Documentation ¶
Overview ¶
manages auth sessions for Okta applications
Index ¶
- Constants
- func GetNode(n *html.Node, name string) (val string, node *html.Node)
- func GetRoleARN(c credentials.Value) (string, error)
- func GetRoleFromSAML(resp *Response, profileARN string) (string, string, error)
- func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
- type AWSSAMLProvider
- type AWSSAMLProviderOptions
- type Assertion
- type AssumableRole
- type AssumableRoles
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Conditions
- type NameID
- type OktaClient
- type Response
- type SAMLAssertion
- type SAMLRoleSelection
- type SessionCacheInterface
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
Constants ¶
Variables ¶
This section is empty.
Functions ¶
func GetRoleARN ¶
func GetRoleARN(c credentials.Value) (string, error)
GetRoleARN makes a call to AWS to get-caller-identity and returns the assumed role's name and ARN.
func GetRoleFromSAML ¶
func ParseSAML ¶
func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
Types ¶
type AWSSAMLProvider ¶
type AWSSAMLProvider struct { credentials.Expiry AWSSAMLProviderOptions Expires time.Time // contains filtered or unexported fields }
func NewAWSSAMLProvider ¶
func NewAWSSAMLProvider(sessions SessionCacheInterface, profile string, opts AWSSAMLProviderOptions, oktaClient OktaClient, selector SAMLRoleSelection) (*AWSSAMLProvider, error)
creates a new AWS saml provider
func (*AWSSAMLProvider) GetRoleARNWithRegion ¶
func (p *AWSSAMLProvider) GetRoleARNWithRegion(creds credentials.Value) (string, error)
GetRoleARN uses temporary credentials to call AWS's get-caller-identity and returns the assumed role's ARN
func (*AWSSAMLProvider) GetSAMLLoginURL ¶
func (p *AWSSAMLProvider) GetSAMLLoginURL() (*url.URL, error)
get the full Okta SAML login url, including domain.
func (*AWSSAMLProvider) Retrieve ¶
func (p *AWSSAMLProvider) Retrieve() (credentials.Value, error)
Gets a set of STS credentials to access AWS services.
type AWSSAMLProviderOptions ¶
type AWSSAMLProviderOptions struct { SessionDuration time.Duration AssumeRoleDuration time.Duration ExpiryWindow time.Duration Profiles lib.Profiles AssumeRoleArn string // this option is deprecated. // It will be ignored. SessionCacheSingleItem bool }
func (*AWSSAMLProviderOptions) ApplyDefaults ¶
func (o *AWSSAMLProviderOptions) ApplyDefaults()
updates aws saml configuration with package provided defaults.
func (*AWSSAMLProviderOptions) Validate ¶
func (o *AWSSAMLProviderOptions) Validate() error
validates aws saml configuration options.
type Assertion ¶
type Assertion struct { XMLName xml.Name ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` XS string `xml:"xmlns:xs,attr"` XSI string `xml:"xmlns:xsi,attr"` SAML string `xml:"saml,attr"` IssueInstant string `xml:"IssueInstant,attr"` Subject Subject Conditions Conditions AttributeStatement AttributeStatement }
type AssumableRole ¶
func GetRole ¶
func GetRole(roleList AssumableRoles, profileARN string) (AssumableRole, error)
type AssumableRoles ¶
type AssumableRoles []AssumableRole
func GetAssumableRolesFromSAML ¶
func GetAssumableRolesFromSAML(resp *Response) (AssumableRoles, error)
type AttributeStatement ¶
type AttributeValue ¶
type Conditions ¶
type OktaClient ¶
type Response ¶
type Response struct { XMLName xml.Name SAMLP string `xml:"xmlns:saml2p,attr"` SAML string `xml:"xmlns:saml2,attr"` SAMLSIG string `xml:"xmlns:saml2sig,attr"` Destination string `xml:"Destination,attr"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` IssueInstant string `xml:"IssueInstant,attr"` InResponseTo string `xml:"InResponseTo,attr"` Assertion Assertion `xml:"Assertion"` Status Status `xml:"Status"` }
type SAMLAssertion ¶
type SAMLRoleSelection ¶
type SAMLRoleSelection interface {
ChooseRole(roles []AssumableRole) (int, error)
}
type SessionCacheInterface ¶
type Status ¶
type Status struct { XMLName xml.Name StatusCode StatusCode `xml:"StatusCode"` }
type StatusCode ¶
type Subject ¶
type Subject struct { XMLName xml.Name NameID NameID SubjectConfirmation SubjectConfirmation }
type SubjectConfirmation ¶
type SubjectConfirmation struct { XMLName xml.Name Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
type SubjectConfirmationData ¶
Click to show internal directories.
Click to hide internal directories.