Added the possibility to activate lowercase for UPN-Strings#1888
Merged
sagikazarmark merged 4 commits intodexidp:masterfrom Jan 6, 2021
Merged
Added the possibility to activate lowercase for UPN-Strings#1888sagikazarmark merged 4 commits intodexidp:masterfrom
sagikazarmark merged 4 commits intodexidp:masterfrom
Conversation
VF-mbrauer
force-pushed
the
UPN-Lowercase
branch
from
3eadfa6 to
3ea2446
Compare
Signed-off-by: Maik Brauer <[email protected]>
VF-mbrauer
force-pushed
the
UPN-Lowercase
branch
from
3ea2446 to
eb9ef3b
Compare
sagikazarmark
requested changes
Jan 5, 2021
go.mod
Outdated
| gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect | ||
| gopkg.in/ldap.v2 v2.5.1 | ||
| gopkg.in/square/go-jose.v2 v2.4.1 | ||
| honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc // indirect |
Member
There was a problem hiding this comment.
Why is this added as a dependency?
go.mod
Outdated
| github.com/lib/pq v1.3.0 | ||
| github.com/mattermost/xml-roundtrip-validator v0.0.0-20201204154048-1a8688af4cf1 | ||
| github.com/mattn/go-sqlite3 v1.11.0 | ||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect |
Member
There was a problem hiding this comment.
Why is this added as a dependency?
connector/microsoft/microsoft.go
Outdated
| Groups []string `json:"groups"` | ||
| GroupNameFormat GroupNameFormat `json:"groupNameFormat"` | ||
| UseGroupsAsWhitelist bool `json:"useGroupsAsWhitelist"` | ||
| UpnToLowercase bool `json:"upnToLowercase"` |
Member
There was a problem hiding this comment.
I'm not intimately familiar with microsoft/AD, but I think it would make sense to use email as a phrase here. I guess the UPN is always an email address.
Signed-off-by: Maik Brauer <[email protected]>
VF-mbrauer
force-pushed
the
UPN-Lowercase
branch
from
d44ef99 to
4d246bc
Compare
Signed-off-by: Maik Brauer <[email protected]>
…o UPN-Lowercase Signed-off-by: Maik Brauer <[email protected]>
VF-mbrauer
force-pushed
the
UPN-Lowercase
branch
from
f3e5dba to
0d53fa2
Compare
Contributor
Author
|
Hi @sagikazarmark, changes done. Please check. Thanks. |
xtremerui
pushed a commit
to concourse/dex
that referenced
this pull request
Mar 16, 2021
The official docker release for this release can be pulled from ``` ghcr.io/dexidp/dex:v2.28.0 ``` **Features:** - Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow (dexidp#1773, @HEllRZA) - Allow configuration of returned auth proxy header (dexidp#1839, @seuf) - Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false (dexidp#1902, @heidemn-faro) - Added the possibility to activate lowercase for UPN-Strings (dexidp#1888, @VF-mbrauer) - Add "Cache-control: no-store" and "Pragma: no-cache" headers to token responses (dexidp#1948, @nabokihms) - Add gomplate to the docker image (dexidp#1893, @nabokihms) - Graceful shutdown (dexidp#1963, @nabokihms) - Allow public clients created with API to have no client_secret (dexidp#1871, @spohner) **Bugfixes:** - Fix the etcd PKCE AuthCode deserialization (dexidp#1908, @bnu0) - Fix garbage collection logging of device codes and device request (dexidp#1918, @nabokihms) - Discovery endpoint contains updated claims and auth methods (dexidp#1951, @nabokihms) - Return invalid_grant error if auth code is invalid or expired (dexidp#1952, @nabokihms) - Return an error to auth requests with the "request" parameter (dexidp#1956, @nabokihms) **Minor changes:** - Change default themes to light/dark (dexidp#1858, @nabokihms) - Various developer experience improvements - Dependency upgrades - Tons of small fixes and changes
elffjs
pushed a commit
to DIMO-Network/dex
that referenced
this pull request
Jun 27, 2022
Signed-off-by: Maik Brauer <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
There was a need to introduce a Boolean-Flag which enables to possibility to transform the UPN (E-Mail) of the user to lowercase.
As we never now how those string are stored in Active Directory or Azure Active Directory. But they are important for mapping.
What this PR does / why we need it
In some Active Directories we have the UPNs in various formats stored. It can be lowercase, uppercase and also it
can be a mix of them. When now sending those to DEX and then when it will be used by the RBAC of the Custer
it needs to match 1:1. But we never now how the name will be transported and how it has been originally stored.
So overcome that issue, we need a small feature which does the trick an put all character to a format where we know
how to handle. As when they are all lowercases and we now that, we just put them the way on the Rolebindings on the cluster.
Special notes for your reviewer
Nothing special to highlight, expect that nothing will be put to LowerCase when Flag has not been set.
Otherwise the parameter keeps false and noting will change at all.
Does this PR introduce a user-facing change?
Depends, if the user want to use this feature, he needs to activate it. Once done the UPNs (E-Mail) will be send all the time
in lowercase letters. So if the user expect then to get the 1:1 from AD or AAD he will be surprised when the feature is on.
Configuration-Details:
If you put the
UpnToLowercase: trueinto your yaml config and if you make it true to enable it will start conversion to LowerCase.