Russell Jones
3db3ac9c98
Removing unix user name check from Teleport user name.
2017-06-22 14:00:12 -07:00
Russell Jones
7295a90c6f
Updated comments to explain templating.
2017-06-21 12:00:09 -07:00
Russell Jones
a9774f75ca
Fix regression when using SAML and dynamic roles.
2017-06-21 10:41:41 -07:00
Russell Jones
7e17b6f9a7
Added --compat=oldssh flag to generate user certificates without roles.
2017-06-20 16:57:56 -07:00
Russell Jones
8a7f09fb59
Improve RBAC logging when checking access to a server.
2017-06-13 15:14:13 -07:00
Sasha Klizhentas
d5ddea7ea0
update code review comments
2017-05-22 19:44:22 -07:00
Sasha Klizhentas
3bbfeb1b07
add checks and improve user output
2017-05-21 16:53:37 -07:00
Sasha Klizhentas
8ecfe3acc1
fix and complete tests
2017-05-20 12:52:03 -07:00
Sasha Klizhentas
5507ab1304
Merge branch 'master' into sasha/trust2
2017-05-19 10:44:18 -07:00
Sasha Klizhentas
123a158f2e
fix tests
2017-05-19 10:06:48 -07:00
Sasha Klizhentas
fd91e6c114
more work around setting mapping up
2017-05-17 20:43:21 -07:00
Sasha Klizhentas
e2db84d6bd
always specify NameID
2017-05-17 10:37:51 -07:00
Sasha Klizhentas
4a3f3b69e1
work on trust
2017-05-17 10:36:25 -07:00
Russell Jones
b3af2d3010
SAML 2.0 and AD FS integration.
2017-05-12 14:10:19 -07:00
Sasha Klizhentas
9af07be7a9
add integration tests
2017-05-12 14:10:19 -07:00
Sasha Klizhentas
417ad1de05
tests work in progress
2017-05-12 14:10:18 -07:00
Sasha Klizhentas
f8641681f6
SAML 2.0 initial implementation
2017-05-12 14:10:18 -07:00
Russell Jones
bd20318069
Patch for TLP-01-004: Always check is namespace is valid.
2017-05-03 12:17:45 -07:00
Russell Jones
fc4e63978d
Use CheckAndSetDefaults in tctl and add KindNode to default list of
...
roles.
2017-04-20 15:13:03 -07:00
Russell Jones
a425423103
Renamed IdentityProvider to Provider.
2017-04-12 22:24:18 -07:00
Russell Jones
7275c767fc
Added support for ACR values for OIDC connectors.
2017-04-12 17:24:26 -07:00
Russell Jones
f85bb0de3c
Set defaults for templated roles.
2017-04-11 17:03:31 -07:00
Sasha Klizhentas
3c2570fa35
Sasha High Availability.
2017-04-07 16:54:15 -07:00
Russell Jones
d330d68ec5
If a role is not found, continue on in GetRoles.
2017-04-06 12:37:19 -07:00
Russell Jones
fde0ae4178
Added TTL to UpsertRole. Dynamic roles for OIDC users now have TTL.
2017-04-04 17:06:28 -07:00
Russell Jones
81ba372833
Added support for dynamic roles in claim mappings for OIDC.
2017-04-04 15:09:21 -07:00
Sasha Klizhentas
daf04f1abe
introduce setter and fix typo
2017-03-30 17:52:58 -07:00
Russell Jones
1cab059039
Changes to Unix socket path to make it cross platform.
2017-03-29 17:12:50 -07:00
Russell Jones
a110e48108
Support Get/Set Cluster Authentication Preferences and Universal Second
...
Factor Settings from tctl.
2017-03-21 16:47:18 -07:00
Sasha Klizhentas
f02d391172
add optional agent forward cert extension
2017-03-21 13:56:05 -07:00
Russell Jones
00567f6d0c
Added public_address to proxy server configuration and heartbeat.
2017-03-17 11:38:40 -07:00
Sasha Klizhentas
c438f3192b
TTL Cert
2017-03-14 17:26:42 -07:00
Alexey Kontsevoy
d6c78f4cb1
addressing code review
2017-03-13 18:48:01 -04:00
Alexey Kontsevoy
c2008fb72e
add remove resource method to Role interface
2017-03-13 18:39:48 -04:00
Sasha Klizhentas
6e2b69acf1
fix retrieval TTL
2017-03-12 12:23:51 -07:00
Sasha Klizhentas
5e49193882
Merge branch 'master' into sasha/agents
2017-03-10 18:32:28 -08:00
Sasha Klizhentas
ff9a0a458e
more code
2017-03-10 15:50:39 -08:00
Sasha Klizhentas
b8be3c5101
Merge branch 'master' into sasha/agents
2017-03-09 16:23:17 -08:00
Sasha Klizhentas
0f64d0c547
agent forwarding, fixes #756
2017-03-09 16:20:39 -08:00
Russell Jones
2f70866e5a
Added TrustedCluster resource.
