- authenticate: added a token exchange api endpoint that converts
an identity provider's JWT into a pomerium session.
- internal/identity: authenticate now passes context.
- internal/identity: removed extraneous GetSignInURL from okta.
- internal/sessions: add rest store
- update go.mod / go.sum depedencies.
- docs: add programmatic examples in shell and python
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details.
* docs: updated `env.example` to include a `POLICY` setting example.
* docs: added `IDP_SERVICE_ACCOUNT` to `env.example` .
* docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`.
* all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files.
* proxy: `ROUTES` settings which has been replaced by `POLICY`.
* internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one.
Closes#54Closes#41Closes#61Closes#58
- authenticate/providers: add group support to azure
- authenticate/providers: add group support to google
- authenticate/providers: add group support to okta
- authenticate/providers: add group support to onelogin
- {authenticate/proxy}: change default cookie lifetime timeout to 14 hours
- proxy: sign group membership
- proxy: add group header
- deployment: add CHANGELOG
- deployment: fix where make release wasn’t including version
- Fixed pomerium.io site description
- Updated kubernetes examples to use the latest docker images.
- Use cryputil hash function for proxy hmac.
- Add unit tests for proxy handlers.
* authenticate: set cookie secure as default.
* authenticate: remove single flight provider.
* authenticate/providers: Rename “ProviderData” to “IdentityProvider”
* authenticate/providers: Fixed an issue where scopes were not being overwritten
* proxy/authenticate : http client code removed.
* proxy: standardized session variable names between services.
* docs: change basic docker-config to be an “all-in-one” example with no nginx load.
* docs: nginx balanced docker compose example with intra-ingress settings.
* license: attribution for adaptation of goji’s middleware pattern.
- Fixed a bug where Lifetime TTL was set to a minute.
- Remove nested mux in authenticate handlers.
- Remove extra ping endpoint in authenticate and proxy.
- Simplified sign in flow with multi-catch case statement.
- Removed debugging logging.
- Broke out cmd/pomerium options into own file.
- Renamed msicreant cipher to just cipher.
Closes#23
- Update PR template to use Go language conventions.
- Moved healthcheck middleware to hijack a request before logging.
- Rewrote the quickstart guides to follow a similar pattern.
- Added an overview blurb on pomerium and its goals.
- Add an "example config" section to docs.
