Eugene
4afa979de2
bump rust some more
2024-07-16 10:40:27 +02:00
Eugene
72236d004a
fixed #748 - per-protocol external ports ( #973 )
2024-03-26 10:16:22 +01:00
Eugene
47c943d201
lint
2024-03-23 12:24:52 +01:00
Skyler Mansfield
916d51a4e8
Add support for role mappings on custom SSO providers. ( #920 )
...
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers:
- name: custom_sso
label: Custom SSO
provider:
type: custom
client_id: <client_id>
client_secret: <client_secret>
issuer_url: <issuer_url>
scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
role_mappings:
- ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.
This [video on YouTube](https://youtu.be/XCYSGGCgk9Q ) demonstrates the
functionality
---------
Co-authored-by: Eugene <inbox@null.page>
2024-03-23 12:05:12 +01:00
Eugene
bcba6763ae
cargo fmt
2024-03-04 10:15:27 +01:00
Eugene
ea07658f0b
fixed test
2024-02-04 21:09:26 +01:00
Néfix Estrada
0ddc7979ea
feat(http): add remote_addr to logs
...
With this change, the remote address will be logged. This enables other
software, such as fail2ban, to monitor the logs and make actions if
required.
Closes #944
2024-02-04 21:03:33 +01:00
Eugene
2d6621f5c8
bumped rust
2024-01-23 12:05:59 +01:00
Nicolas SEYS
8c1dab63c5
Move session and cookie age in http config section
2023-11-29 11:03:17 +01:00
Nicolas SEYS
21d6ab4beb
Make session and cookie age configurable
2023-11-29 11:03:17 +01:00
Eugene
6cace24fe8
lint
2023-11-23 19:40:53 +01:00
Eugene
b346ca3d0b
don't suggest public key auth in the web auth API
2023-11-23 19:36:05 +01:00
Eugene
e3b26b2699
fixed GHSA-c94j-vqr5-3mxr - privilege escalation during web auth
2023-11-23 18:35:27 +01:00
Skyler Mansfield
d9af7470a4
Add better support for X-Forward- headers when constructing external url
2023-11-16 19:53:14 +01:00
Skyler Mansfield
b0a9130a51
Add support for trusting X-Forwarded-For header to get client IP
...
falls back to remote ip if header unavailable
2023-11-16 19:53:14 +01:00
Nicolas SEYS
dec0b97a0d
Fix redirection with a relative location
2023-09-26 15:53:51 +02:00
Eugene Pankov
d9385ca44b
lint
2023-08-08 21:06:01 +02:00
Eugene Pankov
49b92cde7a
fixed #855 - log client IPs and credentials used
2023-08-08 09:56:41 +02:00
Eugene Pankov
0bc9ae1b1a
fixed #854 - show session details during OOB auth
2023-08-07 22:28:15 +02:00
Eugene Pankov
8173f6512a
fixed GHSA-868r-97g5-r9g4 - insufficient authentication for SSO users
2023-07-07 20:41:00 +02:00
Eugene Pankov
a38fd2bbb1
ui: added search boxes - #761
2023-05-18 21:59:26 +02:00
Eugene Pankov
f13a22f4d0
fixed #747 - don't include port in x-forwarded-for
2023-04-24 08:49:34 -07:00
Cléo REBERT
86daf9f38e
Fix build after cargo update
...
* Fix project not building after `cargo update`
* Bump totp-rs from 3.x to 5.x
* Bump sea-orm to 0.10 to 0.11
* Remove `chrono` unused features to get rid of warning during `cargo audit`
2023-04-19 10:59:19 +02:00
Eugene Pankov
eb13e71fb3
bumped rust
2023-01-11 12:59:27 +01:00
Eugene Pankov
1d34e5e4e2
lint
2022-12-14 22:10:35 +01:00
Eugene Pankov
468f4c6582
lint, removed DHAT
2022-11-21 22:01:14 +01:00
Eugene Pankov
8087179ea0
Revert "fixed openapi operation IDs"
...
This reverts commit 9b58dbc0c8
.
2022-11-08 22:32:35 +01:00
Eugene Pankov
9b58dbc0c8
fixed openapi operation IDs
2022-11-08 11:48:38 +01:00
Eugene Pankov
2b7baac016
lint, removed lazy_static
2022-11-03 23:44:51 +01:00
Eugene Pankov
42f9c68788
bumped rust
2022-11-03 23:10:51 +01:00
Eugene Pankov
6f39338c36
fixed #406 - construct correct SSO URLs behind a reverse proxy
2022-10-31 23:35:07 +01:00
Eugene Pankov
512396ffb4
#406 - apple id redirection fixes
2022-10-29 20:51:29 +02:00
Eugene Pankov
5bdddd3958
allow cancelling authentication
2022-10-02 20:02:05 +02:00
Eugene Pankov
04e5ecf5cb
#353 - forbid HTTP caching for API endpoints
2022-09-21 20:37:05 +03:00
Eugene Pankov
900426cc75
bumped poem
2022-09-13 22:56:26 +02:00
Eugene Pankov
5ddc260262
Remote port and X11 forwarding - fixes #11 , fixes #12
2022-09-04 12:06:09 +02:00
Eugene Pankov
a2bbc1690e
lint
2022-09-02 15:57:34 +02:00
Eugene Pankov
51df7083de
database config provider
2022-09-02 14:00:08 +02:00
Eugene Pankov
c74dc77700
added the missing host header
2022-08-26 00:10:03 +02:00
Eugene Pankov
b0866d296b
fixed #274 - don't pass through the Host header
2022-08-25 23:28:49 +02:00
Eugene
067250652d
Synchronize some ssh ops between client and target ( #271 )
2022-08-21 23:30:06 +02:00
Eugene Pankov
52edf524ae
fixed infinite redirect ( #257 )
2022-08-15 09:39:49 +02:00
Eugene Pankov
ccabfb1546
don't rewrite cookie domain for target cookies
2022-08-11 21:54:21 +02:00
Eugene Pankov
ee1a4650dd
log unknown usernames accordingly
2022-08-09 23:30:56 +02:00
Eugene
c6885f18c3
Out-of-band SSO ( #245 )
2022-08-08 23:30:18 +02:00
Eugene Pankov
1271dee26d
test driven fixes
2022-08-06 00:55:30 +02:00
Eugene
f7bb12e44d
OIDC login support ( #222 )
2022-08-05 20:04:40 +02:00
Eugene Pankov
8ea3250d4b
fixed #196 - HTTP tickets support
2022-07-30 18:40:03 +02:00
Eugene Pankov
112a6581f0
added test-target support for HTTP and MySQL targets
2022-07-29 20:02:10 +02:00
Eugene Pankov
9af4de71c5
http: set cookies for all subdomains
2022-07-27 21:10:59 +02:00