|
|
64b7f8e445
|
quiet down logs more
|
2022-06-15 16:58:11 -07:00 |
|
|
|
ef08346a74
|
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
|
2022-04-19 19:59:54 -04:00 |
|
|
|
912036b260
|
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
|
2022-04-19 12:41:38 -04:00 |
|
|
|
a4e8847664
|
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.
|
2022-04-19 10:37:58 -04:00 |
|
|
|
c492bf7eea
|
Forgot to send error on v0 auth expiry.
|
2022-04-18 16:36:09 -04:00 |
|
|
|
cb086ff97f
|
Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot.
|
2022-04-18 16:32:05 -04:00 |
|
|
|
55a99f34d0
|
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
|
2022-04-15 14:23:26 -04:00 |
|
|
|
58119598ae
|
comment out some new deauth code
|
2022-04-13 23:10:11 -04:00 |
|
|
|
42a2afaef9
|
This may improve controller behavior with SSO and mixed SSO, needs testing!
|
2022-04-13 21:39:56 -04:00 |
|
|
|
b3fbbd3124
|
refresh tokens now working
Still investigating the best way to do a couple things, but we have something working
|
2021-12-07 16:29:50 -08:00 |
|
|
|
7cce23ae79
|
wip
|
2021-12-01 10:44:29 -08:00 |
|
|
|
a33d7c64fe
|
more fixin
|
2021-11-30 17:27:13 -08:00 |
|
|
|
fa21fdc1cc
|
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
|
2021-11-11 16:19:26 -08:00 |
|
|
|
43433cdb5a
|
integrate rust build of zeroidc to linux
|
2021-11-04 17:16:23 -07:00 |
|
|
|
8d39c9a861
|
plumbing full flow from controller -> client network
|
2021-11-04 15:40:08 -07:00 |
|
|
|
134d33c218
|
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
|
2021-09-20 15:40:55 -07:00 |
|
|
|
20721491e8
|
kill some noisy logs
|
2021-08-19 13:03:56 -07:00 |
|
|
|
9eae444104
|
kill some verbose logs
|
2021-08-19 09:21:52 -07:00 |
|
|
|
576b4f03a5
|
Adjust deauth time window and send revocation when SSO members expire.
|
2021-08-18 12:17:40 -04:00 |
|
|
|
461810b06a
|
Move return so record gets created before URL.
|
2021-08-10 11:22:29 -04:00 |
|
|
|
613d7b5ece
|
fix backwards logic
|
2021-08-04 09:16:04 -07:00 |
|
|
|
663e748b8d
|
Deauth expiring members right away.
|
2021-07-26 23:45:18 -04:00 |
|
|
|
0cf62d334d
|
Remove pointless check.
|
2021-07-26 13:38:35 -04:00 |
|
|
|
0310bfa3e3
|
Include authentication URL in config
|
2021-07-23 19:17:42 -04:00 |
|
|
|
efe0e8aa7b
|
Notification of about-to-expire status... almost there.
|
2021-07-23 19:05:59 -04:00 |
|
|
|
5c7e51feaf
|
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev
|
2021-07-23 18:49:05 -04:00 |
|
|
|
34de579c91
|
Handling of soon-to-expire members
|
2021-07-23 18:49:00 -04:00 |
|
|
|
10215af96d
|
whoops
|
2021-07-06 13:18:08 -07:00 |
|
|
|
e67fee0264
|
debug logging
|
2021-07-06 13:08:21 -07:00 |
|
|
|
364ad87e2b
|
add ssoEnabled flag to network config
|
2021-06-05 13:44:45 -07:00 |
|
|
|
e6b4fb5af7
|
add "ssoRedirectURL" to local.conf
plumbed it through to the central controller code
|
2021-06-04 16:29:03 -07:00 |
|
|
|
1dfe909bab
|
Increase authentication URL sizes.
|
2021-06-04 16:46:56 -04:00 |
|
|
|
74a678c1e1
|
chicken or egg problem.
member must exist in the database before we can generate a nonce & SSO URL
|
2021-06-04 12:49:26 -07:00 |
|
|
|
f27d193cf6
|
.
|
2021-06-04 11:56:12 -07:00 |
|
|
|
7ca2ecb421
|
put expiry time back on nc object
|
2021-06-04 11:39:52 -07:00 |
|
|
|
0702e581a1
|
remove some noisy log lines & fix a query error
|
2021-06-04 11:06:54 -07:00 |
|
|
|
c78792a705
|
moar temporary debug printfs
|
2021-06-04 11:00:51 -07:00 |
|
|
|
287c19e822
|
move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not
|
2021-06-04 09:46:31 -07:00 |
|
|
|
4f521baafd
|
Big SSO update
make things hopefully work
|
2021-06-03 14:38:26 -07:00 |
|
|
|
fc6d90a04a
|
set the correct default
|
2021-06-02 14:27:58 -07:00 |
|
|
|
d2f1d05a06
|
handle cases where authenticationURL and authenticationExpiryTime don't exist
|
2021-06-02 13:46:43 -07:00 |
|
|
|
c470c6255e
|
Postgres code for SSO (almost certainly needs work)
|
2021-05-28 17:08:24 -04:00 |
|
|
|
6b3a7ec827
|
Fix a few things...
|
2021-05-25 14:40:40 -04:00 |
|
|
|
1ce71f9dc0
|
Build fix.
|
2021-05-25 13:05:06 -04:00 |
|
|
|
18508b5a2e
|
Build fix.
|
2021-05-25 13:04:14 -04:00 |
|
|
|
621898f3c5
|
Forgot to set auth info in NetworkConfig.
|
2021-05-25 13:02:06 -04:00 |
|
|
|
2c1d7f3dcc
|
CLI printing of URL.
|
2021-05-25 12:58:33 -04:00 |
|
|
|
b270d527f4
|
Basic plumbing for authentication requirement and piping through of URL information.
|
2021-05-24 22:58:17 -04:00 |
|
|
|
d64c5a92c6
|
Merge pull request #1233 from dosuperuser/improvement/optimizations
Minor C++ optimizations
|
2020-11-24 19:24:36 -05:00 |
|
|
|
ff23d3051f
|
self hosted controller JSON format fix for DNS
|
2020-09-23 12:16:23 -07:00 |
|
