Rusty Ross
719ac6e714
update doc for app-id
...
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
Armon Dadgar
03728af495
Merge pull request #464 from bgirardeau/master
...
Add Multi-factor authentication with Duo
2015-07-30 17:51:31 -07:00
Bradley Girardeau
aa55d36f03
Clean up naming and add documentation
2015-07-30 17:36:40 -07:00
Bradley Girardeau
d26b77b4f4
mfa: code cleanup
2015-07-28 11:55:46 -07:00
Bradley Girardeau
6697012dd3
mfa: improve edge cases and documentation
2015-07-27 21:14:00 -07:00
Bradley Girardeau
06863d08f0
mfa: add to userpass backend
2015-07-27 21:14:00 -07:00
Bradley Girardeau
4eb1beb31c
ldap: add mfa support to CLI
2015-07-27 21:14:00 -07:00
Bradley Girardeau
8fa5a349a5
ldap: add mfa to LDAP login
2015-07-27 21:14:00 -07:00
Raymond Pete
1ca09a74b3
name slug check
2015-07-26 22:21:16 -04:00
Bradley Girardeau
e8d26d244b
ldap: change setting user policies to setting user groups
2015-07-20 11:33:39 -07:00
Bradley Girardeau
301a22295d
ldap: add ability to set policies based on username as well as groups
2015-07-14 15:46:15 -07:00
Bradley Girardeau
0e2edc2378
ldap: add ability to login with a userPrincipalName (user@upndomain)
2015-07-14 15:37:46 -07:00
Armon Dadgar
504a7ca7c1
auth/userpass: store password as hash instead of direct. Credit @kenbreeman
2015-07-13 15:09:24 +10:00
Armon Dadgar
da4650ccb4
auth/userpass: protect against timing attack. Credit @kenbreeman
2015-07-13 15:01:18 +10:00
Armon Dadgar
599d5f1431
auth/app-id: protect against timing attack. Credit @kenbreeman
2015-07-13 14:58:18 +10:00
Armon Dadgar
96d6455ef5
audit: properly restore TLS state
2015-07-08 16:45:15 -06:00
Armon Dadgar
0be3d419c8
secret/transit: address PR feedback
2015-07-05 19:58:31 -06:00
Armon Dadgar
8293457633
secret/transit: use base64 for context to allow binary
2015-07-05 14:37:51 -07:00
Armon Dadgar
f0eec18cc7
secret/transit: testing key derivation
2015-07-05 14:30:45 -07:00
Armon Dadgar
143cd0875e
secret/transit: support key derivation in encrypt/decrypt
2015-07-05 14:19:24 -07:00
Armon Dadgar
ae9591004b
secret/transit: check for context for derived keys
2015-07-05 14:12:07 -07:00
Armon Dadgar
b30dbce404
secret/transit: support derived keys
2015-07-05 14:11:02 -07:00
Bradley Girardeau
42050fe77b
ldap: add starttls support and option to specificy ca certificate
2015-07-02 15:49:51 -07:00
Jeff Mitchell
13c5fe0a16
Fix regexes to allow hyphens in role names, as the documentation shows
2015-07-01 20:39:18 -05:00
Armon Dadgar
b52d3e6506
cred/app-id: testing upgrade to salted keys
2015-06-30 18:37:10 -07:00
Armon Dadgar
eeb717c901
cred/app-id: first pass at automatic upgrading to salting
2015-06-30 18:09:08 -07:00
Armon Dadgar
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
Armon Dadgar
5d69e7da90
Updating for backend API change
2015-06-30 17:36:12 -07:00
Armon Dadgar
8bc99f8c23
helper/uuid: single generateUUID definition
2015-06-30 12:38:32 -07:00
Armon Dadgar
3c58773598
Merge pull request #380 from kgutwin/cert-cli
...
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar
b1f7e2f0ea
ldap: fixing merge conflict
2015-06-30 09:40:43 -07:00
Jeff Mitchell
762108d9eb
Put timestamp back into the username. Since Cassandra doesn't support expiration, this can be used by scripts to manually clean up old users if revocation fails for some reason.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 11:15:46 -04:00
Jeff Mitchell
42b90fa9b9
Address some issues from code review.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
Jeff Mitchell
fccbc587c6
A Cassandra secrets backend.
...
Supports creation and deletion of users in Cassandra using flexible CQL queries.
TLS, including client authentication, is supported.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
Karl Gutwin
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
Karl Gutwin
a54ba31635
Merge remote-tracking branch 'upstream/master' into cert-cli
2015-06-30 08:31:00 -04:00
Karl Gutwin
dafcc5b2ce
enable CLI cert login
2015-06-29 23:29:41 -04:00
esell
c0e1843263
change skipsslverify to insecure_tls
2015-06-29 19:23:31 -06:00
Armon Dadgar
12d3aee58e
audit: fixing panic caused by tls connection state. Fixes #322
2015-06-29 17:16:17 -07:00
Armon Dadgar
add8e1a3fd
Fixing merge conflict
2015-06-29 15:19:04 -07:00
Armon Dadgar
337997ab04
Fixing merge conflict
2015-06-29 14:50:55 -07:00
esell
e81f966842
Set SkipSSLVerify default to false, add warning in help message
2015-06-24 13:38:14 -06:00
esell
d3225dae07
cleanup the code a bit
2015-06-24 10:09:29 -06:00
esell
84371ea734
allow skipping SSL verification on ldap auth
2015-06-24 10:05:45 -06:00
Jeff Mitchell
e086879fa3
Merge remote-tracking branch 'upstream/master' into f-pki
2015-06-19 13:01:26 -04:00
Jeff Mitchell
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Nate Brown
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
Jeff Mitchell
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Armon Dadgar
d34861b811
secret/transit: allow policies to be upserted
2015-06-17 18:51:05 -07:00
Armon Dadgar
f53d31a580
secret/transit: Use special endpoint to get underlying keys. Fixes #219
2015-06-17 18:42:23 -07:00