warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2025-09-09 16:14:25 +08:00
Code Issues Projects Releases Packages Wiki Activity
903 commits 35 branches 53 tags 9.2 MiB
Commit graph

72 commits

Author SHA1 Message Date
Eugene
32e7e3a14d
Bump version: 0.15.0 → 0.16.0 2025-08-04 14:27:52 +02:00
Eugene
3178ac7810
fixed #1404 - SSO user autocreation not working with Entra ID (#1406) 2025-07-04 00:27:40 +02:00
Eugene
009a601de7
Bump version: 0.14.1 → 0.15.0-beta.1 2025-07-02 09:23:04 +02:00
Eugene
aa13534dc5
Bump version: 0.14.0 → 0.14.1 2025-06-05 10:29:16 +02:00
Eugene
fa0a0d19be
Disable default dep features (#1364) 2025-06-04 10:12:02 +02:00
Eugene
450b3066d8
dependency bumps (#1362) 2025-06-04 08:44:48 +02:00
Eugene
331af972bc
fixed #1356 - generate config schema (#1357) 2025-06-03 00:37:25 +02:00
Eugene
39182a685e
Bump version: 0.13.2 → 0.14.0-beta.1 2025-05-23 21:32:07 +02:00
Eugene
6b223994ae
SBOMs (#1289) 2025-03-20 16:11:14 +01:00
Eugene
664dbda65a
Bump version: 0.13.1 → 0.13.2 2025-02-26 10:40:54 +01:00
Eugene
1a07694409
lint 2025-02-26 10:40:49 +01:00
Eugene
299ec932fc
Bump version: 0.13.0 → 0.13.1 2025-02-19 21:44:58 +01:00
samtoxie
5dfa02555e
Implement option to trust unknown audiences (#1254) 
Currently Warpgate implements openidconnect_rs in a way where the OIDC
audience has to be either just the warpgate client id or you have to
explicitly trust every additional client id. Some IdP's
([ZITADEL](https://zitadel.com/) in my case) however don't let you limit
the audience for a specific client on the IdP side, and in my usecase
clients in the IdP project are often added or removed. Having to update
the warpgate config every time this happens is undoable for me, as such
I would like to explicitly trust any unknown client via config.

This PR implements that via an added optional setting
(`trust_unknown_audiences`) for the OIDC-custom provider.
 2025-02-18 23:14:34 +01:00
Eugene
43604ac649
Bump version: 0.14.0 → 0.13.0 2025-02-18 23:04:06 +01:00
Eugene
d7651fb1a3
Bump version: 0.13.0-beta.2 → 0.14.0 2025-02-18 23:02:03 +01:00
Eugene
b76872febe
fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
Eugene
55dcd11a17
added streamlocal-forward support (remote UNIX socket forwarding) (#1243) 2025-02-09 15:28:22 +01:00
Eugene
2cdf8babae
bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
Thibaud Lepretre
40e49a2c8e
Fixed SSO not respecting the OS' trusted TLS CAs (#1233) 
Co-authored-by: Eugene <inbox@null.page>
 2025-02-04 19:52:18 +01:00
Eugene
f3b7a5808c
Bump version: 0.12.0 → 0.13.0-beta.1 2025-02-02 21:22:55 +01:00
Eugene
6ade841378
correctly bind to both ipv4 and ipv6 when [::] is set as listen endpoint (#1193) 2024-12-27 10:16:36 +01:00
Eugene
fb1babcb41
Bump version: 0.11.0 → 0.12.0-beta.1 2024-12-07 23:42:58 +01:00
Eugene
f217b5da04
Self-service credentials management (#1145) 2024-11-26 23:13:48 +01:00
Eugene
b35983837f
Separate DB models for credentials (#1143) 2024-11-24 19:35:31 +01:00
Eugene
3b29a3e7f3
fixed #929 - sso: broken additional_trusted_audiences config option 2024-10-24 23:18:28 +02:00
Eugene
dbf96a8fee
fixed #1093 - allow multiple return domains for SSO, prefer host header over external_host 2024-10-24 00:04:37 +02:00
Eugene
80ee6ccc83
fixed #1074 - strip trailing slash in SSO issuer URLs and log errors properly 2024-10-14 10:18:19 +02:00
Eugene
837cc2d515
Bump version: 0.10.2 → 0.11.0 2024-10-09 00:24:38 +02:00
Eugene
7e49f13084
#1056 - auto-strip .well-known/openid-configuration from OIDC URLs 2024-10-04 17:22:40 +02:00
Eugene
c191e54c07
bumped rustls & related pkgs (#1066) 2024-09-18 11:28:39 +02:00
Eugene
fe521f2a39
OIDC RP-initiated logout (SSO single logout) support (#992) 
Fixes #935
 2024-09-10 23:16:42 +02:00
Eugene
53b0a9095b
Bump version: 0.10.1 → 0.10.2 2024-08-14 22:59:52 +02:00
Eugene
a0465174a7
Bump version: 0.10.0 → 0.10.1 2024-07-26 18:18:39 +02:00
Eugene
c83a70c730
Bump version: 0.9.1 → 0.10.0 2024-07-18 09:55:42 +02:00
Eugene
32078670a8
missed rename 2024-03-23 22:02:48 +01:00
Eugene
ef3c20719f
word 2024-03-23 21:54:21 +01:00
Eugene
47c943d201
lint 2024-03-23 12:24:52 +01:00
Skyler Mansfield
916d51a4e8
Add support for role mappings on custom SSO providers. (#920) 
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers: 
  - name: custom_sso
    label: Custom SSO
    provider:
      type: custom
      client_id: <client_id>
      client_secret: <client_secret>
      issuer_url: <issuer_url>
      scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
      role_mappings: 
        - ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.

This [video on YouTube](https://youtu.be/XCYSGGCgk9Q) demonstrates the
functionality

---------

Co-authored-by: Eugene <inbox@null.page>
 2024-03-23 12:05:12 +01:00
Eugene
bcba6763ae
cargo fmt 2024-03-04 10:15:27 +01:00
Eugene
75a2b8c5c6
fixed #929 - support additional trusted OIDC audiences 2024-01-13 11:07:26 +01:00
Eugene
7e260e84e6
Bump version: 0.9.0 → 0.9.1 2023-12-18 16:24:44 +01:00
Eugene
0baf2e3b97
Bump version: 0.8.1 → 0.9.0 2023-11-23 19:41:07 +01:00
Eugene
8b91e4a328
Bump version: 0.8.0 → 0.8.1 2023-09-27 22:09:03 +02:00
Eugene Pankov
4ecc6b653f
Bump version: 0.7.4 → 0.8.0 2023-08-20 19:06:49 +02:00
Eugene Pankov
4eb791f189
Bump version: 0.7.3 → 0.7.4 2023-08-02 09:05:59 +02:00
Eugene Pankov
dca24110f9
Bump version: 0.7.1 → 0.7.3 2023-07-10 10:23:00 +02:00
Eugene Pankov
9a0d818b82
Bump version: 0.7.0 → 0.7.1 2023-03-17 09:59:11 +01:00
Eugene Pankov
eb13e71fb3
bumped rust 2023-01-11 12:59:27 +01:00
dependabot[bot]
3be3971bf7 Bump once_cell from 1.14.0 to 1.17.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.14.0 to 1.17.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.14.0...v1.17.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-09 21:34:02 +01:00
Eugene Pankov
56ffb22fca
Merge branch 'main' of https://github.com/warp-tech/warpgate 2022-12-14 22:22:34 +01:00