sso
sso copied to clipboard
buzzfeed
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
Some upstreams need additional information about users from the google apis that require having an access token. Rather than passing the access token in a header, we can create a...
Related to #68. Config shouldn't require restarts and also should support remote endpoints and not just a file. My specific aim is essentially to be able to use Consul as...
**Is your feature request related to a problem? Please describe.** Currently if you change the yaml config for the sso-proxy, you have to reload the sso-proxy app itself. **Describe the...
I'm still reading through but it seems like it wouldn't be too hard to roll sso-auth and sso-proxy into a single binary, busybox/minikube style. It would simplify deployment, I think...
There are 4 timestamps in `sessions.SessionState` and their names are somewhat confusing, given that you're dealing w/ several things that may be on different expiration schedules, and indeed likely will...
# What This is something that was not changed from the original `oauth_proxy` clone that can be removed. Since we only have one provider for sso-proxy - the `SSOProvider`, to...
Currently the `FOOTER` env does nothing, there's no way to remove "Secured by SSO" or customize the login page without a recompile. I think a -ui flag that points to...
## What Since all of the cookie sessions logic lives in the sessions package, it makes sense to do all validation there as well rather than having that duplicate logic...
**Describe the bug** This popped up while writing the tests for TLS verification. ``` {"error":"x509: certificate signed by unknown authority","level":"error","msg":"error in upstreamTransport RoundTrip","service":"sso","time":"2018-09-18 16:13:01.9184"} 2018/09/18 16:13:01 server.go:2979: http: TLS handshake...
Many web applications eschew page refreshing and rely heavily on AJAX requests. This behavior circumvents SSO's ability to perform the proxy -> auth -> proxy redirect loop and it's easy...
