Commit graph

336 commits

Author SHA1 Message Date
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
Jeff Mitchell 133380915a Disallow non-client X509 key usages for client TLS cert authentication. 2015-08-20 15:50:47 -07:00
Armon Dadgar d1a09e295a Merge pull request #509 from ekristen/github-fix
Reimplements #459
2015-08-11 10:06:10 -07:00
Erik Kristensen 611965844b reimplements #459 2015-08-09 11:25:45 -06:00
Michael S. Fischer 21ab4d526c Provide working example of TLS certificate authentication
Fixes #474
2015-08-07 15:15:53 -07:00
Erik Kristensen 26387f6535 remove newline 2015-08-03 16:34:24 -06:00
Erik Kristensen f9c49f4a57 fix bug #488 2015-08-03 15:47:30 -06:00
Rusty Ross 719ac6e714 update doc for app-id
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master
Add Multi-factor authentication with Duo
2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Bradley Girardeau d26b77b4f4 mfa: code cleanup 2015-07-28 11:55:46 -07:00
Bradley Girardeau 6697012dd3 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau 06863d08f0 mfa: add to userpass backend 2015-07-27 21:14:00 -07:00
Bradley Girardeau 4eb1beb31c ldap: add mfa support to CLI 2015-07-27 21:14:00 -07:00
Bradley Girardeau 8fa5a349a5 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Raymond Pete 1ca09a74b3 name slug check 2015-07-26 22:21:16 -04:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau 301a22295d ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar 504a7ca7c1 auth/userpass: store password as hash instead of direct. Credit @kenbreeman 2015-07-13 15:09:24 +10:00
Armon Dadgar da4650ccb4 auth/userpass: protect against timing attack. Credit @kenbreeman 2015-07-13 15:01:18 +10:00
Armon Dadgar 599d5f1431 auth/app-id: protect against timing attack. Credit @kenbreeman 2015-07-13 14:58:18 +10:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar b52d3e6506 cred/app-id: testing upgrade to salted keys 2015-06-30 18:37:10 -07:00
Armon Dadgar eeb717c901 cred/app-id: first pass at automatic upgrading to salting 2015-06-30 18:09:08 -07:00
Armon Dadgar 4b27e4d8c5 Remove SetLogger, and unify on framework.Setup 2015-06-30 17:45:20 -07:00
Armon Dadgar 5d69e7da90 Updating for backend API change 2015-06-30 17:36:12 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar b1f7e2f0ea ldap: fixing merge conflict 2015-06-30 09:40:43 -07:00
Karl Gutwin 0062d923cc Better error messages. 2015-06-30 08:59:38 -04:00
Karl Gutwin a54ba31635 Merge remote-tracking branch 'upstream/master' into cert-cli 2015-06-30 08:31:00 -04:00
Karl Gutwin dafcc5b2ce enable CLI cert login 2015-06-29 23:29:41 -04:00
esell c0e1843263 change skipsslverify to insecure_tls 2015-06-29 19:23:31 -06:00
Armon Dadgar 337997ab04 Fixing merge conflict 2015-06-29 14:50:55 -07:00
esell e81f966842 Set SkipSSLVerify default to false, add warning in help message 2015-06-24 13:38:14 -06:00
esell d3225dae07 cleanup the code a bit 2015-06-24 10:09:29 -06:00
esell 84371ea734 allow skipping SSL verification on ldap auth 2015-06-24 10:05:45 -06:00
Armon Dadgar 45d3c512fb builtin: fixing API change in logical framework 2015-06-17 14:34:11 -07:00
Mitchell Hashimoto 4bf84392ec credential/github: get rid of stray tab 2015-06-16 10:05:51 -07:00
Mitchell Hashimoto 0ecf05c043 command/auth, github: improve cli docs
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Christian Svensson e3d3012795 Record the common name in TLS metadata
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.

