Documentation ¶
Index ¶
- Constants
- func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
- func GetNode(n *html.Node, name string) (val string, node *html.Node)
- func GetRoleFromSAML(resp *saml.Response, profileARN string) (string, string, error)
- func NewConfigFromEnv() (config, error)
- func OpenKeyring(allowedBackends []keyring.BackendType) (kr keyring.Keyring, err error)
- func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
- func Prompt(prompt string, sensitive bool) (string, error)
- type DuoClient
- func (d *DuoClient) ChallengeU2f() (err error)
- func (d *DuoClient) DoAuth(tx string, inputSid string, inputCertsURL string) (sid string, err error)
- func (d *DuoClient) DoCallback(auth string) (err error)
- func (d *DuoClient) DoPrompt(sid string) (txid string, err error)
- func (d *DuoClient) DoStatus(txid, sid string) (auth string, err error)
- type KeyringSessions
- type OktaClient
- type OktaCreds
- type OktaProvider
- type OktaStateToken
- type OktaUser
- type OktaUserAuthn
- type OktaUserAuthnEmbedded
- type OktaUserAuthnFactor
- type OktaUserAuthnFactorEmbedded
- type OktaUserAuthnFactorEmbeddedVerification
- type OktaUserAuthnFactorEmbeddedVerificationLinks
- type OktaUserAuthnFactorEmbeddedVerificationLinksComplete
- type PromptResp
- type Provider
- type ProviderOptions
- type SAMLAssertion
- type StatusResp
Constants ¶
const ( MaxSessionDuration = time.Hour * 36 MinSessionDuration = time.Minute * 15 MinAssumeRoleDuration = time.Minute * 15 MaxAssumeRoleDuration = time.Hour * 12 DefaultSessionDuration = time.Hour * 4 DefaultAssumeRoleDuration = time.Minute * 15 )
const (
OktaServer = "okta.com"
)
Variables ¶
This section is empty.
Functions ¶
func GetFactorId ¶
func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
func GetRoleFromSAML ¶
func NewConfigFromEnv ¶
func NewConfigFromEnv() (config, error)
func OpenKeyring ¶
func OpenKeyring(allowedBackends []keyring.BackendType) (kr keyring.Keyring, err error)
func ParseSAML ¶
func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
Types ¶
type DuoClient ¶
func NewDuoClient ¶
func (*DuoClient) ChallengeU2f ¶
ChallengeU2F performs multiple call against an obscure Duo API.
Normally you use an iframe to perform those calls but here the main idea is to fake Duo is order to use the CLI without any browser.
The function perform three successive calls to retry the challenge data. Wait for the user to perform the verification (Duo Push or Yubikey). And then call the callback url.
TODO: Use a Context to gracefully shutdown the thing and have a nice timeout
func (*DuoClient) DoAuth ¶
func (d *DuoClient) DoAuth(tx string, inputSid string, inputCertsURL string) (sid string, err error)
DoAuth sends a POST request to the Duo /frame/web/v1/auth endpoint. The request will not follow the redirect and retrieve the location from the HTTP header. From the Location we get the Duo Session ID (sid) required for the rest of the communication. In some integrations of Duo, an empty POST to the Duo /frame/web/v1/auth endpoint will return StatusOK with a form of hidden inputs. In that case, we redo the POST with data from the hidden inputs, which triggers the usual redirect/location flow and allows for a successful authentication.
The function will return the sid
func (*DuoClient) DoCallback ¶
DoCallback send a POST request to the Okta callback url defined in the DuoClient
The callback request requires the stateToken from Okta and a sig_response built from the precedent requests.
type KeyringSessions ¶
func NewKeyringSessions ¶
func NewKeyringSessions(k keyring.Keyring, p profiles) (*KeyringSessions, error)
func (*KeyringSessions) Delete ¶
func (s *KeyringSessions) Delete(profile string) (n int, err error)
func (*KeyringSessions) Retrieve ¶
func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (sts.Credentials, string, error)
func (*KeyringSessions) Store ¶
func (s *KeyringSessions) Store(profile string, sessionName string, creds sts.Credentials, duration time.Duration) error
type OktaClient ¶
type OktaClient struct { Organization string Username string Password string UserAuth *OktaUserAuthn DuoClient *DuoClient AccessKeyId string SecretAccessKey string SessionToken string Expiration time.Time OktaAwsSAMLUrl string CookieJar http.CookieJar BaseURL *url.URL }
func NewOktaClient ¶
func NewOktaClient(creds OktaCreds, oktaAwsSAMLUrl string, sessionCookie string) (*OktaClient, error)
func (*OktaClient) AuthenticateProfile ¶
func (o *OktaClient) AuthenticateProfile(profileARN string, duration time.Duration) (sts.Credentials, string, error)
type OktaProvider ¶
type OktaProvider struct { Keyring keyring.Keyring ProfileARN string SessionDuration time.Duration OktaAwsSAMLUrl string }
func (*OktaProvider) Retrieve ¶
func (p *OktaProvider) Retrieve() (sts.Credentials, string, error)
type OktaStateToken ¶
type OktaUserAuthn ¶
type OktaUserAuthnEmbedded ¶
type OktaUserAuthnEmbedded struct { Factors []OktaUserAuthnFactor `json:"factors"` Factor OktaUserAuthnFactor `json:"factor"` }
type OktaUserAuthnFactor ¶
type OktaUserAuthnFactor struct { Id string `json:"id"` FactorType string `json:"factorType"` Provider string `json:"provider"` Embedded OktaUserAuthnFactorEmbedded `json:"_embedded"` }
type OktaUserAuthnFactorEmbedded ¶
type OktaUserAuthnFactorEmbedded struct {
Verification OktaUserAuthnFactorEmbeddedVerification `json:"verification"`
}
type OktaUserAuthnFactorEmbeddedVerification ¶
type OktaUserAuthnFactorEmbeddedVerification struct { Host string `json:"host"` Signature string `json:"signature"` FactorResult string `json:"factorResult"` Links OktaUserAuthnFactorEmbeddedVerificationLinks `json:"_links"` }
type OktaUserAuthnFactorEmbeddedVerificationLinks ¶
type OktaUserAuthnFactorEmbeddedVerificationLinks struct {
Complete OktaUserAuthnFactorEmbeddedVerificationLinksComplete `json:"complete"`
}
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete ¶
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete struct {
Href string `json:"href"`
}
type PromptResp ¶
type Provider ¶
type Provider struct { credentials.Expiry ProviderOptions // contains filtered or unexported fields }
func NewProvider ¶
type ProviderOptions ¶
type ProviderOptions struct { SessionDuration time.Duration AssumeRoleDuration time.Duration ExpiryWindow time.Duration Profiles profiles }
func (ProviderOptions) ApplyDefaults ¶
func (o ProviderOptions) ApplyDefaults() ProviderOptions
func (ProviderOptions) Validate ¶
func (o ProviderOptions) Validate() error
type SAMLAssertion ¶
type StatusResp ¶
type StatusResp struct { Response struct { U2FSignRequest []struct { Version string `json:"version"` Challenge string `json:"challenge"` AppID string `json:"appId"` KeyHandle string `json:"keyHandle"` SessionID string `json:"sessionId"` } `json:"u2f_sign_request"` Status string `json:"status"` StatusCode string `json:"status_code"` Reason string `json:"reason"` Parent string `json:"parent"` Cookie string `json:"cookie"` Result string `json:"result"` } `json:"response"` Stat string `json:"stat"` }