Clement Michaud
66449eedb0
Use username matcher instead of user dn in group filter
...
Previously, string "{0}" was replaced by the user dn in the groups_filter
attributes of the LDAP configuration.
However, if the groups children only have a memberUid attribute, one would
like to use the username instead of the user dn.
Since the user dn can be built from the username, "{0}" is now replaced
by the username instead of the user dn so that an LDAP relying on attribute
'memberUid' can be used.
2017-10-07 14:10:22 +02:00
Clement Michaud
4cd78f3f83
Add SMTP notifier as an available option in configuration
...
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.
Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
2017-09-24 23:20:45 +02:00
Clement Michaud
cf16272a73
Refine access control with per resource ACLs
...
ACLs can now be defined by subdomain AND resource using pattern matching
with regular expressions.
It allows a very fine-grained access control to backend resources.
[Note] For using example environmnent, user must update its /etc/hosts with
new subdomains updated in README.
2017-09-24 21:39:47 +02:00
Clement Michaud
64c06fd6b8
Parameterize authentication regulation via configuration file. Both for flexibility and for testing purposes.
2017-09-03 12:48:35 +02:00
Clement Michaud
20536abf8b
Introduce LDAP filters to search users and groups for more flexibility.
2017-09-02 22:38:26 +02:00
Clement Michaud
c12a085f8e
Replace mocha integration tests by cucumber tests
2017-07-31 22:20:33 +02:00
Clement Michaud
e45ac39c8f
Add Mongo as scalable and resilient storage backend
2017-07-31 00:29:00 +02:00
Clement Michaud
fd59044f5e
Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions
2017-07-19 20:59:39 +02:00
Clement Michaud
8f152d2328
Fix example environment
2017-07-14 19:05:42 +02:00
Clement Michaud
925b58fabc
Add redis option to the express-session middleware
2017-07-13 23:14:31 +02:00
Clement Michaud
e56c2492ed
Fix integration test and package Travis scripts
2017-06-29 13:09:08 +02:00
Clement Michaud
ddf1e48535
Refactor client to make it responsive and testable
2017-06-16 18:16:38 +02:00
Paul Casto
ca918c761c
domain for cookie - issue in example
2017-04-08 19:14:57 -04:00
Clement Michaud
7d21f8d5df
Edit README to make the user add more subdomains in /etc/hosts for testing the example locally
2017-03-25 19:10:59 +01:00
Clement Michaud
b403cfe2f8
Rework the configuration of the access control to allow default policy for certain domains
2017-03-25 18:38:14 +01:00
Clement Michaud
38a4570b24
Edit the README to add an access control section and update the user base
2017-03-25 15:41:11 +01:00
Clement Michaud
e310478e6d
Allow per user access control rules
2017-03-25 15:28:57 +01:00
Clement Michaud
2a73b1a431
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains
2017-03-25 15:17:21 +01:00
Clement Michaud
4b93338bae
Move config adaptation into a module and make it testable
2017-03-22 22:28:54 +01:00
Clement Michaud
c7e4f76b9c
Add an LDAP user search filter in the configuration filte to specify the user attribute to search for in LDAP
2017-03-16 01:25:55 +01:00
Clement Michaud
606ddc7308
Handle SSO over multiple subdomains
2017-03-15 23:07:57 +01:00
Clement Michaud
d29aac78d0
Create a filesystem notifier for simple getting started
2017-01-28 19:59:15 +01:00
Clement Michaud
7e41c68aa7
Remove TOTP password from the configuration
2017-01-28 18:30:07 +01:00
Clement Michaud
05046338ed
Implement password reset
2017-01-27 01:20:03 +01:00
Clement Michaud
320998ef78
Set the level of logs in the config file
2017-01-22 18:18:19 +01:00
Clement Michaud
d3db94105e
Registration process sends an email to allow user to register its U2F device
2017-01-22 17:54:45 +01:00