Merge pull request #1151 from vmware-tanzu/more_unit_tests_for_ldap_escaping
...
More unit tests for LDAP DNs which contain special chars
2022-05-04 09:49:20 -07:00
Ryan Richard
656f221fb7
Merge branch 'main' into ldap-login-ui
2022-05-04 09:29:15 -07:00
Ryan Richard
a36688573b
Merge pull request #1150 from vmware-tanzu/prepare_supervisor_on_kind_active_directory
...
Support AD in hack/prepare-supervisor-on-kind.sh
2022-05-04 09:16:13 -07:00
Ryan Richard
2e031f727b
Use security headers for the form_post page in the POST /login endpoint
...
Also use more specific test assertions where security headers are
expected. And run the unit tests for the login package in parallel.
2022-05-03 16:46:09 -07:00
Ryan Richard
acc6c50e48
More unit tests for LDAP DNs which contain special chars
...
Adding explicit coverage for PerformRefresh().
2022-05-03 15:43:01 -07:00
Margo Crawford
388cdb6ddd
Fix bug where form was posting to the wrong path
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-03 15:18:38 -07:00
Ryan Richard
eaa87c7628
support AD in hack/prepare-supervisor-on-kind.sh
2022-05-03 12:59:39 -07:00
Ryan Richard
d6e61012c6
Merge pull request #1149 from vmware-tanzu/update_kube_versions
...
Update kube codegen versions
2022-05-02 15:35:49 -07:00
Ryan Richard
cc1f0b8db9
Merge pull request #1148 from vmware-tanzu/ldap_group_search_escape
...
Escape special characters in LDAP DNs when used in search filters
2022-05-02 14:44:45 -07:00
Ryan Richard
90e88bb83c
Update kube codegen versions
...
Note that attempting to update 1.18.18 to 1.18.20 didn't work for some
reason, so I skipped that one. The code generator didn't like 1.18.20
and it deleted all the generated code. Avoiding 1.18.19 because it is
listed as having a regression at
https://kubernetes.io/releases/patch-releases/#non-active-branch-history
2022-05-02 14:33:33 -07:00
Ryan Richard
2ad181c7dd
Merge branch 'main' into ldap_group_search_escape
2022-05-02 13:49:55 -07:00
Mo Khan
ee881aa406
Merge pull request #1146 from enj/enj/i/bump_0007
...
Bump deps to latest and go mod compat to 1.17
2022-05-02 16:44:49 -04:00
Ryan Richard
c74dea6405
Escape special characters in LDAP DNs when used in search filters
2022-05-02 13:37:32 -07:00
Ryan Richard
dfbc33b933
Apply suggestions from code review
...
Co-authored-by: Mo Khan <i@monis.app>
2022-05-02 09:47:09 -07:00
Ryan Richard
69e5169fc5
Implement post_login_handler.go to accept form post and auth to LDAP/AD
...
Also extract some helpers from auth_handler.go so they can be shared
with the new handler.
2022-04-29 16:02:00 -07:00
Ryan Richard
56c8b9f884
Add recommendations to dynamic client proposal
2022-04-29 12:48:03 -07:00
Margo Crawford
646c6ec9ed
Show error message on login page
...
Also add autocomplete attribute and title element
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-29 10:36:13 -07:00
Monis Khan
2cdb55e7da
Bump deps to latest and go mod compat to 1.17
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-28 15:37:51 -04:00
Margo Crawford
453c69af7d
Fix some errors and pass state as form element
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 12:07:04 -07:00
Margo Crawford
07b2306254
Add basic outline of login get handler
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
Margo Crawford
77f016fb64
Allow browser_authcode flow for pinniped login command
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:53:53 -07:00
Margo Crawford
ae60d4356b
Some refactoring of shared code between OIDC and LDAP browser flows
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:51:37 -07:00
Margo Crawford
379a803509
when password header but not username is sent to password grant, error
...
also add more unit tests
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 16:46:58 -07:00