Commit Graph

254 Commits

Author SHA1 Message Date
Ryan Richard
835b8a5333 Update docs to clarify which Supervisor port to expose outside cluster 2023-08-22 10:00:56 -07:00
Benjamin A. Petersen
2891da25f5
blog: clean up tags page 2023-08-15 14:18:48 -04:00
Benjamin A. Petersen
820c565d21
blog: add multiple author support for posts 2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
e5e8c13f23
blog: impersonation-proxy spelling, grammar 2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
b81206c15d
blog: impersonation-proxy post updates 2023-08-14 11:42:26 -04:00
Benjamin A. Petersen
31c144261f
add author to blog list page 2023-08-14 11:42:26 -04:00
Joshua Casey
4d0da0a5b2 Add blog post for v0.25.0 2023-08-10 09:00:16 -05:00
Pinny
8c96616b51 Updated versions in docs for v0.25.0 release 2023-08-09 21:12:41 +00:00
Benjamin A. Petersen
e091cd6180
site: autogenerate new sections on main docs listing page 2023-08-02 13:52:31 -04:00
Benjamin A. Petersen
a71f1f88d9
site: minor text updates 2023-08-02 13:46:51 -04:00
Benjamin A. Petersen
bb670249cf
site: reorganize /howto/idp->/howto/supervisor 2023-08-02 13:22:23 -04:00
Benjamin A. Petersen
f632698568
site: add redirects for old doc links 2023-08-02 12:42:08 -04:00
Benjamin A. Petersen
0c81cdf309
site style: code block tweaks and sidebar menu highlight 2023-08-02 12:09:34 -04:00
Benjamin A. Petersen
fbb5296f68
site sidebar: menu renaming & reorganization 2023-08-02 12:09:33 -04:00
Benjamin A. Petersen
14c353993b
site sidebar: create new How-to sub-heading for IDP config 2023-08-02 12:09:24 -04:00
Joshua Casey
82b39190ba Add How To... Integrate with Auth0 2023-07-28 14:41:06 -05:00
Benjamin A. Petersen
c4f221d778
site css: images on resource page should fit the grid 2023-07-28 14:08:23 -04:00
Ryan Richard
850b4f8510 add AWS blog post to resources page of pinniped.dev 2023-07-27 17:09:04 -05:00
Joshua Casey
52b0cf43ca Fix godoc 2023-07-19 15:47:47 -05:00
Pinny
c3dccbb23d Updated versions in docs for v0.24.0 release 2023-06-01 19:59:23 +00:00
Ryan Richard
4f3c081401
Merge branch 'main' into patch-1 2023-06-01 10:56:11 -07:00
Smeet nagda
c9d54de91a
backtick changes
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-06-01 22:25:24 +05:30
Ryan Richard
d0048595da Add docs for UserAttributeForFilter group search setting 2023-05-31 13:01:17 -07:00
Smeet nagda
6cbfde95ec
command line option. 2023-05-30 23:24:05 +05:30
Ryan Richard
c08ebc622c Add tutorial doc for how to use Supervisor without Concierge 2023-05-09 13:06:02 -07:00
Ryan Richard
e66406ffe2
Merge pull request #1446 from pnbrown/search-update
Update docsearch to v3
2023-04-04 14:56:50 -07:00
Pinny
03a2d603d3 Updated versions in docs for v0.23.0 release 2023-04-04 21:38:59 +00:00
Ryan Richard
a7b4e65521
Merge branch 'main' into search-update 2023-04-04 13:44:22 -07:00
Ryan Richard
eb4254b1c2 Update team members on website 2023-04-03 16:54:10 -07:00
Ryan Richard
19b60fe563 Clarify audience value in Concierge-only auth doc, and other doc updates
Also renamed a couple of integration test files to make their names
more clear.
2023-04-03 16:54:10 -07:00
Jamie Klassen
6ee05611a1
use apiGroup without version in webapp auth howto 2023-03-16 15:51:17 -04:00
Nigel Brown
241a3a6cfb Update docsearch to v3
Update docsearch to v3

Signed-off-by: Nigel Brown <nigelb@vmware.com>
2023-03-06 14:56:02 -06:00
Joshua Casey
6d39b81b8f Website now displays that it does not use cookies.
[#183755195]

Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-26 17:09:57 -06:00
Joshua Casey
5005f94ebb Standardize video resource attribution and dates
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-20 12:14:00 -06:00
Joshua Casey
15d700a41c Add video to website resources - 'Sharing is NOT Caring'
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-20 12:13:54 -06:00
Pinny
044cbd0325 Updated versions in docs for v0.22.0 release 2023-01-20 05:17:45 +00:00
Pinny
f691baec74 Updated versions in docs for v0.21.0 release 2022-12-21 13:12:06 +00:00
rooso
3548362ce4
Update example configuration for Active Directory
there was an typo in the example configuration for Microsoft Active Directory. Attribute was `userPrincipleName` but should be `userPrincipalName`
2022-10-20 14:34:12 +02:00
Benjamin A. Petersen
265c63fa54
Update site footer and maintainers page
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-27 16:13:55 -04:00
Pinny
2995e6a48c Updated versions in docs for v0.20.0 release 2022-09-27 17:16:32 +00:00
Ryan Richard
a7eb16dde1
Merge pull request #1255 from vmware-tanzu/dynamic_clients_docs
Add docs for dynamic clients
2022-09-22 12:34:17 -07:00
Ryan Richard
b46a2f0267 Add more details about OIDCClients to configure-auth-for-webapps.md
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-22 12:31:31 -07:00
Ryan Richard
3a7b373a7d Add OIDCClientSecretRequest to code-walkthrough.md
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-22 11:26:17 -07:00
Ryan Richard
7c247e9000 Merge branch 'main' into dynamic_clients 2022-09-15 12:00:41 -07:00
Pinny
4441ac0600 Updated versions in docs for v0.19.0 release 2022-08-26 20:08:48 +00:00
Ryan Richard
02a27e0186 Add docs for dynamic clients 2022-08-11 14:35:18 -07:00
Ryan Richard
22fbced863 Create username scope, required for clients to get username in ID token
- For backwards compatibility with older Pinniped CLIs, the pinniped-cli
  client does not need to request the username or groups scopes for them
  to be granted. For dynamic clients, the usual OAuth2 rules apply:
  the client must be allowed to request the scopes according to its
  configuration, and the client must actually request the scopes in the
  authorization request.
- If the username scope was not granted, then there will be no username
  in the ID token, and the cluster-scoped token exchange will fail since
  there would be no username in the resulting cluster-scoped ID token.
- The OIDC well-known discovery endpoint lists the username and groups
  scopes in the scopes_supported list, and lists the username and groups
  claims in the claims_supported list.
- Add username and groups scopes to the default list of scopes
  put into kubeconfig files by "pinniped get kubeconfig" CLI command,
  and the default list of scopes used by "pinniped login oidc" when
  no list of scopes is specified in the kubeconfig file
- The warning header about group memberships changing during upstream
  refresh will only be sent to the pinniped-cli client, since it is
  only intended for kubectl and it could leak the username to the
  client (which may not have the username scope granted) through the
  warning message text.
- Add the user's username to the session storage as a new field, so that
  during upstream refresh we can compare the original username from the
  initial authorization to the refreshed username, even in the case when
  the username scope was not granted (and therefore the username is not
  stored in the ID token claims of the session storage)
- Bump the Supervisor session storage format version from 2 to 3
  due to the username field being added to the session struct
- Extract commonly used string constants related to OIDC flows to api
  package.
- Change some import names to make them consistent:
  - Always import github.com/coreos/go-oidc/v3/oidc as "coreosoidc"
  - Always import go.pinniped.dev/generated/latest/apis/supervisor/oidc
    as "oidcapi"
  - Always import go.pinniped.dev/internal/oidc as "oidc"
2022-08-08 16:29:22 -07:00
Ryan Richard
8c7fbd2c0c pause community meeting for a little while 2022-07-25 12:07:18 -07:00
Monis Khan
1e56968491
Update current maintainers ✌️👋🫡
Signed-off-by: Monis Khan <mok@vmware.com>
2022-07-21 18:07:54 -04:00
Ryan Richard
484c8f4bf3
Merge pull request #1183 from anjaltelang/main
Blog for v0.18.0
2022-06-08 15:14:31 -07:00