Jonathan Perret
425365d22a
v1.0.7 release
v1.0.7
2025-05-07 17:07:48 +02:00
Jonathan Perret
63806bde22
Merge pull request #30 from numerique-gouv/fix-cve
...
Remove unused APT dependencies that trigger a CVE warning
2025-05-07 13:46:13 +02:00
Jonathan Perret
96299e1386
⬆️ (deps) Bump gunicorn to 23.0.0
2025-05-07 13:43:45 +02:00
Jonathan Perret
bf015c9238
🔒 ️(docker) remove unused APT dependencies that trigger a CVE warning
...
Specifically CVE-2023-45853 was flagged in our Docker image, but
it is in libfreetype6 which we don't use, and is only pulled in
because of a recommended depdency of `gcc` — which we don't need
in any case.
2025-05-07 13:43:45 +02:00
Jacques ROUSSEL
589d447f19
🐛 (ci) fix helmfile linter
...
Latest helmfile version breaks lots of thing.
2025-03-28 14:46:38 +01:00
Jacques ROUSSEL
ddc09cca50
🐛 (ci) use github action for argocd webhook notification
...
In order to refactor this notification between alls projetcs, we
chooseto use a custom github action
2025-03-28 14:46:38 +01:00
Jonathan Perret
ae2d4a573b
Deploy release v1.0.6 to production.
2025-03-11 16:34:02 +01:00
Jonathan Perret
5be05fe43e
v1.0.6 release
v1.0.6
2025-03-11 16:31:50 +01:00
Jonathan Perret
f90df5c2c6
Merge pull request #27 from numerique-gouv/allow-more-affiliations
...
Allow more affiliations
2025-03-11 16:02:10 +01:00
Jonathan Perret
6bbcd95069
🔧 (config) allow more affiliations
...
We agreed with RENATER to allow people having one of the following
affiliations: faculty, staff, employee, researcher, teacher.
2025-03-11 15:42:27 +01:00
Jonathan Perret
b839c32b50
Merge pull request #26 from numerique-gouv/satosa-8.5.1
...
⬆️ (deps) upgrade to SATOSA 8.5.1
2025-03-11 15:38:15 +01:00
Jonathan Perret
9b062aa27d
⬆️ (deps) upgrade to SATOSA 8.5.1
2025-03-11 15:23:36 +01:00
Jonathan Perret
4a2ece217b
Deploy release v1.0.5 to production.
2025-03-06 19:48:00 +01:00
Jonathan Perret
a7577ff85e
v1.0.5 release
v1.0.5
2025-03-06 19:38:28 +01:00
Jonathan Perret
4e81e1e750
Merge pull request #25 from numerique-gouv/custom-log-levels
...
🚀 (logging) allow customizing log levels per logger
2025-03-06 19:36:05 +01:00
Jonathan Perret
c27ebfe6ae
🚀 (logging) allow customizing log levels per logger
...
This lets one enable increased logging at a finer level. For example,
one could enable debug logging for a specific logger, while keeping the
rest of the application at info level.
2025-03-06 19:27:01 +01:00
Jonathan Perret
d84f2b32d5
Merge pull request #24 from numerique-gouv/filter-paths
...
🔒 ️(nginx) add basic path allowlist to block random attacks
2025-03-05 18:32:09 +01:00
Jonathan Perret
9cb67bfb87
🔒 ️(nginx) add basic path allowlist
...
This should cut down on opportunistic attack attempts, which are more
a nuisance than anything right now but it can't hurt to stop them
earlier.
2025-03-05 18:26:45 +01:00
Jonathan Perret
ba1774bdbf
Merge pull request #23 from numerique-gouv/fix-e2e-test
...
✅ (e2e) fix e2e test with PC staging
2025-03-05 18:18:45 +01:00
Jonathan Perret
cb8ff5d878
✅ (e2e) fix e2e test with PC staging
...
Adapt to updated mock service.
2025-03-05 17:52:03 +01:00
rouja
a6e01c071e
Merge pull request #21 from numerique-gouv/add-pdbs
...
🔧 (helm) add pdbs to deployements
2025-02-10 17:24:10 +01:00
Jacques ROUSSEL
5a0f2da202
🔧 (helm) add pdbs to deployements
...
In order to avoid a service interruption during a Kubernetes
(k8s)upgrade, we add a Pod Disruption Budget (PDB) to deployments.
2025-02-10 17:19:08 +01:00
rouja
3b2d50d657
Merge pull request #20 from numerique-gouv/fix-issuer
...
fix letsencrypt issuer for new preprod
2025-02-07 11:53:59 +01:00
Jacques ROUSSEL
52d7de305c
🔧 (helm) change letsencrypt issuer
...
The name of the cluster issuer on the new preprod is 'letsencrypt,' so I
adjusted it.
