5619948d31
Added Group Support to OIDC
...
Supports choosing groups to..
-Allow or restrict login to server
-Sync with user groups (with / without filter)
-Grant or revoke site admin privileges
2022-09-06 00:29:22 -04:00
60ee315b79
actually working discovery
2022-09-04 19:41:14 -04:00
7ec476ec4d
initial working discovery
...
if user is missing info, we will discover it automatically using well-known endpoints
2022-09-04 15:18:53 -04:00
c8774e700b
update oidc scope
...
passport-openidconnect adds the 'openid' scope to the request, regardless of if its already there.
removed 'openid' scope
removed unused 'groups' scope
2022-09-03 18:22:26 -04:00
d1e04a7ca7
Fixed SSPI authentication exception.
2022-09-03 00:32:49 -07:00
49e04bd454
Improved user authentication log and added 'authlog' tracing.
2022-09-01 22:06:08 -07:00
03e15c6be1
update oidc passport module
...
Updated to official passport-openidconnect module, removed custom module.
2022-08-31 23:51:24 -04:00
d4d1f7d454
MeshCMD is now signed using the MeshCentral code signing cert.
2022-08-31 01:36:23 -07:00
0bf459bb51
Many web relay improvements and fixes ( #4467 , #4456 )
2022-08-30 17:53:27 -07:00
f7dc1d749b
Added 'keepcerts' option to force keeping HTTPS/MPS cert.
2022-08-26 15:43:12 -07:00
4fe394226c
Improved web relay sharing ( #4413 )
2022-08-25 21:10:09 -07:00
5d7fabfc21
Added guest web sharing of HTTP/HTTPS ( #4413 )
2022-08-25 20:11:47 -07:00
6b1b034c61
Fixed device sharing links when using in LAN mode.
2022-08-24 14:10:40 -07:00
fcfe4d964e
Intel AMT tab will now show up in the correct language if available.
2022-08-22 13:06:25 -07:00
334a9b8321
Added LDAPSyncWithUserGroups to config.json schema ( #4415 )
2022-08-22 11:57:11 -07:00
00765288e6
Added LDAP membership user group sync options ( #4415 )
2022-08-22 11:43:45 -07:00
6b4179c20c
Added LDAP debug improvements.
2022-08-21 22:19:57 -07:00
8dd07495f5
MeshCentral will now auto-create LDAP user groups and sync users to their membership groups when the login using LDAP. ( #4415 )
2022-08-21 21:19:34 -07:00
daa4c60b77
You can now restrict what LDAP users can login based on LDAP membership groups ( #4415 )
2022-08-21 14:05:51 -07:00
8d1eab20e5
Logout will not redirect to /login ( #4420 )
2022-08-21 00:41:17 -07:00
ab84719afe
Fixed saving run command dialog state on the server.
2022-08-19 13:42:44 -07:00
0ae91ede62
Fix for SAML ( #4408 )
2022-08-18 00:37:39 -07:00
4092615c63
Fixed auth strategies when using with a second domain with a DNS ( #4404 )
2022-08-17 14:14:56 -07:00
2c9fcdbfd0
Fixed U2F server exception ( #4346 )
2022-07-31 11:25:28 -07:00
c8d8fc422c
When doing session IP address checkingin default 'lax' mode, if both addresses are private/loopback, it's now accepted as a match.
2022-07-28 15:12:28 -07:00
ddbd76e254
Fix for #4307
...
Added missing equals sign when checking null session
2022-07-22 23:01:43 +00:00
3dd8531ef9
Added code to skip the agent code signing certificate if missing and getting certs from database or vault ( #4299 )
2022-07-21 17:17:08 -07:00
46e511ef95
Fixed webserver.js exception.
2022-07-21 16:10:01 -07:00
4db8ff3946
Fixed webserver.js exception.
2022-07-21 16:08:38 -07:00
034ebc986c
LDAP debug improvements.
2022-07-20 13:35:59 -07:00
61e486ba38
Added support for LDAP account images ( #4283 )
2022-07-20 12:57:24 -07:00
b7bc172c40
ldapUserName and ldapUserRealname can now be set to for example: {{{givenName}}} {{{sn}}} ( #4276 )
2022-07-20 00:50:32 -07:00
58cd5e3bea
LDAP improvements ( #4276 )
2022-07-20 00:10:09 -07:00
466c765df5
LDAP improvements ( #4283 )
2022-07-19 13:50:40 -07:00
954e5cde32
ldapSaveUserToFile will now append the file ( #4276 )
2022-07-18 16:18:15 -07:00
b3dd3d3613
Added ldapSaveUserToFile option to help debug LDAP issues.
2022-07-18 16:12:53 -07:00
9f4c2cc53e
Fix for SSPI auth un-authorized.
2022-07-15 13:13:53 -07:00
acb9a5bb6e
Fixed Web-RDP when used with non-default domain ( #4271 )
2022-07-14 15:18:41 -07:00
66b0315624
Browser session security improvements.
2022-07-12 17:45:19 -07:00
04fb1f2bf0
Added CAPTCHA option when creating new accounts on login screen.
2022-07-11 14:35:05 -07:00
4382899468
Clean up cookie-session instance.
2022-07-11 11:19:04 -07:00
626c490771
Switch browser cookie signature from SHA1 to SHA384.
2022-07-11 11:11:03 -07:00
a151dcbfe6
Web relay can now handle connection:close responses.
2022-07-10 13:08:28 -07:00
5eca4eecee
Completed support for web relay with multiple DNS names.
2022-07-10 11:32:59 -07:00
1a72126c4f
Added DELETE and OPTIONS as supported web relay methods, #4241
2022-07-10 10:50:57 -07:00
a0ea6ead09
Put in the groundwork for web relay with multiple relay DNS names.
2022-07-10 01:32:11 -07:00
bd9739e106
Changed the web relay system to correctly with multiple DNS names, #4242
2022-07-09 13:32:55 -07:00
9dac8b7807
Web relay improvements, #4240
2022-07-08 18:00:15 -07:00
40bc91b6f3
Many CrowdSec improvements.
2022-07-07 21:51:09 -07:00
e72614296c
fix dns relay and samesite lax
2022-07-07 14:57:48 +01:00
mstrhakr
Ylian Saint-Hilaire
Daniel Castellanos
Simon Smith