This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Ian Unruh 2e1bce27a9 Allow dot in LDAP login username 2015-05-20 11:54:15 -07:00
Armon Dadgar cc966d6b52 auth/cert: Guard against empty certs. Fixes #214 2015-05-18 16:11:09 -07:00
Armon Dadgar 56659a2db2 cred/app-id: ensure consistent error message 2015-05-15 11:45:57 -07:00
Armon Dadgar 8cff23f29b cred/app-id: stricter validation and error messaging 2015-05-15 11:40:45 -07:00
Jonathan Sokolowski 6746a24c78 credential/app-id: Test DeleteOperation 2015-05-14 22:30:02 +10:00
Etourneau Gwenn a3fe4b889f Fix Error message 2015-05-12 14:32:09 +09:00
Mitchell Hashimoto 1ca0b2340c credential/app-id: add hash of user/app ID to metadata for logs 2015-05-11 10:46:11 -07:00
Mitchell Hashimoto 5406d3189e Merge pull request #184 from hashicorp/b-github-casing
credential/github: case insensitive mappings
2015-05-11 10:27:45 -07:00
Mitchell Hashimoto 5c63b70eea logical/framework: PathMap is case insensitive by default 2015-05-11 10:27:04 -07:00
Mitchell Hashimoto 4e861f29bc credential/github: case insensitive mappings 2015-05-11 10:24:39 -07:00
Giovanni Bajo 8156b88353 auth/ldap: move password into InternalData 2015-05-09 22:06:34 +02:00
Giovanni Bajo 84388b2b20 auth/ldap: move username into the path (to allow per-user revokation on the path) 2015-05-09 22:06:28 +02:00
Giovanni Bajo 5e899e7de2 auth/ldap: fix pasto 2015-05-09 22:06:22 +02:00
Giovanni Bajo 1e1219dfcc auth/ldap: implement login renew 2015-05-09 22:04:20 +02:00
Giovanni Bajo a0f53f177c auth/ldap: document LDAP server used in tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo b4093e2ddf auth/ldap: add acceptance tests 2015-05-09 22:04:20 +02:00
Giovanni Bajo 02d3b1c74c auth/ldap: add support for groups with unique members 2015-05-09 22:04:20 +02:00
Giovanni Bajo c313ff2802 auth/ldap: implement authorization via LDAP groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo dc6b4ab9db auth/ldap: add configuration path for groups 2015-05-09 22:04:20 +02:00
Giovanni Bajo 7e39da2e67 Attempt connection to LDAP server at login time.
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
2015-05-09 22:04:19 +02:00
Giovanni Bajo 7492c5712a Initial implementation of the LDAP credential backend 2015-05-09 22:04:19 +02:00
Seth Vargo f3c3f4717a Remove references to -var 2015-05-08 11:45:29 -04:00
Armon Dadgar a6a4bee2ee cred/app-id: Add help synopsis to login path 2015-05-07 15:45:43 -07:00
Seth Vargo 04015fdf55 Fix output from GitHub help 2015-05-07 14:13:12 -04:00
Trevor Pounds 582677b134 Fix documentation typo. 2015-04-28 22:15:56 -07:00
Armon Dadgar 9087471bad credential/cert: support leasing and renewal 2015-04-24 12:58:39 -07:00
Armon Dadgar 3a9e20748b credential/cert: default display name 2015-04-24 10:52:17 -07:00
Armon Dadgar 7b4ceeb7e6 credential/cert: more validation on cert setup 2015-04-24 10:39:44 -07:00
Armon Dadgar d57c8ea0f0 credential/cert: return logical error if invalid 2015-04-24 10:36:25 -07:00
Armon Dadgar ae272b83ce credential/cert: major refactor 2015-04-24 10:31:57 -07:00
Armon Dadgar 28b18422b7 credential/cert: First pass at public key credential backend 2015-04-23 21:46:21 -07:00
Mitchell Hashimoto 0b7e7190b5 credentials/userpass: integrate into auth cli 2015-04-19 15:17:24 -07:00
Mitchell Hashimoto c5cadc026d credential/userpass: renewal 2015-04-19 15:12:50 -07:00
Mitchell Hashimoto 0ae9eadfd3 credential/userpass: help 2015-04-19 15:07:11 -07:00
Mitchell Hashimoto 0aec679bb4 credential/userpass: login 2015-04-19 15:06:29 -07:00
Mitchell Hashimoto fedda20c41 credential/userpass: configuring users 2015-04-19 14:59:30 -07:00
Mitchell Hashimoto 20324a0c9c website: more auth 2015-04-18 13:45:50 -07:00
Mitchell Hashimoto f7a1b2ced9 credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 10:14:39 -07:00
Mitchell Hashimoto e643b48235 credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 10:01:03 -07:00
Mitchell Hashimoto 37af1683c6 credential/*: adhere to new API 2015-04-17 09:40:28 -07:00
Armon Dadgar cf2faa06ae credential/github: Set the github username as the display name 2015-04-15 14:30:46 -07:00
Mitchell Hashimoto 62f4d1dd0e credential/github: CLI handler 2015-04-06 09:53:43 -07:00
Mitchell Hashimoto 569991fcc5 credential/app-id 2015-04-04 18:41:49 -07:00
Mitchell Hashimoto 606b3dbff9 credential/github: improve help 2015-04-04 12:18:33 -07:00
Mitchell Hashimoto 12a75dd304 credential/github: auth with github 2015-04-01 15:46:37 -07:00