885 Commits

Author	SHA1	Message	Date
mstrhakr	25345fe6b5	fix bug with required group + debug cleanup	2022-09-06 17:58:37 -04:00
Ylian Saint-Hilaire	1ae01b2113	Added LDAP site admin support, OpenID samples and schema and more (#4506)	2022-09-06 00:30:07 -07:00
mstrhakr	5619948d31	Added Group Support to OIDC ... Supports choosing groups to.. -Allow or restrict login to server -Sync with user groups (with / without filter) -Grant or revoke site admin privileges	2022-09-06 00:29:22 -04:00
mstrhakr	60ee315b79	actually working discovery	2022-09-04 19:41:14 -04:00
mstrhakr	7ec476ec4d	initial working discovery ... if user is missing info, we will discover it automatically using well-known endpoints	2022-09-04 15:18:53 -04:00
mstrhakr	c8774e700b	update oidc scope ... passport-openidconnect adds the 'openid' scope to the request, regardless of if its already there. removed 'openid' scope removed unused 'groups' scope	2022-09-03 18:22:26 -04:00
Ylian Saint-Hilaire	d1e04a7ca7	Fixed SSPI authentication exception.	2022-09-03 00:32:49 -07:00
Ylian Saint-Hilaire	49e04bd454	Improved user authentication log and added 'authlog' tracing.	2022-09-01 22:06:08 -07:00
mstrhakr	03e15c6be1	update oidc passport module ... Updated to official passport-openidconnect module, removed custom module.	2022-08-31 23:51:24 -04:00
Ylian Saint-Hilaire	d4d1f7d454	MeshCMD is now signed using the MeshCentral code signing cert.	2022-08-31 01:36:23 -07:00
Ylian Saint-Hilaire	0bf459bb51	Many web relay improvements and fixes (#4467, #4456)	2022-08-30 17:53:27 -07:00
Ylian Saint-Hilaire	f7dc1d749b	Added 'keepcerts' option to force keeping HTTPS/MPS cert.	2022-08-26 15:43:12 -07:00
Ylian Saint-Hilaire	4fe394226c	Improved web relay sharing (#4413)	2022-08-25 21:10:09 -07:00
Ylian Saint-Hilaire	5d7fabfc21	Added guest web sharing of HTTP/HTTPS (#4413)	2022-08-25 20:11:47 -07:00
Ylian Saint-Hilaire	6b1b034c61	Fixed device sharing links when using in LAN mode.	2022-08-24 14:10:40 -07:00
Ylian Saint-Hilaire	fcfe4d964e	Intel AMT tab will now show up in the correct language if available.	2022-08-22 13:06:25 -07:00
Ylian Saint-Hilaire	334a9b8321	Added LDAPSyncWithUserGroups to config.json schema (#4415)	2022-08-22 11:57:11 -07:00
Ylian Saint-Hilaire	00765288e6	Added LDAP membership user group sync options (#4415)	2022-08-22 11:43:45 -07:00
Ylian Saint-Hilaire	6b4179c20c	Added LDAP debug improvements.	2022-08-21 22:19:57 -07:00
Ylian Saint-Hilaire	8dd07495f5	MeshCentral will now auto-create LDAP user groups and sync users to their membership groups when the login using LDAP. (#4415)	2022-08-21 21:19:34 -07:00
Ylian Saint-Hilaire	daa4c60b77	You can now restrict what LDAP users can login based on LDAP membership groups (#4415)	2022-08-21 14:05:51 -07:00
Ylian Saint-Hilaire	8d1eab20e5	Logout will not redirect to /login (#4420)	2022-08-21 00:41:17 -07:00
Ylian Saint-Hilaire	ab84719afe	Fixed saving run command dialog state on the server.	2022-08-19 13:42:44 -07:00