2017-03-09 13:49:44 -08:00
Sasha Klizhentas
bde7b5b345
agent forwarding
2017-03-09 13:02:57 -08:00
Sasha Klizhentas
68d5302494
Merge branch 'master' into sasha/websession
2017-03-03 13:26:11 -08:00
Sasha Klizhentas
8fdcc217fd
fixes #809
2017-03-03 13:20:46 -08:00
Russell Jones
54c7f1cd32
Added dynamic_config and removed seed_config.
2017-03-01 16:44:34 -08:00
Alexey Kontsevoy
d1952ff865
adding missing setters to Role interface
2017-02-28 20:16:28 -05:00
Russell Jones
2033d8093c
Fix configuration file regressions.
2017-02-24 14:48:52 -08:00
Alexey Kontsevoy
0a49bb4039
always return config.js
2017-02-24 12:10:36 -05:00
Russell Jones
cfe92d7ad2
Fixed bugs created in #783 . Updated response returned from /webapi/ping and
...
/web/config.js. Added support for authentication selection based off ping
response in tsh.
2017-02-23 13:45:19 -08:00
Russell Jones
1dcd3e11e5
Refactored authentication configuration, created resources for dynamic configuration of authentication configuration, and updated documentation.
2017-02-22 11:48:06 -08:00
Sasha Klizhentas
d6ff6f6204
Configure web session duration, fixes #691
...
* Fix bug with OIDC powered sessions logged out after 10 minutes
* Adjust web sessions durations by taking roles into account
* Provide explicit TTL enforced on the server side for bearer tokens
Before this PR the web session TTL was measured using defaults,
10 minutes for local sessions and 1 hour for OIDC sessions and
the system relied on client to renew the bearer token.
With this change bearer token TTL is set to 10 minutes
and the entire web session will expire if not renewed before
The maximum session duration is set to 12 hours, if not
limited to a smaller value by roles in RBAC modules.
2017-02-17 16:16:44 -08:00
Sasha Klizhentas
1b91689e57
fixes
2017-02-11 10:48:29 -08:00
Sasha Klizhentas
b569b04494
work in progress sessions
2017-02-10 18:55:51 -08:00
Russell Jones
23f964968c
Admin certificate revered back to only host uuid for backward compatibility.
2017-02-09 16:43:16 -08:00
Russell Jones
6295213815
Host certificate now presents two principals: hostUUID.clusterName and nodeName.clusterName.
2017-02-08 18:34:29 -08:00
Alexey Kontsevoy
0f1bf744ba
adding a missing display field to ConnectorV2 schema
2017-02-08 12:53:45 -05:00
Sasha Klizhentas
c231957b64
add interfaces
2017-02-01 14:43:15 -08:00
Russell Jones
05efdb2a17
Moved Check* methods into auth package.
2017-01-17 14:17:03 -08:00
Russell Jones
9e0c439927
Added TOTP support and deprecated HOTP support. New users are created with TOTP as the second factor, but HOTP backward compatibility is maintained by allowing users created before this commit to continue to log in with HOTP tokens.
2017-01-17 11:24:52 -08:00
Ev Kontsevoy
7040331660
Fixed all tests
...
Also replaced mailgun.FrozenTime with `clockwork` in a few places
(mailgun's frozen time still remains elsewhere)
2017-01-15 16:28:18 -08:00
Sasha Klizhentas
27f223e598
add omitempty
2017-01-09 19:47:53 -08:00
Sasha Klizhentas
1e9c9c91b5
update interfaces to simplify integrations
2017-01-06 12:42:34 -08:00
Sasha Klizhentas
aad5bba5a1
fix migrations from V1
...
