* Attempt to fix the cargo version in launchpad build
* Add branch stable-0.6.x to the workflows
* Install the pam module to the proper location
* Update README.md
* Add a debug option to the config
* Add a pam option for the OpenSSH 2876 workaround
* Update to the latest libhimmelblau
* Authorize all users when pam_allow_groups is empty
* Fix clippy warnings
* Fix pam echo not displayed via ssh
* Fix pam failure to register Pin following mfa poll
* Fork from kanidm
* Version 0.6.0
* Add cargo deb build
* Version 0.5.3
* Improve the README installation instructions
* Add `make install` command
* Improve Debian/Ubuntu install instructions
* Fix tag push permissions for tag-version workflow
* Version 0.5.2
* Add a version check script
* Version 0.5.1
* Remove the rustc dependency, breaking rustup
* Added Debian packaging workflow and files
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=35
* Update workflows for 0.5.x
* Update Debian dependencies in README.md
* Compilation fails on Ubuntu, missing ldb header
* Fix base32 with kandim updates
* deps(rust): update base32 requirement from ^0.4.0 to ^0.5.0
* deps(rust): update scim_proto requirement from ^0.2.1 to ^1.3.2
* deps(rust): update bindgen requirement from 0.69.4 to 0.70.1
* Fix CI failures caused by cargo 1.80.1
* Update to libhimmelblau version 0.2.9
* deps(rust): update rusqlite requirement from ^0.31.0 to ^0.32.0
* deps(rust): update tonic requirement from 0.11.0 to 0.12.0
* update libnss requirement from 0.7.0 to 0.8.0
* Switch to using libhimmelblau
* himmelblaud stops working after suspend
* Update required packages for tumbleweed
* Disable the SFA fallback by default
* Fix ConsolidatedTelephony MFA method
* Use the group ID for the name if no display name
* Use latest msal with MFA fixes
* PhoneAppNotification is not a cred request algorithm
* The polling_interval is in milliseconds, not seconds
* OneWaySMS is additionally a valid OTP
* Relicensing as GPL3, as SSSD source inclusion requires
* Utilize the graph code in msal
* config: Remove comments about experimental policy enforement
* Remove the experimental policy code from the id provider
* Fix a refresh token leak in debug from msal
* Correct README details
* Always normalize idmap upn inputs
* Add video links to the README
* Minor updates to the Contributing section
* Add a Installation section to the README
* Add the new SSSD idmap build deps to the README
* Add a section about donations
* Include the Samba Technical matrix channel
* Add github workflows for the 0.4.x branch
* Version 0.5.0 bump for main
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=31
- Update to version 0.4.0+git.0.69b64fe:
* Add github workflows for the 0.4.x branch
* Do not append to pam_allow_groups automatically
* Pam Allow Groups must be specified by Object ID
* Request the correct resource and permissions
* Improve error output on group lookup failure
* When faking a uuid for NSS, use a random uuid
* Fix clippy warning about inefficient use of clone()
* Remove the initial uid hack, use name mapping
* Don't stop an MR based on a clippy warning
* Update Kanidm tracking
* Modify CI workflows to handle idmap build
* Add CI job for cargo test
* Test the new and legacy idmapping
* Ensure duplicate providers are not started
* Use the SSSD Idmap code in Himmelblau
* Specify in conf that pam_allow_groups is required
* Remove code duplication in Hello PIN auth
* Fix Device authentication failed after enrollment
* Update the base64urlsafedata version
* Update README.md with Matrix contact info
* Version 0.4.0
OBS-URL: https://build.opensuse.org/request/show/1175395
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=21
- Update to version 0.3.1+git.0.359a8d0:
* Add github workflows for the 0.3.x branch
* Fallback to SFA first if MFA fails Browse files
* deps(rust): update libnss requirement from 0.6.0 to 0.7.0
* deps(rust): update webauthn-rs-proto requirement from 0.4.8 to 0.5.0
* Fix deadlock caused by client write lock
* Add rid idmapping (replacing existing idmap)
* Additional debug for Hello auth
* Make proto Cargo.toml a physical file
* Push the clippy arg count limit a little higher
* Version 0.3.0
* Windows Hello PIN implementation
* deps(rust): update hostname requirement from ^0.3.1 to ^0.4.0
* Enable actions on stable branches
* Prevent dependabot from updating opentelemetry
* Revert "deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)"
* deps(rust): update reqwest requirement from ^0.11.18 to ^0.12.2 (#95)
* deps(rust): update lru requirement from ^0.8.0 to ^0.12.3 (#94)
* deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)
* deps(rust): update num_enum requirement from ^0.5.11 to ^0.7.2 (#92)
* deps(rust): update tonic requirement from 0.10.2 to 0.11.0 (#91)
* Use the Kanidm MFA patches
* deps(rust): update libnss requirement from 0.5.0 to 0.6.0 (#90)
* deps(rust): update tracing-opentelemetry requirement (#89)
* deps(rust): update rusqlite requirement from ^0.28.0 to ^0.31.0 (#88)
* deps(rust): update clap requirement from ^3.2 to ^4.5 (#87)
* deps(rust): update kanidm-hsm-crypto requirement from ^0.1.6 to ^0.2.0 (#86)
* Update dependabot.yml
* Add missing db dependency on sketching
* Set the workspace resolver version to 2
* Init the kanidm submodule during workflows
* Ignore clippy blocks_in_conditions warning in daemon
* Add build/clippy/dependabot_automerge workflows
* deps(rust): update opentelemetry-otlp requirement from 0.13.0 to 0.15.0
* deps(rust): update opentelemetry_sdk requirement from 0.20.0 to 0.22.1
* deps(rust): update base64 requirement from ^0.21.5 to ^0.22.0
* deps(rust): update notify-debouncer-full requirement from 0.1 to 0.3
* deps(rust): update systemd-journal-logger requirement
* Create dependabot.yml
* Add MFA capabilities
* Update to the latest Kanidm reqs
* Always force MFA when enrolling the device
* Update to latest msal
OBS-URL: https://build.opensuse.org/request/show/1170870
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=12
- Update to version 0.2.0+git.4.904b915:
* Update to latest msal
* Version 0.2.0
* Himmelblau now authenticates only to configured domains
* Remove reference to python-msal dep in README
* Use the external MSAL crate for auth
* Rename msal in prep for external msal crate
* msal: Remove python msal bindings
* msal: Rust msal
* Point Cargo.toml to new project home
* config: Write domain join to server specific config
* idprovider: Invalidate cached user if PRT req fails
* idprovider: Pass the keystore to the auth function
* Update daemon from kanidm
* test: Add a pause to ensure tasks daemon sees himmelblau
* Update kanidm submodule
* config: Include domain sections in configured domains
* msal: Add acquire_token_by_refresh_token
* enrollment: Authentication fixes
* tests: Create the hsm-pin directory
* idprovider: Add domain join debug
* cargo: Use relative paths and remove most symlinks
* idprovider: Allow group search when device is authenticated
* msal: Move the application reqs from misc to msal::application
* msal: Move user reqs from misc to msal::user
* Remove duplicates from allow_groups during enrollment
* Remove device enrollment from TODO
* Implement Device enrollment
* enrollment: Add the nonce service request
* enrollment: Add enrollment service discovery
* Implement ConfidentialClientApplication for enrollment
* daemon: Fix inverted logic on cache dir check
* nss: Use upstream nss package
* idprovider: Provider auth needs to point to just the host
* config: Consistently use the config file provided to the daemon
* cargo: Use relative paths and remove most symlinks
* clippy: Add kanidm's clippy config
* config: Only check for tenant_id, authority, graph if necessary
* Update README.md
* Update version to 0.1.2
* config: Fix typos in the config file
* Make most params to acquire_token_interactive optional
* Config can take defaults
* cli: Add missing cli opt file
* cli: Improve aad-tool options and interface
* Update README.md
* tests: Fix tasks daemon name typo
* Remove MFA from TODO
OBS-URL: https://build.opensuse.org/request/show/1149608
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=8
- Update to version 0.1.1+git.10.4aa76b7:
* daemon: Fix inverted logic on cache dir check
* nss: Use upstream nss package
* idprovider: Provider auth needs to point to just the host
* config: Consistently use the config file provided to the daemon
* cargo: Use relative paths and remove most symlinks
* clippy: Add kanidm's clippy config
* config: Only check for tenant_id, authority, graph if necessary
* Correct the cargo version
OBS-URL: https://build.opensuse.org/request/show/1134659
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/himmelblau?expand=0&rev=3
* daemon: Fix inverted logic on cache dir check
* nss: Use upstream nss package
* idprovider: Provider auth needs to point to just the host
* config: Consistently use the config file provided to the daemon
* cargo: Use relative paths and remove most symlinks
* clippy: Add kanidm's clippy config
* config: Only check for tenant_id, authority, graph if necessary
* Correct the cargo version
OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=6
