* betterer errors on things
* Adding tpm-udev as a dependency of kanidm-unixd
* fixing makefile arch error
* adding jq to deb build deps
* adding kanidm deb to autobuild
* making the debian build script more resilient
Himmelblau requires access to the keystore at
auth time in order to store the id key modified
during a device join.
Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
Himmelblau will use the DeviceAuthorizationGrant
(defined in RFC8628) to perform MFA. This commit
adds the bits to Kanidm to make that possible,
using the new pam state machine code.
Signed-off-by: David Mulder <dmulder@samba.org>
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.
Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
Himmelblau needs access to the old token during
a refresh otherwise the GECOS is lost (AAD
responds with everything we need except GECOS).
Signed-off-by: David Mulder <dmulder@samba.org>
* Starting to chase down testing
* commenting out unused/inactive endpoints, adding more tests
* clippyism
* making clippy happy v2
* testing when things are not right
* moar checkpoint
* splitting up testkit things a bit
* moving https -> tide
* mad lad be crabbin
* spawning like a frog
* something something different spawning
* woot it works ish
* more server things
* adding version header to requests
* adding kopid_middleware
* well that was supposed to be an hour... four later
* more nonsense
* carrying on with the conversion
* first pass through the conversion is DONE!
* less pub more better
* session storage works better, fixed some paths
* axum-csp version thing
* try a typedheader
* better openssl config things
* updating lockfile
* http2
* actually sending JSON when we say we will!
* just about to do something dumb
* flargl
* more yak shaving
* So many clippy-isms, fixing up a query handler bleep bloop
* So many clippy-isms, fixing up a query handler bleep bloop
* fmt
* all tests pass including basic web logins and nav
* so much clippyism
* stripping out old comments
* fmt
* commenty things
* stripping out tide
* updates
* de-tiding things
* fmt
* adding optional header matching ,thanks @cuberoot74088
* oauth2 stuff to match #1807 but in axum
* CLIPPY IS FINALLY SATED
* moving scim from /v1/scim to /scim
* one day clippy will make sense
* cleanups
* removing sketching middleware
* cleanup, strip a broken test endpoint (routemap), more clippy
* docs fmt
* pulling axum-csp from the wrong cargo.toml
* docs fmt
* fmt fixes
