djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Pinniped is the easy, secure way to log in to your Kubernetes clusters.
3,035 Commits 30 Branches 34 Tags 22 MiB
Go 97.3%
Shell 1.3%
HTML 0.5%
SCSS 0.5%
CSS 0.2%
Other 0.1%
0bb2c7beb7
Go to file
Ryan Richard 0bb2c7beb7 Always add the azp claim to ID tokens to show the original client ID 
When the token exchange grant type is used to get a cluster-scoped
ID token, the returned token has a new audience value. The client ID
of the client which performed the authorization was lost. This didn't
matter before, since the only client was `pinniped-cli`, but now that
dynamic clients can be registered, the information would be lost in the
cluster-scoped ID token. It could be useful for logging, tracing, or
auditing, so preserve the information by putting the client ID into the
`azp` claim in every ID token (authcode exchange, clsuter-scoped, and
refreshed ID tokens).
2022-08-09 16:07:23 -07:00
.github Run CodeQL on dynamic_clients branch 2022-06-06 16:41:38 -04:00
apis Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
cmd get kubeconfig cmd errors on audience values with reserved substring 2022-08-09 09:12:25 -07:00
deploy Configure printer columns for OIDCClient CRD 2022-07-21 16:40:03 -07:00
generated Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
hack Merge branch 'main' into dynamic_clients 2022-07-26 09:31:18 -07:00
internal Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
pkg Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
proposals Merge pull request #1126 from vmware-tanzu/dynamic_clients_proposal 2022-07-26 09:27:37 -07:00
public added search functionality to docs on Pinniped.dev 2021-04-09 10:58:39 -05:00
site Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
test Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
.dockerignore dockerignore gets same contents as gitignore 2021-07-26 11:28:25 -07:00
.gitattributes Target hack/Dockerfile_fips correctly 2022-04-06 15:32:08 -04:00
.gitignore dockerignore gets same contents as gitignore 2021-07-26 11:28:25 -07:00
.golangci.yaml Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
.pre-commit-config.yaml Introduce FIPS compatibility 2022-03-29 16:58:41 -07:00
ADOPTERS.md Add OK a.m.b.a. to adopters.md file 2021-04-14 18:38:11 -05:00
CODE_OF_CONDUCT.md Rename the CoC and contributor guide to the names GitHub recognizes. 2020-10-02 15:53:48 -05:00
CONTRIBUTING.md pause community meeting for a little while 2022-07-25 12:07:18 -07:00
Dockerfile Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 2022-06-07 15:26:30 -04:00
go.mod Bump all deps to latest 2022-06-07 15:26:30 -04:00
go.sum Bump all deps to latest 2022-06-07 15:26:30 -04:00
GOVERNANCE.md Auto-format GOVERNANCE.md 2022-02-17 10:08:37 -08:00
LICENSE Add Apache 2.0 license. 2020-07-06 13:50:31 -05:00
MAINTAINERS.md Update current maintainers ✌️👋🫡 2022-07-21 18:07:54 -04:00
README.md pause community meeting for a little while 2022-07-25 12:07:18 -07:00
ROADMAP.md pause community meeting for a little while 2022-07-25 12:07:18 -07:00
SCOPE.md Move scope doc out of website to SCOPE.md. 2021-02-23 11:11:07 -06:00
SECURITY.md SECURITY.md: follow established pattern 2021-02-09 09:08:19 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

To learn more, please visit the Pinniped project's website, https://pinniped.dev.

Getting started with Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.

Contributions

Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.

Want to get involved? Contributions are welcome.

Please see the contributing guide for more information about reporting bugs, requesting features, building and testing the code, submitting PRs, and other contributor topics.

Adopters

Some organizations and products using Pinniped are featured in ADOPTERS.md. Add your own organization or product here.

Reporting security vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.