self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
3142 commits 3226 branches 4171 tags 1.3 GiB
Commit graph

314 commits

Author SHA1 Message Date
Russell Jones 3db3ac9c98 Removing unix user name check from Teleport user name. 2017-06-22 14:00:12 -07:00
Russell Jones 7295a90c6f Updated comments to explain templating. 2017-06-21 12:00:09 -07:00
Russell Jones a9774f75ca Fix regression when using SAML and dynamic roles. 2017-06-21 10:41:41 -07:00
Russell Jones 7e17b6f9a7 Added --compat=oldssh flag to generate user certificates without roles. 2017-06-20 16:57:56 -07:00
Russell Jones 8a7f09fb59 Improve RBAC logging when checking access to a server. 2017-06-13 15:14:13 -07:00
Sasha Klizhentas d5ddea7ea0 update code review comments 2017-05-22 19:44:22 -07:00
Sasha Klizhentas 3bbfeb1b07 add checks and improve user output 2017-05-21 16:53:37 -07:00
Sasha Klizhentas 8ecfe3acc1 fix and complete tests 2017-05-20 12:52:03 -07:00
Sasha Klizhentas 5507ab1304 Merge branch 'master' into sasha/trust2 2017-05-19 10:44:18 -07:00
Sasha Klizhentas 123a158f2e fix tests 2017-05-19 10:06:48 -07:00
Sasha Klizhentas fd91e6c114 more work around setting mapping up 2017-05-17 20:43:21 -07:00
Sasha Klizhentas e2db84d6bd always specify NameID 2017-05-17 10:37:51 -07:00
Sasha Klizhentas 4a3f3b69e1 work on trust 2017-05-17 10:36:25 -07:00
Russell Jones b3af2d3010 SAML 2.0 and AD FS integration. 2017-05-12 14:10:19 -07:00
Sasha Klizhentas 9af07be7a9 add integration tests 2017-05-12 14:10:19 -07:00
Sasha Klizhentas 417ad1de05 tests work in progress 2017-05-12 14:10:18 -07:00
Sasha Klizhentas f8641681f6 SAML 2.0 initial implementation 2017-05-12 14:10:18 -07:00
Russell Jones bd20318069 Patch for TLP-01-004: Always check is namespace is valid. 2017-05-03 12:17:45 -07:00
Russell Jones fc4e63978d Use CheckAndSetDefaults in tctl and add KindNode to default list of 
roles.
 2017-04-20 15:13:03 -07:00
Russell Jones a425423103 Renamed IdentityProvider to Provider. 2017-04-12 22:24:18 -07:00
Russell Jones 7275c767fc Added support for ACR values for OIDC connectors. 2017-04-12 17:24:26 -07:00
Russell Jones f85bb0de3c Set defaults for templated roles. 2017-04-11 17:03:31 -07:00
Sasha Klizhentas 3c2570fa35 Sasha High Availability. 2017-04-07 16:54:15 -07:00
Russell Jones d330d68ec5 If a role is not found, continue on in GetRoles. 2017-04-06 12:37:19 -07:00
Russell Jones fde0ae4178 Added TTL to UpsertRole. Dynamic roles for OIDC users now have TTL. 2017-04-04 17:06:28 -07:00
Russell Jones 81ba372833 Added support for dynamic roles in claim mappings for OIDC. 2017-04-04 15:09:21 -07:00
Sasha Klizhentas daf04f1abe introduce setter and fix typo 2017-03-30 17:52:58 -07:00
Russell Jones 1cab059039 Changes to Unix socket path to make it cross platform. 2017-03-29 17:12:50 -07:00
Russell Jones a110e48108 Support Get/Set Cluster Authentication Preferences and Universal Second 
Factor Settings from tctl.
 2017-03-21 16:47:18 -07:00
Sasha Klizhentas f02d391172 add optional agent forward cert extension 2017-03-21 13:56:05 -07:00
Russell Jones 00567f6d0c Added public_address to proxy server configuration and heartbeat. 2017-03-17 11:38:40 -07:00
Sasha Klizhentas c438f3192b TTL Cert 2017-03-14 17:26:42 -07:00
Alexey Kontsevoy d6c78f4cb1 addressing code review 2017-03-13 18:48:01 -04:00
Alexey Kontsevoy c2008fb72e add remove resource method to Role interface 2017-03-13 18:39:48 -04:00
Sasha Klizhentas 6e2b69acf1 fix retrieval TTL 2017-03-12 12:23:51 -07:00
Sasha Klizhentas 5e49193882 Merge branch 'master' into sasha/agents 2017-03-10 18:32:28 -08:00
Sasha Klizhentas ff9a0a458e more code 2017-03-10 15:50:39 -08:00
Sasha Klizhentas b8be3c5101 Merge branch 'master' into sasha/agents 2017-03-09 16:23:17 -08:00
Sasha Klizhentas 0f64d0c547 agent forwarding, fixes #756 2017-03-09 16:20:39 -08:00
Russell Jones 2f70866e5a Added TrustedCluster resource. 2017-03-09 13:49:44 -08:00
Sasha Klizhentas bde7b5b345 agent forwarding 2017-03-09 13:02:57 -08:00
Sasha Klizhentas 68d5302494 Merge branch 'master' into sasha/websession 2017-03-03 13:26:11 -08:00
Sasha Klizhentas 8fdcc217fd fixes #809 2017-03-03 13:20:46 -08:00
Russell Jones 54c7f1cd32 Added dynamic_config and removed seed_config. 2017-03-01 16:44:34 -08:00
Alexey Kontsevoy d1952ff865 adding missing setters to Role interface 2017-02-28 20:16:28 -05:00
Russell Jones 2033d8093c Fix configuration file regressions. 2017-02-24 14:48:52 -08:00
Alexey Kontsevoy 0a49bb4039 always return config.js 2017-02-24 12:10:36 -05:00
Russell Jones cfe92d7ad2 Fixed bugs created in #783. Updated response returned from /webapi/ping and 
/web/config.js. Added support for authentication selection based off ping
response in tsh.
 2017-02-23 13:45:19 -08:00
Russell Jones 1dcd3e11e5 Refactored authentication configuration, created resources for dynamic configuration of authentication configuration, and updated documentation. 2017-02-22 11:48:06 -08:00
Sasha Klizhentas d6ff6f6204 Configure web session duration, fixes #691 
* Fix bug with OIDC powered sessions logged out after 10 minutes
* Adjust web sessions durations by taking roles into account
* Provide explicit TTL enforced on the server side for bearer tokens

