Lauri Võsandi
Lauri Võsandi
The scope of this ticket is the introduction of meaningfully secure U2F support. For example resetting U2F keys via e-mail doesn't add meaningful security. Global enrollment flag options: * Mandatory:...
Probably deserves some discussion whether this should be part of OIDC provider, yet it opens up several interesting usecases * Include SSH keys in OIDC claim * Autosync keys from...
Pros: * Users could be marked as owners for generated resources and claims via `ownerReferences` and deletion of user results in cleanup of their resources * Permits easy cleanup of...
Applications will still retain their cookies if impersionation is triggered in OIDC gateway. This has some potential of leaking cookies/secrets across users and I guess also there is risk for...
It could be possible to use ConfigMap to tune how application listing and application detail view are rendered. Listing view: * Icon URL * Application description This could facilitate adding...
I am starting to believe correct way to separate upstream IdP(s) managed attributes is by having separate Kubernetes subresources for them. ``` apiVersion: codemowers.io/v1alpha1 kind: OIDCGWUser metadata: name: johnsmith status:...
Currently it's hard to see what groups exists and who are members of these groups
This probably needs a bit more thought but initial ideas include: * Successful auth/userinfo/etc endpoint request counts, likely with client ID label * Active session count, probably also with client...
These probably should be generalized neatly so it can be broadcasted into all channels (Slack, e-mail, etc) * When user was logged in (mention UA, source IP etc) * When...