2025-02-07 10:49:36 +01:00
Jonathan Perret
64a0d4dd3d
Merge pull request #19 from numerique-gouv/improve-helm
2024-10-02 10:46:04 +02:00
Jacques ROUSSEL
ffbd161e29
✨ (ci) add helmfile linter
...
Add a github job to run helmfile linter on PR
2024-09-24 17:11:13 +02:00
Jonathan Perret
ba1c14291d
Merge pull request #17 from numerique-gouv/add-architecture-doc
...
📝 (architecture) add first architecture doc
2024-09-21 12:21:01 +02:00
Jonathan Perret
4c4ccc88ba
📝 (architecture) add first architecture doc
...
This gives an overview and the detail of the workings of OIDC2FER.
2024-09-18 19:31:33 +02:00
Jonathan Perret
c1b33453c3
Deploy release v1.0.4 to production.
2024-09-11 12:43:17 +02:00
Jonathan Perret
6cede0a7f2
v1.0.4 release
v1.0.4
2024-09-11 11:00:09 +02:00
Jonathan Perret
3b518b9b3a
Merge pull request #15 from numerique-gouv/serve-static-assets
...
✨ (static) add static frontend to serve assets
2024-09-11 10:49:04 +02:00
Jonathan Perret
039d9a12cc
✨ (static) add static file serving
...
We needed a way to serve a handful of static assets, starting with
the ProConnect logo to be embedded in IdP pages.
2024-09-11 10:44:11 +02:00
Jonathan Perret
6424679b85
Set discovery URL to dedicated WAYF
2024-09-05 19:11:57 +02:00
Jonathan Perret
30c91e2345
Add missing slash to discovery URL
...
This saves one redirect when accessing the discovery service.
2024-09-04 20:05:06 +02:00
Jonathan Perret
ad726a92ce
Add missing info about "production" tag to deployment instructions
2024-09-02 17:42:42 +02:00
Jonathan Perret
7cc8fc18a2
Deploy release v1.0.3 to production.
2024-09-02 17:18:00 +02:00
Jonathan Perret
17289b1040
v1.0.3 release
v1.0.3
2024-09-02 17:09:56 +02:00
Jonathan Perret
0580ec6d7e
Merge pull request #14 from numerique-gouv/fix-saml-signature
...
Upgrade SAML signature algorithm for interoperability with RENATER Access Check
2024-09-02 16:26:07 +02:00
Jonathan Perret
4b5bd5757c
🔒 ️(saml) set SAML signing algorithm to use SHA256
...
It turns out the RENATER AccessCheck IdP rejects AuthnRequests signed
with the default SHA1-based SignatureMethod.
2024-08-29 20:34:36 +02:00
Jonathan Perret
61680de401
Deploy 1.0.2 to outscale-production
2024-07-22 20:55:08 +02:00
Jonathan Perret
0fc4450766
v1.0.2 release
v1.0.2
2024-07-22 20:52:50 +02:00
Jonathan Perret
db99364ae6
Merge pull request #13 from numerique-gouv/check-eppn-scope
...
🔒 ️(saml) check the scope of the eduPersonPrincipalName attribute
2024-07-22 20:49:25 +02:00
Jonathan Perret
25c401c653
🔒 ️(saml) check the scope of the eduPersonPrincipalName attribute
...
The metadata obtained from the federation server contains a list of
allowed scopes for each of the registered identity providers.
By checking the value of the eduPersonPrincipalName attribute
returned by an IdP against the allowed scopes for that IdP,
we protect the downstream services against identity theft by
a compromised IdP.
2024-07-22 20:35:06 +02:00
Jonathan Perret
311d490566
Merge pull request #10 from numerique-gouv/check-affiliation
...
Only allow employees to authenticate
2024-07-22 19:45:25 +02:00
Jonathan Perret
ba69d2d4bd
📝 (changelog) update CHANGELOG
...
Document new affiliation check.
2024-07-22 19:00:45 +02:00
Jonathan Perret
82fc42d093
🔒 ️(saml) only allow employees to authenticate
...
We check the eduPersonAffiliation attribute for a "employee" value to
reject students.
2024-07-22 17:32:20 +02:00
Jonathan Perret
10fc48b9ad
✅ (e2e) make renater test idp interaction deterministic
...
By default the consent form is only shown if the requested claims have
changed since the last login for that user, and this appears to be
stored server-side, which caused the test to break when I added
eduPersonAffiliation to the requested claims.
We now always request the consent form on login so that the interaction
is deterministic.
2024-07-22 16:02:10 +02:00
Jonathan Perret
b8fe38853f
🚀 (staging) complete switch to test federation
...
Switches the staging instance to the test federation.
2024-06-19 14:37:08 +02:00
Jonathan Perret
e03dddde67
🚀 (staging) use test entity ID
...
Switches the staging instance to the test federation.
2024-06-19 14:33:34 +02:00
Jonathan Perret
15064a0b45
🚀 (config) get SAML entity ID from environment
...
This lets us decouple the entity ID from the deployment URL.
2024-06-19 14:29:50 +02:00