Before this PR the web session TTL was measured using defaults,
10 minutes for local sessions and 1 hour for OIDC sessions and
the system relied on client to renew the bearer token.

With this change bearer token TTL is set to 10 minutes
and the entire web session will expire if not renewed before

The maximum session duration is set to 12 hours, if not
limited to a smaller value by roles in RBAC modules.
 2017-02-17 16:16:44 -08:00
Sasha Klizhentas 1b91689e57 fixes 2017-02-11 10:48:29 -08:00
Sasha Klizhentas b569b04494 work in progress sessions 2017-02-10 18:55:51 -08:00
Russell Jones 23f964968c Admin certificate revered back to only host uuid for backward compatibility. 2017-02-09 16:43:16 -08:00
Russell Jones 6295213815 Host certificate now presents two principals: hostUUID.clusterName and nodeName.clusterName. 2017-02-08 18:34:29 -08:00
Alexey Kontsevoy 0f1bf744ba adding a missing display field to ConnectorV2 schema 2017-02-08 12:53:45 -05:00
Sasha Klizhentas c231957b64 add interfaces 2017-02-01 14:43:15 -08:00
Russell Jones 05efdb2a17 Moved Check* methods into auth package. 2017-01-17 14:17:03 -08:00
Russell Jones 9e0c439927 Added TOTP support and deprecated HOTP support. New users are created with TOTP as the second factor, but HOTP backward compatibility is maintained by allowing users created before this commit to continue to log in with HOTP tokens. 2017-01-17 11:24:52 -08:00
Ev Kontsevoy 7040331660 Fixed all tests 
Also replaced mailgun.FrozenTime with `clockwork` in a few places
(mailgun's frozen time still remains elsewhere)
 2017-01-15 16:28:18 -08:00
Sasha Klizhentas 27f223e598 add omitempty 2017-01-09 19:47:53 -08:00
Sasha Klizhentas 1e9c9c91b5 update interfaces to simplify integrations 2017-01-06 12:42:34 -08:00
Sasha Klizhentas aad5bba5a1 fix migrations from V1 
Trusted clusters and cert authorities static configuration
sections were not properly processed and we've been creating
incomplete V2 objects in the database. This commit fixes the problem
 2017-01-02 12:49:05 -08:00
Sasha Klizhentas 255d6d870e get, upsert, delete commands support new resources 2016-12-31 17:11:00 -08:00
Sasha Klizhentas a45e2869fb fix data race and vendor deps 2016-12-30 17:07:54 -08:00
Sasha Klizhentas 6dc157985e Merge branch 'master' into sasha/oidc 2016-12-30 16:51:13 -08:00
Sasha Klizhentas 6db29f37ad fixes 2016-12-30 16:07:56 -08:00
Sasha Klizhentas 2cc1a548c5 finished changes 2016-12-30 15:13:45 -08:00
Sasha Klizhentas 5eedbea1ad fix integration tests 2016-12-30 14:47:52 -08:00
Sasha Klizhentas 98e613a4ea web tests recovered 2016-12-30 13:25:35 -08:00
Sasha Klizhentas 3a7db7d29c SSH server tests recovered 2016-12-30 12:20:48 -08:00
Sasha Klizhentas 77b0131b06 auth tests fixed 2016-12-30 11:16:05 -08:00
Ev Kontsevoy ed8604f757 Semi-serious connection overhaul of Teleport SSH 
- Added idle timeout handling to every SSH connection.
- A bit of code refactoring (removing unused code paths)