Ylian Saint-Hilaire	0ae91ede62	Fix for SAML (#4408)	2022-08-18 00:37:39 -07:00
Ylian Saint-Hilaire	4092615c63	Fixed auth strategies when using with a second domain with a DNS (#4404)	2022-08-17 14:14:56 -07:00
Ylian Saint-Hilaire	2c9fcdbfd0	Fixed U2F server exception (#4346)	2022-07-31 11:25:28 -07:00
Ylian Saint-Hilaire	c8d8fc422c	When doing session IP address checkingin default 'lax' mode, if both addresses are private/loopback, it's now accepted as a match.	2022-07-28 15:12:28 -07:00
Daniel Castellanos	ddbd76e254	Fix for #4307 ... Added missing equals sign when checking null session	2022-07-22 23:01:43 +00:00
Ylian Saint-Hilaire	3dd8531ef9	Added code to skip the agent code signing certificate if missing and getting certs from database or vault (#4299)	2022-07-21 17:17:08 -07:00
Ylian Saint-Hilaire	46e511ef95	Fixed webserver.js exception.	2022-07-21 16:10:01 -07:00
Ylian Saint-Hilaire	4db8ff3946	Fixed webserver.js exception.	2022-07-21 16:08:38 -07:00
Ylian Saint-Hilaire	034ebc986c	LDAP debug improvements.	2022-07-20 13:35:59 -07:00
Ylian Saint-Hilaire	61e486ba38	Added support for LDAP account images (#4283)	2022-07-20 12:57:24 -07:00
Ylian Saint-Hilaire	b7bc172c40	ldapUserName and ldapUserRealname can now be set to for example: {{{givenName}}} {{{sn}}} (#4276)	2022-07-20 00:50:32 -07:00
Ylian Saint-Hilaire	58cd5e3bea	LDAP improvements (#4276)	2022-07-20 00:10:09 -07:00
Ylian Saint-Hilaire	466c765df5	LDAP improvements (#4283)	2022-07-19 13:50:40 -07:00
Ylian Saint-Hilaire	954e5cde32	ldapSaveUserToFile will now append the file (#4276)	2022-07-18 16:18:15 -07:00
Ylian Saint-Hilaire	b3dd3d3613	Added ldapSaveUserToFile option to help debug LDAP issues.	2022-07-18 16:12:53 -07:00
Ylian Saint-Hilaire	9f4c2cc53e	Fix for SSPI auth un-authorized.	2022-07-15 13:13:53 -07:00
Ylian Saint-Hilaire	acb9a5bb6e	Fixed Web-RDP when used with non-default domain (#4271)	2022-07-14 15:18:41 -07:00
Ylian Saint-Hilaire	66b0315624	Browser session security improvements.	2022-07-12 17:45:19 -07:00
Ylian Saint-Hilaire	04fb1f2bf0	Added CAPTCHA option when creating new accounts on login screen.	2022-07-11 14:35:05 -07:00
Ylian Saint-Hilaire	4382899468	Clean up cookie-session instance.	2022-07-11 11:19:04 -07:00
Ylian Saint-Hilaire	626c490771	Switch browser cookie signature from SHA1 to SHA384.	2022-07-11 11:11:03 -07:00
Ylian Saint-Hilaire	a151dcbfe6	Web relay can now handle connection:close responses.	2022-07-10 13:08:28 -07:00
Ylian Saint-Hilaire	5eca4eecee	Completed support for web relay with multiple DNS names.	2022-07-10 11:32:59 -07:00
Ylian Saint-Hilaire	1a72126c4f	Added DELETE and OPTIONS as supported web relay methods, #4241	2022-07-10 10:50:57 -07:00
Ylian Saint-Hilaire	a0ea6ead09	Put in the groundwork for web relay with multiple relay DNS names.	2022-07-10 01:32:11 -07:00
Ylian Saint-Hilaire	bd9739e106	Changed the web relay system to correctly with multiple DNS names, #4242	2022-07-09 13:32:55 -07:00
Ylian Saint-Hilaire	9dac8b7807	Web relay improvements, #4240	2022-07-08 18:00:15 -07:00