Joseph Schorr
2214a2c7ad
Disable fresh login check in auth engines that won't support it
2018-01-04 15:27:41 -05:00
Joseph Schorr
524d77f527
Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password
2018-01-04 15:27:41 -05:00
Joseph Schorr
503cff8f0c
Don't add a "password required" notification for non-database auth via OIDC
2017-11-13 16:17:36 -05:00
Evan Cordell
1d246784dd
Include invalid oidc token in the error message for debugging
2017-09-12 12:26:42 -04:00
Joseph Schorr
e724125459
Add support for using OIDC tokens via the Docker CLI
2017-09-12 12:23:22 -04:00
Joseph Schorr
0dfb6806e3
Add ping method to auth engines to determine if they are reachable
2017-07-19 16:16:41 +03:00
Joseph Schorr
bd22fb255e
Rename get_federated_user to get_and_link_federated_user_info
...
Better to be explicit wherever possible
2017-04-03 11:36:42 -04:00
Joseph Schorr
eeadeb9383
Initial interfaces and support for team syncing worker
2017-04-03 11:31:29 -04:00
Joseph Schorr
ecfac81721
Add check_group_lookup_args and service_metadata to auth providers
2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d
Initial LDAP group member iteration support
...
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
2017-04-03 11:31:28 -04:00
Joseph Schorr
e2efb6c458
Add default and configurable LDAP timeouts
...
Fixes https://www.pivotaltracker.com/story/show/135885019
2016-12-19 11:53:06 -05:00
Joseph Schorr
d7f56350a4
Make email addresses optional in external auth if email feature is turned off
...
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-10-31 13:50:24 -04:00
Joseph Schorr
b3d1d7227c
Add support to Keystone Auth for external user linking
...
Also adds Keystone V3 support
2016-10-27 15:42:03 -04:00
Joseph Schorr
fbb524e34e
Add support to ExternalJWT Auth for external user linking
2016-10-27 15:42:03 -04:00
Joseph Schorr
d145222812
Add support for linking to external users in entity search
2016-10-27 15:42:03 -04:00
Joseph Schorr
fd770422bb
Add configurable timeout and debug flags to Keystone users
...
Fixes #1855
2016-09-22 18:25:02 -04:00
Joseph Schorr
241ebaa084
Fix typo
2016-07-07 15:06:29 -04:00
Joseph Schorr
adaeeba5d0
Allow for multiple user RDNs in LDAP
...
Fixes #1600
2016-07-07 14:46:38 -04:00
Joseph Schorr
66ec1d81ce
Switch to install custom LDAP cert by name
2016-06-21 15:10:26 -04:00
Joseph Schorr
60bbca2185
Fix setup tool when binding to external auth
...
We now query the external auth provider for the external service's identifier before adding the linking row into the database. This fixes the case where the external service resolves a different identifier for the same username.
Fixes #1477
2016-05-23 17:11:36 -04:00
Joseph Schorr
42515ed9ec
Add additional options for LDAP
...
Fixes #1420
2016-05-04 13:59:20 -04:00
Jake Moshenko
18100be481
Refactor the util directory to use subpackages.
2015-08-03 16:04:19 -04:00
Joseph Schorr
38a6b3621c
Automatically link the superuser account to federated service for auth
...
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
2015-07-22 13:37:23 -04:00
Joseph Schorr
33b54218cc
Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials
method which only does the verification, without the linking. We use this in the superuser verification pass
2015-07-20 11:39:59 -04:00