Trusted clusters and cert authorities static configuration
sections were not properly processed and we've been creating
incomplete V2 objects in the database. This commit fixes the problem
2017-01-02 12:49:05 -08:00
Sasha Klizhentas
255d6d870e
get, upsert, delete commands support new resources
2016-12-31 17:11:00 -08:00
Sasha Klizhentas
a45e2869fb
fix data race and vendor deps
2016-12-30 17:07:54 -08:00
Sasha Klizhentas
6dc157985e
Merge branch 'master' into sasha/oidc
2016-12-30 16:51:13 -08:00
Sasha Klizhentas
6db29f37ad
fixes
2016-12-30 16:07:56 -08:00
Sasha Klizhentas
2cc1a548c5
finished changes
2016-12-30 15:13:45 -08:00
Sasha Klizhentas
5eedbea1ad
fix integration tests
2016-12-30 14:47:52 -08:00
Sasha Klizhentas
98e613a4ea
web tests recovered
2016-12-30 13:25:35 -08:00
Sasha Klizhentas
3a7db7d29c
SSH server tests recovered
2016-12-30 12:20:48 -08:00
Sasha Klizhentas
77b0131b06
auth tests fixed
2016-12-30 11:16:05 -08:00
Ev Kontsevoy
ed8604f757
Semi-serious connection overhaul of Teleport SSH
...
- Added idle timeout handling to every SSH connection.
- A bit of code refactoring (removing unused code paths)
Most importantly:
Added a custom SSH handshake between SSH Teleport proxies
and SSH Teleport servers. This handshake sends a custom JSON payload
from a proxy to a server, allowing to exchange additional information,
like the true IP of a client.
2016-12-30 01:21:28 -08:00
Sasha Klizhentas
23ffcb3c86
more fixes
2016-12-29 18:57:20 -08:00
Sasha Klizhentas
b5e1e4af75
more changes
2016-12-29 16:17:56 -08:00
Sasha Klizhentas
296ebe9d81
create signup token
2016-12-29 15:56:10 -08:00
Sasha Klizhentas
3ab22aba2a
API v2 added
2016-12-29 15:46:19 -08:00
Sasha Klizhentas
fcb8e52a6a
check backwards compatibility
2016-12-29 15:33:23 -08:00
Sasha Klizhentas
823a762cf4
more changes
2016-12-29 15:16:42 -08:00
Sasha Klizhentas
1eec7c0ebd
refactor, refactor refactor
2016-12-29 12:23:58 -08:00
Sasha Klizhentas
6fc1ad7c74
more changes
2016-12-29 11:36:57 -08:00
Sasha Klizhentas
cc892fbb5f
fix schema and add handy object debugging methods
2016-12-28 21:08:46 -08:00
Sasha Klizhentas
3d0edbbfbf
debugging state differences
2016-12-28 21:00:00 -08:00
Sasha Klizhentas
fd3eb31bac
tests tests tests
2016-12-28 19:30:20 -08:00
Sasha Klizhentas
06f137e73d
fix tests and schema
2016-12-28 19:28:23 -08:00
Sasha Klizhentas
5028b91b0d
some stuff
2016-12-28 18:54:10 -08:00
Sasha Klizhentas
d3a90743e4
changes to resources
2016-12-28 18:47:33 -08:00
Sasha Klizhentas
08988f08e8
add migrations tests
2016-12-28 15:50:32 -08:00
Sasha Klizhentas
c98624c038
more migration code
2016-12-28 14:07:03 -08:00
Sasha Klizhentas
81b54ae749
more
2016-12-27 19:54:02 -08:00
Sasha Klizhentas
30739de741
more exciting code
2016-12-27 18:54:55 -08:00
Sasha Klizhentas
08018f805d
more exciting data conversion code
2016-12-27 17:28:46 -08:00
Sasha Klizhentas
92a5d39804
more fun work
2016-12-27 16:39:43 -08:00
Sasha Klizhentas
924495dc19
more work
2016-12-27 11:52:59 -08:00
Ev Kontsevoy
4ed536a2f0
First pass at cleaning up DynamoDB and locks
...
- Added ability to read AWS config from `~/.aws` directory for testing
- Fixed TTL bug in DynamoDB back-end
- Made FS back-end return similar error types as Boltdb does
- Cleaned up buggy tests for DynamoDB
- Removed unnecessary locks everywhere in code
2016-12-27 00:12:59 -08:00
Sasha Klizhentas
0ef73b8961
start migrating to new format
2016-12-26 18:56:31 -08:00
Ev Kontsevoy
600210f511
Code cleanup and live testing of fs backend.
2016-12-25 21:58:59 -08:00
Ev Kontsevoy
79c9f32f38
Removed backend.GetValAndTTL()
...
It was never used anywhere in actual Teleport code.
2016-12-25 21:58:59 -08:00
Sasha Klizhentas
8ab3add372
map OIDC scopes to roles, implements #620
2016-12-24 14:42:33 -08:00
Sasha Klizhentas
13bbc4bd6f
vendor things and fix U2F console
2016-12-23 09:51:36 -08:00
Sasha Klizhentas
d214f5d5e2
address code review comments
2016-12-22 19:06:07 -08:00