Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimalistic support for group filtering in oidc connector #3074

Merged
merged 3 commits into from
Oct 21, 2023
Merged

Minimalistic support for group filtering in oidc connector #3074

merged 3 commits into from
Oct 21, 2023

Conversation

mdpradeep
Copy link
Contributor

Overview

Filter users based on groups in OIDC connector.

What this PR does / why we need it

Currently it is not possible to filter users based on groups like it is done with the google connector. This PR is an attempt to support group filtering in the oidc connector. The connector configuration takes an additional configuration as below to specify what the allowed groups are. If the user's groups belong to at least one of the allowedGroups, then authentication will be successful. The other change is to indicate that the user does not belong to allowed groups if authentication fails because the user does not belong to any of the allowed groups.

{
            "name": "My-oidc",
            "config": {
                "issuer": "<ISSUER>",
                "clientID": "12345678",
                "redirectURI": "<Dex Callback>",
                "clientSecret": "12345678",
                "insecureSkipEmailVerified": true,
                "insecureEnableGroups": true,
                "getUserInfo": true,
                "allowedGroups": ["XYZ", "ABC"],
                "scopes": ....
            },
            "id": "myoidc",
            "type": "oidc"
        }

Special notes for your reviewer

Does this PR introduce a user-facing change?

NONE

sagikazarmark
sagikazarmark requested changes Aug 24, 2023
View reviewed changes
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
server/handlers.go Outdated Show resolved Hide resolved
nabokihms
nabokihms requested changes Oct 20, 2023
View reviewed changes
Copy link
Member

@nabokihms nabokihms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debug messages don't seem like a necessary addition. The better approach is, for example, to trace HTTP requests to providers and check returned bodies. Custom debug messages are blocking this PR.

connector/oidc/oidc.go Outdated Show resolved Hide resolved
@nabokihms
Copy link
Member

@mdpradeep, everything seems fine now according to the code and ready to be merged (when tests are successfully passed).

I'd like to take this feature to the upcoming v2.38.0 release, so waiting 🙂

@nabokihms nabokihms added release-note/new-feature Release note: Exciting New Features release-note/enhancement Release note: Enhancements and removed release-note/new-feature Release note: Exciting New Features labels Oct 20, 2023
@mdpradeep @nabokihms @sagikazarmark
Minimalistic support for group filtering in oidc connector
3f756e9 
Minimalistic support for group filtering in oidc connector

Signed-off-by: Pradeep Mudlapur <[email protected]>
Co-Authored-By: Maksim Nabokikh <[email protected]>
Co-Authored-By: Márk Sági-Kazár <[email protected]>
@mdpradeep
Fix rebase issue
b3e5bf5 
Signed-off-by: Pradeep Mudlapur <[email protected]>
@mdpradeep
Fix linter issue
522e0c9 
Signed-off-by: Pradeep Mudlapur <[email protected]>
nabokihms
nabokihms approved these changes Oct 21, 2023
View reviewed changes
Copy link
Member

@nabokihms nabokihms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really nice. Thank you, @mdpradeep, for your contribution!

@nabokihms nabokihms merged commit 415ddaa into dexidp:master Oct 21, 2023
9 checks passed
orange-hbenmabrouk pushed a commit to orange-hbenmabrouk/dex that referenced this pull request Oct 23, 2023
@mdpradeep @nabokihms
@sagikazarmark @orange-hbenmabrouk
Minimalistic support for group filtering in oidc connector (dexidp#3074)
302637e 
Signed-off-by: Pradeep Mudlapur <[email protected]>
Co-authored-by: Maksim Nabokikh <[email protected]>
Co-authored-by: Márk Sági-Kazár <[email protected]>
orange-hbenmabrouk pushed a commit to orange-hbenmabrouk/dex that referenced this pull request Oct 23, 2023
@mdpradeep @nabokihms
@sagikazarmark @orange-hbenmabrouk
Minimalistic support for group filtering in oidc connector (dexidp#3074)
2d862e8 
Signed-off-by: Pradeep Mudlapur <[email protected]>
Co-authored-by: Maksim Nabokikh <[email protected]>
Co-authored-by: Márk Sági-Kazár <[email protected]>
Signed-off-by: Houssem Ben Mabrouk <[email protected]>
@tgmuender tgmuender mentioned this pull request Aug 14, 2024
Open
tanmaykm added a commit to tanmaykm/Yggdrasil that referenced this pull request Oct 19, 2024
@tanmaykm
[Dex] Update Dex to v2.41.1
92e0b2d 
Updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.
Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
tanmaykm added a commit to tanmaykm/Yggdrasil that referenced this pull request Oct 19, 2024
@tanmaykm
[Dex] Update Dex to v2.41.1
333d1bf 
Updates Dex to v2.41.1.

Also updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.

Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
tanmaykm added a commit to tanmaykm/Yggdrasil that referenced this pull request Oct 19, 2024
@tanmaykm
[Dex] Update Dex to v2.41.1
4706687 
Updates Dex to v2.41.1.

Also updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.

Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
tanmaykm added a commit to tanmaykm/Yggdrasil that referenced this pull request Oct 19, 2024
@tanmaykm
[Dex] Update Dex to v2.41.1
28e99e2 
Updates Dex to v2.41.1.

Also updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.

Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
@tanmaykm tanmaykm mentioned this pull request Oct 19, 2024
Merged
giordano pushed a commit to JuliaPackaging/Yggdrasil that referenced this pull request Oct 19, 2024
@tanmaykm
[Dex] Update Dex to v2.41.1 (#9647)
4394188 
Updates Dex to v2.41.1.

Also updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.

Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
avik-pal pushed a commit to avik-pal/Yggdrasil that referenced this pull request Oct 25, 2024
@tanmaykm @avik-pal
[Dex] Update Dex to v2.41.1 (JuliaPackaging#9647)
d4723cd 
Updates Dex to v2.41.1.

Also updates the patch made earlier to oidc plugin, to remove parts of the changes that got upstreamed via dexidp/dex#3074.

Retains (with updates to match source), the other patches made earlier to support additional scopes for github adn gitlab logins and to enable multiple sessions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nabokihms nabokihms nabokihms approved these changes

@sagikazarmark sagikazarmark Awaiting requested review from sagikazarmark

Assignees
No one assigned
Labels
release-note/enhancement Release note: Enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdpradeep @nabokihms @sagikazarmark