Patrick Cloke
22c6c19f91
Fix a regression that mapping providers should be able to redirect users. ( #8878 )
...
This was broken in #8801 .
2020-12-04 08:25:15 -05:00
Patrick Cloke
8388384a64
Fix a regression when grandfathering SAML users. ( #8855 )
...
This was broken in #8801 when abstracting code shared with OIDC.
After this change both SAML and OIDC have a concept of
grandfathering users, but with different implementations.
2020-12-02 07:45:42 -05:00
Patrick Cloke
c21bdc813f
Add basic SAML tests for mapping users. ( #8800 )
2020-12-02 07:09:21 -05:00
Patrick Cloke
4fd222ad70
Support trying multiple localparts for OpenID Connect. ( #8801 )
...
Abstracts the SAML and OpenID Connect code which attempts to regenerate
the localpart of a matrix ID if it is already in use.
2020-11-25 10:04:22 -05:00
Patrick Cloke
79bfe966e0
Improve error checking for OIDC/SAML mapping providers ( #8774 )
...
Checks that the localpart returned by mapping providers for SAML and
OIDC are valid before registering new users.
Extends the OIDC tests for existing users and invalid data.
2020-11-19 14:25:17 -05:00
Patrick Cloke
ee382025b0
Abstract shared SSO code. ( #8765 )
...
De-duplicates code between the SAML and OIDC implementations.
2020-11-17 09:46:23 -05:00
Erik Johnston
c850dd9a8e
Fix handling of User-Agent headers with bad utf-8. ( #8632 )
2020-10-23 17:12:59 +01:00
BBBSnowball
05ee048f2c
Add config option for always using "userinfo endpoint" for OIDC ( #7658 )
...
This allows for connecting to certain IdPs, e.g. GitLab.
2020-10-01 13:54:35 -04:00
Patrick Cloke
8b40843392
Allow additional SSO properties to be passed to the client ( #8413 )
2020-09-30 13:02:43 -04:00
Tdxdxoz
abd04b6af0
Allow existing users to login via OpenID Connect. ( #8345 )
...
Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com>
This adds configuration flags that will match a user to pre-existing users
when logging in via OpenID Connect. This is useful when switching to
an existing SSO system.
2020-09-25 07:01:45 -04:00
Patrick Cloke
b055dc9322
Ensure that the OpenID Connect remote ID is a string. ( #8190 )
2020-08-28 08:56:36 -04:00
Patrick Cloke
3f91638da6
Allow denying or shadow banning registrations via the spam checker ( #8034 )
2020-08-20 15:42:58 -04:00
Patrick Cloke
a3cf36f76e
Support UI Authentication for OpenID Connect accounts ( #7457 )
2020-05-15 12:26:02 -04:00
Quentin Gliech
616af44137
Implement OpenID Connect-based login ( #7256 )
2020-05-08 08:30:40 -04:00