wonderwall

mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 00:46:56 +00:00

Author	SHA1	Message	Date
Trong Huu Nguyen	2925ebe9e4	fix(handler/session): return metadata response even if session is inactive	2023-06-09 13:52:36 +02:00
Trong Huu Nguyen	9852b0a290	fix(handler/logout): ignore session validation errors; attempt to delete regardless	2023-06-09 13:52:35 +02:00
Trong Huu Nguyen	b28c91c94c	perf(all): use single Transport, set IdleConnTimeout Reduces IdleConnTimeout to 5 seconds. Reverse proxying to a server that has a shorter keep-alive may cause "EOF" and "connection reset by peer" issues as the connections may be closed by the upstream before our client notices.	2023-05-16 08:36:45 +02:00
Trong Huu Nguyen	97f0d078bf	feat(handler): validate acr if configured, change auth status if invalid	2023-05-12 08:47:27 +02:00
Trong Huu Nguyen	390cd78e9f	feat(handler): set legacy cookie for sso server	2023-05-12 08:47:26 +02:00
Trong Huu Nguyen	5c96d5a0fd	feat(all): reduce log level for some spammy statements	2023-05-08 10:56:07 +02:00
Trong Huu Nguyen	350d7ff780	feat(cookie): allow configuration of name prefix This is to alleviate issues with deployments on different subdomains using overlapping cookie names where browsers behave unpredictably.	2023-05-08 10:23:27 +02:00
Trong Huu Nguyen	0c531d9ec1	perf: increase max idle connections for http clients	2023-05-04 14:45:45 +02:00
Trong Huu Nguyen	6151aa3279	feat(openid, handler): support runtime override of redirect after single-logout Fixes #100.	2023-05-04 14:45:13 +02:00
Trong Huu Nguyen	59b2dd1d66	fix(handler/reverseproxy): only trigger acr step up for non-ignored autologin paths	2023-05-02 08:53:51 +02:00
Trong Huu Nguyen	feb27414a5	refactor(handler/acr): only enable if autologin is also enabled	2023-04-29 13:56:13 +02:00
Trong Huu Nguyen	3a239a95c3	feat(reverseproxy): validate acr and redirect if applicable	2023-04-29 11:54:53 +02:00
Trong Huu Nguyen	7c98fe161e	refactor(handler/reverseproxy): retrieve both session and token	2023-04-29 11:17:00 +02:00
Trong Huu Nguyen	efcc276ed5	fix(handler/sso/proxy): redirect logout callbacks to logout	2023-04-29 09:00:28 +02:00
Trong Huu Nguyen	87ffee4a34	fix(handler/sso/proxy): proxy frontchannel logouts	2023-04-29 08:55:14 +02:00
Trong Huu Nguyen	ab2a8b6fec	fix(handler/sso/proxy): redirect callback requests to login	2023-04-29 08:52:41 +02:00
Trong Huu Nguyen	568f9f7683	feat(handler): use 302 instead of 303 for redirects	2023-04-29 08:42:29 +02:00
Trong Huu Nguyen	bc651d9082	fix: use 303 instead of 307 for redirects	2023-04-28 01:30:17 +02:00
Trong Huu Nguyen	c60f9478a5	fix(metrics): strip urls for login counter	2023-04-26 09:57:29 +02:00
Trong Huu Nguyen	55d2e0ce3b	feat(metrics): add redirect label for login counter	2023-04-26 09:28:00 +02:00
Trong Huu Nguyen	ad7160e04d	fix(handler/sso/proxy): local logout should be reverse proxied	2023-04-21 16:43:33 +02:00
Trong Huu Nguyen	0ba41e312a	feat(handler): local logout returns 204 instead of redirect Redirecting after local logout introduces the possibility of matching a path that automatically performs login, which for a local logout means the user is automatically logged in again due to having an SSO session - which nullifies the whole logout operation. Applications that want local logout must trigger and handle the response just like any other API call.	2023-04-21 16:25:26 +02:00
Trong Huu Nguyen	0ba124809a	feat(handler): local logout redirects back to preconfigured URL	2023-04-21 15:21:02 +02:00
Trong Huu Nguyen	19b2401831	feat(metrics): add authentication method reference label for successful logins	2023-04-18 12:20:23 +02:00
