mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-27 23:18:49 -06:00
Code Issues Packages Projects Releases Wiki Activity
14,545 Commits 48 Branches 40 Tags
add4dec96355232b5f5a10f5aa4cfafbbbbb7dbc
Commit Graph

23 Commits

Author SHA1 Message Date
Jörn Friedrich Dreyer
f1d09af547 support AD FS (#7140) 
* support AD FS

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* drop unnecessary else

Co-authored-by: kobergj <jkoberg@owncloud.com>

---------

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: kobergj <jkoberg@owncloud.com>
 2023-09-01 15:25:06 +02:00
Jörn Friedrich Dreyer
5422586bfa allow skipping userinfo call 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-08-23 13:56:48 +02:00
Ralf Haferkamp
b7990875c1 oidc: Remove "aud" claim validation of logout tokens (#6156) 
The "aud" claim of the logout token is supposed to contain the client-id
of the client for which the token was issued. Our current implementation of
validating that claim is somewhat broken. We only allow to configure a single
value for the allowed client id. But we have different client-ids
accessing oCIS.

This completely removes the current validation of the `aud` claim until
we come up with a working solution. As we currently require a session id
to be present in the logout token the risk not validating the `aud`
claim is pretty low.

Related: #6149
 2023-04-27 10:34:09 +02:00
Ralf Haferkamp
70a80125c3 Fix backchannel logout 
Use access token to lookup session id. The userinfo endpoint does
not return the session id. Also add some debug logging.

Co-authored-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
 2023-04-20 18:04:52 +02:00
Christian Richter
a6ced1f99f Simplifiy Unmarshall function for stringAsBool struct 
Co-authored-by: Julian Koberg <jkoberg@owncloud.com>
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 11:45:13 +02:00
Christian Richter
30bcf32062 incorporate requested changes 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-20 09:00:58 +02:00
Christian Richter
e88a0d7bc3 add tests for oidc backchannel logout 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:49 +02:00
Christian Richter
15691ae78a fix contexts, render result 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
d2d7c49df4 properly parse logout request 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
a98a880e7d move code, delete duplicate lines 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
dc399a61ac implement backchannel logout, reuse useringo cache 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
bc15b8a396 work on logout 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
b608d0b0f9 move verify access token code to oidc client 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
469534b321 small cleanup 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
58dce9bed8 use our oidc client 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Jörn Friedrich Dreyer
014308ddc9 introduce oidc client, based on coreos go-oidc 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-04-19 17:32:25 +02:00
Christian Richter
a3640b0565 extract full claims from jwt token to get session id 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2023-04-19 17:32:23 +02:00
Ralf Haferkamp
a34a3b2a98 Cleanup some oidc related bits (#5751) 
* Remove unused code from oidc module

* Use already existing Metadata type for jwks discovery

ocis-pkg/oidc already provides a type for the oidc metadata. Switch to
that instead of defining yet another custom type.

* oidc: Add helper to get IDP metadata
 2023-03-07 14:43:42 +01:00
Michael Barz
189987bcbd Bump major version to v2 2022-05-04 14:49:59 +02:00
Jörn Friedrich Dreyer
40c8031441 add claims policy selector 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2021-07-23 08:07:17 +00:00
Jörn Friedrich Dreyer
1f3e963c29 use claims map instead of struct 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2021-07-22 09:20:36 +00:00
A.Unger
fcca9faa81 accounts running 2020-09-18 14:51:07 +02:00
A.Unger
c284b4d07b Add 'ocis-pkg/' from commit '72d605ba3857d0b972ddd72e226d8a5360fb480d' 
git-subtree-dir: ocis-pkg
git-subtree-mainline: 4c12bed11b
git-subtree-split: 72d605ba38
 2020-09-18 12:34:50 +02:00