Brian Candler
Brian Candler
> OIDC providers generally should use the sub claim to uniquely identify the user, so when using the OIDC auth method with Vault it makes sense to use that for...
> ACL may look like this: > > ``` > # Personal secrets > path "secret/data/users/{{identity.entity.name}}/*" { > capabilities = ["create", "update", "read", "delete", "list"] > } > > path...
> I want to use Vault for secrets and not as a source-of-truth IdP. For that, I want to set up rules for creating "Entities" as a cache of Google...
Groups are very messy in this scenario. When using external groups, then when the user logs in with their Google account they'll only get their Google groups, and ditto for...
I'm not sure I follow. If a user is created automatically (say `entity_abcd1234`), but has no groups until you manually add this entity to (internal) groups, then they're not authorized...
OK, I see now that "bad oid" is an error from SQE not from the SNMP device, and the error flag is set. If I pass "2.0" as the OID...
There were some limitations to that algorithm. I think this one is much better, inspired by the current `sequence_tag` logic. * Initialise: set `era` to a random value between 0...
> This PR fixes the problem by using `nsname` instead of `domain` for the API's Let's Encrypt cert's CN and SAN. I think this is a reasonable request, and indeed...
@lan10rd: > i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts...
~~Seems to be a limit of `toml.DecodeFile` then.~~ OK: how about make `general.domain` a mandatory setting and give a clearer error if it's missing? (e.g. "Required setting 'domain' in section...