Commit Graph

34 Commits (3d6fe4451219c70c9766c7f760f7b448dbf69ba3)

Author SHA1 Message Date
James Elliott 5e9d8d6c71
docs: fix missing values (#5497)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 21:51:45 +10:00
James Elliott 32c68804e0
feat(oidc): disable minimum parameter entropy (#5495)
This allows disabling the minimum parameter entropy checks.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-28 11:50:55 +10:00
James Elliott 0a2d849cda
docs: fixes to oidc docs (#5469)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:25:20 +10:00
James Elliott 65f69aeb4e
feat(oidc): jwk selection by id (#5464)
This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-22 21:14:32 +10:00
James Elliott 83c4cb8a94
docs: misc fixes (#5462)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-20 10:11:50 +10:00
James Elliott 65ecfe4b9a
feat(oidc): private_key_jwt client auth (#5280)
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-05-15 10:32:10 +10:00
James Elliott cef374cdc1
feat(oidc): multiple jwk algorithms (#5279)
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 10:03:19 +10:00
James Elliott 1dbfbc5f88
feat(oidc): client_secret_jwt client auth (#5253)
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-15 09:51:59 +10:00
James Elliott fb5c285c25
feat(authentication): suport ldap over unix socket (#5397)
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 16:39:17 +10:00
James Elliott 90d190121d
feat(server): listen on unix sockets (#5038)
This allows listening on unix sockets.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-07 15:48:26 +10:00
James Elliott 4ba1b6465a
docs: add alert for configuration sections (#5380)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-05-04 21:23:15 +10:00
James Elliott 9e8db3c3f3
docs(oidc): faq refresh (#5254)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 22:25:21 +10:00
James Elliott a179775f6f
refactor: misc out of band changes (#5238)
This just implements some changes from feat-settings-ui that are out of scope.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-14 21:42:31 +10:00
James Elliott 3d2da0b070
feat(oidc): client authentication modes (#5150)
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-13 20:58:18 +10:00
James Elliott ff6be40f5e
feat(oidc): pushed authorization requests (#4546)
This implements RFC9126 OAuth 2.0 Pushed Authorization Requests. See https://datatracker.ietf.org/doc/html/rfc9126 for the specification details.
2023-03-06 14:58:50 +11:00
James Elliott e9fd4160e4
docs: add important note for implicit consent (#4901) 2023-02-08 13:51:23 +11:00
James Elliott d1147f9ac4
docs: refactor oidc config docs (#4892) 2023-02-08 01:29:43 +11:00
James Elliott a7ccf3652f
docs: fix rfc references and fix misc issues (#4879) 2023-02-05 18:11:30 +11:00
James Elliott 7e285f461f
docs: add common oidc shortcode and update (#4862) 2023-02-02 12:30:06 +11:00
James Elliott a33b37a9cd
docs: make several openid connect areas uniform (#4824) 2023-01-26 10:59:18 +11:00
James Elliott adaf069eab
feat(oidc): per-client pkce enforcement policy (#4692)
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
James Elliott b4d9e21387
docs: fix misc url issues (#4503) 2022-12-07 20:43:02 +11:00
James Elliott 12e3cd56b1
docs: refactor generator guides (#4244) 2022-10-23 18:09:19 +11:00
James Elliott 9e29295bdf
docs(oidc): adjust client secret information (#4211) 2022-10-20 15:27:09 +11:00
James Elliott 248f1d49d4
feat(oidc): hashed client secrets (#4026)
Allow use of hashed OpenID Connect client secrets.
2022-10-20 14:21:45 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080)
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
James Elliott 6810c91d34
feat(oidc): issuer jwk certificates (#3989)
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
James Elliott a8849f1b9e
docs: misc consistency adjustments (#3904) 2022-08-26 13:26:58 +10:00
Northguy ca423cd1d5
docs: add reference docs for oidc userinfo sig (#3875)
Documenting details userinfo_signing_algorithm. Related to #3869.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-08-26 11:55:48 +10:00
Archef2000 a714190eec
docs: misc grammar fix (#3655)
Corrected gramma in redirection_uris of clients.
2022-07-13 13:44:22 +10:00
James Elliott 352b360a50
docs: update dates (#3615) 2022-06-28 15:27:14 +10:00
James Elliott e2e1d6d30b
docs: update integration guides to reference get started (#3573) 2022-06-22 22:58:23 +10:00
James Elliott b102ebb6bb
docs: improve secrets documentation (#3565)
Improve documentation around secrets.
2022-06-21 19:45:08 +10:00
James Elliott b2c60ef898
feat: major documentation refresh (#3475)
This marks the launch of the new documentation website.
2022-06-15 17:51:47 +10:00