Trong Huu Nguyen	bab62c072b	feat(handler/sso/server): return not found instead of redirect for wildcard handler	2023-04-13 14:20:38 +02:00
Trong Huu Nguyen	5ad603395c	fix(handler/sso/proxy): override request path for reverseproxy to sso-server	2023-04-13 14:19:48 +02:00
Trong Huu Nguyen	9cb648917b	fix(handler/sso/proxy): only set default query parameters for login handler	2023-04-13 09:20:34 +02:00
Trong Huu Nguyen	163d9e42ad	fix(handler/reverseproxy): preserve inbound forwarded/x-forwarded headers	2023-04-12 15:05:55 +02:00
Trong Huu Nguyen	ef8c7d2cca	feat(sso/server): redirect to login for wildcard handler	2023-03-29 09:55:16 +02:00
Trong Huu Nguyen	c72093dda9	fix(handler/sso/proxy): use correct query for login url	2023-03-21 09:11:31 +01:00
Trong Huu Nguyen	3dc3c1dee5	feat(sso/server): return not found instead of redirect for wildcard handler	2023-03-08 12:53:25 +01:00
Trong Huu Nguyen	a375ac774d	feat(router): add ping route for health probes	2023-03-01 09:27:06 +01:00
Trong Huu Nguyen	442e056b26	refactor(handler): inline error handler, remove unnecessary getters	2023-02-24 19:24:02 +01:00
Trong Huu Nguyen	f346e9e91d	refactor(router): use a more apt name for wildcard handler	2023-02-24 18:33:41 +01:00
Trong Huu Nguyen	5342913676	refactor: move cookie options to handler constructors	2023-02-24 18:21:36 +01:00
Trong Huu Nguyen	3e93423464	refactor(sso/server): redirect requests for wildcard routes to default URL	2023-02-22 10:19:26 +01:00
Trong Huu Nguyen	9ecfdb73ef	fix(handler): time-to-refresh in session metadata is disabled for sso	2023-02-22 10:11:39 +01:00
Trong Huu Nguyen	492e0b5625	feat(sso/proxy): implement upstream reverseproxy with prerequisites	2023-02-21 14:50:51 +01:00
Trong Huu Nguyen	94a66fac2a	refactor(handler): extract path matcher for reuse	2023-02-21 14:45:14 +01:00
Trong Huu Nguyen	59a2e7b7a0	refactor(session): simplify AccessToken method, don't export methods that are only used within package	2023-02-21 14:40:27 +01:00
Trong Huu Nguyen	27897dad63	refactor(handler/standalone): use new sessionmanager, remove unneeded methods	2023-02-21 14:16:51 +01:00
Trong Huu Nguyen	7a52b0d1a3	refactor(handler/reverseproxy): require GetAccessToken from source instead of obsolete session handler	2023-02-21 13:31:06 +01:00
Trong Huu Nguyen	f4ae907a2b	refactor(handler/reverseproxy): clean up error handling	2023-02-21 13:30:29 +01:00
Trong Huu Nguyen	fb28da7241	refactor: consolidate handlers	2023-02-16 10:55:50 +01:00
Trong Huu Nguyen	3274cc5c65	refactor: move redirect package into url, clean up naming	2023-02-16 09:24:39 +01:00
Trong Huu Nguyen	2c5d964983	refactor(handler/reverseproxy): reduce log severity for cookie decrypt failures	2023-02-15 08:43:25 +01:00
Trong Huu Nguyen	0537c8172f	feat(session): use tickets for per-session data encryption Replace the usage of a single application-wide session crypter with per-session crypters. The application is no longer able to decrypt any session encrypted with its symmetric key alone. Instead, a session ticket with its associated data encryption key (DEK) is also required in order to decrypt the associated session data. The ticket itself is encrypted with the application's crypter; the latter of which is effectively a key-encryption key (KEK). Fixes #49.	2023-02-14 21:50:19 +01:00
Trong Huu Nguyen	d17feacc34	refactor(handler/autologin): use sync.Map for cache	2023-02-14 14:20:46 +01:00
Trong Huu Nguyen	ce2698f2bb	refactor(cookie): use rawurlencoding for base64	2023-02-13 20:15:12 +01:00
Trong Huu Nguyen	66dec32de0	feat(sso/proxy): implement handlers for session routes	2023-02-10 14:58:19 +01:00

1 2 3

143 Commits