Most importantly:

Added a custom SSH handshake between SSH Teleport proxies
and SSH Teleport servers. This handshake sends a custom JSON payload
from a proxy to a server, allowing to exchange additional information,
like the true IP of a client.
 2016-12-30 01:21:28 -08:00
Sasha Klizhentas 23ffcb3c86 more fixes 2016-12-29 18:57:20 -08:00
Sasha Klizhentas b5e1e4af75 more changes 2016-12-29 16:17:56 -08:00
Sasha Klizhentas 296ebe9d81 create signup token 2016-12-29 15:56:10 -08:00
Sasha Klizhentas 3ab22aba2a API v2 added 2016-12-29 15:46:19 -08:00
Sasha Klizhentas fcb8e52a6a check backwards compatibility 2016-12-29 15:33:23 -08:00
Sasha Klizhentas 823a762cf4 more changes 2016-12-29 15:16:42 -08:00
Sasha Klizhentas 1eec7c0ebd refactor, refactor refactor 2016-12-29 12:23:58 -08:00
Sasha Klizhentas 6fc1ad7c74 more changes 2016-12-29 11:36:57 -08:00
Sasha Klizhentas cc892fbb5f fix schema and add handy object debugging methods 2016-12-28 21:08:46 -08:00
Sasha Klizhentas 3d0edbbfbf debugging state differences 2016-12-28 21:00:00 -08:00
Sasha Klizhentas fd3eb31bac tests tests tests 2016-12-28 19:30:20 -08:00
Sasha Klizhentas 06f137e73d fix tests and schema 2016-12-28 19:28:23 -08:00
Sasha Klizhentas 5028b91b0d some stuff 2016-12-28 18:54:10 -08:00
Sasha Klizhentas d3a90743e4 changes to resources 2016-12-28 18:47:33 -08:00
Sasha Klizhentas 08988f08e8 add migrations tests 2016-12-28 15:50:32 -08:00
Sasha Klizhentas c98624c038 more migration code 2016-12-28 14:07:03 -08:00
Sasha Klizhentas 81b54ae749 more 2016-12-27 19:54:02 -08:00
Sasha Klizhentas 30739de741 more exciting code 2016-12-27 18:54:55 -08:00
Sasha Klizhentas 08018f805d more exciting data conversion code 2016-12-27 17:28:46 -08:00
Sasha Klizhentas 92a5d39804 more fun work 2016-12-27 16:39:43 -08:00
Sasha Klizhentas 924495dc19 more work 2016-12-27 11:52:59 -08:00
Ev Kontsevoy 4ed536a2f0 First pass at cleaning up DynamoDB and locks 
- Added ability to read AWS config from `~/.aws` directory for testing
- Fixed TTL bug in DynamoDB back-end
- Made FS back-end return similar error types as Boltdb does
- Cleaned up buggy tests for DynamoDB
- Removed unnecessary locks everywhere in code
 2016-12-27 00:12:59 -08:00
Sasha Klizhentas 0ef73b8961 start migrating to new format 2016-12-26 18:56:31 -08:00
Ev Kontsevoy 600210f511 Code cleanup and live testing of fs backend. 2016-12-25 21:58:59 -08:00
Ev Kontsevoy 79c9f32f38 Removed backend.GetValAndTTL() 
It was never used anywhere in actual Teleport code.
 2016-12-25 21:58:59 -08:00
Sasha Klizhentas 8ab3add372 map OIDC scopes to roles, implements #620 2016-12-24 14:42:33 -08:00
Sasha Klizhentas 13bbc4bd6f vendor things and fix U2F console 2016-12-23 09:51:36 -08:00
Sasha Klizhentas d214f5d5e2 address code review comments 2016-12-22 19:06:07 -08:00