provider

package
v1.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2022 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

manages auth sessions for Okta applications

Index

Constants

View Source
const (
	MaxSessionDuration    = time.Hour * 24 * 90
	MinSessionDuration    = time.Minute * 15
	MinAssumeRoleDuration = time.Minute * 15
	MaxAssumeRoleDuration = time.Hour * 12

	DefaultSessionDuration    = time.Hour * 4
	DefaultAssumeRoleDuration = time.Minute * 15
)

Variables

This section is empty.

Functions

func GetNode

func GetNode(n *html.Node, name string) (val string, node *html.Node)

func GetRoleARN

func GetRoleARN(c credentials.Value) (string, error)

GetRoleARN makes a call to AWS to get-caller-identity and returns the assumed role's name and ARN.

func GetRoleFromSAML

func GetRoleFromSAML(resp *Response, profileARN string) (string, string, error)

func ParseSAML

func ParseSAML(body []byte, resp *SAMLAssertion) (err error)

Types

type AWSSAMLProvider

type AWSSAMLProvider struct {
	credentials.Expiry
	AWSSAMLProviderOptions

	Expires time.Time
	// contains filtered or unexported fields
}

func NewAWSSAMLProvider

func NewAWSSAMLProvider(sessions SessionCacheInterface, profile string, opts AWSSAMLProviderOptions, oktaClient OktaClient, selector SAMLRoleSelection) (*AWSSAMLProvider, error)

creates a new AWS saml provider

func (*AWSSAMLProvider) GetRoleARNWithRegion

func (p *AWSSAMLProvider) GetRoleARNWithRegion(creds credentials.Value) (string, error)

GetRoleARN uses temporary credentials to call AWS's get-caller-identity and returns the assumed role's ARN

func (*AWSSAMLProvider) GetSAMLLoginURL

func (p *AWSSAMLProvider) GetSAMLLoginURL() (*url.URL, error)

get the full Okta SAML login url, including domain.

func (*AWSSAMLProvider) Retrieve

func (p *AWSSAMLProvider) Retrieve() (credentials.Value, error)

Gets a set of STS credentials to access AWS services.

type AWSSAMLProviderOptions

type AWSSAMLProviderOptions struct {
	SessionDuration    time.Duration
	AssumeRoleDuration time.Duration
	ExpiryWindow       time.Duration
	Profiles           lib.Profiles
	AssumeRoleArn      string

	// this option is deprecated.
	// It will be ignored.
	SessionCacheSingleItem bool
}

func (*AWSSAMLProviderOptions) ApplyDefaults

func (o *AWSSAMLProviderOptions) ApplyDefaults()

updates aws saml configuration with package provided defaults.

func (*AWSSAMLProviderOptions) Validate

func (o *AWSSAMLProviderOptions) Validate() error

validates aws saml configuration options.

type Assertion

type Assertion struct {
	XMLName            xml.Name
	ID                 string `xml:"ID,attr"`
	Version            string `xml:"Version,attr"`
	XS                 string `xml:"xmlns:xs,attr"`
	XSI                string `xml:"xmlns:xsi,attr"`
	SAML               string `xml:"saml,attr"`
	IssueInstant       string `xml:"IssueInstant,attr"`
	Subject            Subject
	Conditions         Conditions
	AttributeStatement AttributeStatement
}

type AssumableRole

type AssumableRole struct {
	Role      string
	Principal string
}

func GetRole

func GetRole(roleList AssumableRoles, profileARN string) (AssumableRole, error)

type AssumableRoles

type AssumableRoles []AssumableRole

func GetAssumableRolesFromSAML

func GetAssumableRolesFromSAML(resp *Response) (AssumableRoles, error)

type Attribute

type Attribute struct {
	XMLName         xml.Name
	Name            string           `xml:",attr"`
	FriendlyName    string           `xml:",attr"`
	NameFormat      string           `xml:",attr"`
	AttributeValues []AttributeValue `xml:"AttributeValue"`
}

type AttributeStatement

type AttributeStatement struct {
	XMLName    xml.Name
	Attributes []Attribute `xml:"Attribute"`
}

type AttributeValue

type AttributeValue struct {
	XMLName xml.Name
	Type    string `xml:"xsi:type,attr"`
	Value   string `xml:",innerxml"`
}

type Conditions

type Conditions struct {
	XMLName      xml.Name
	NotBefore    string `xml:",attr"`
	NotOnOrAfter string `xml:",attr"`
}

type NameID

type NameID struct {
	XMLName xml.Name
	Format  string `xml:",attr"`
	Value   string `xml:",innerxml"`
}

type OktaClient

type OktaClient interface {
	AuthenticateUser() error
	GetSessionToken() string
	Request(method string, path string, queryParams url.Values, data []byte, format string, followRedirects bool) (*http.Response, error)
	GetURL(string) (*url.URL, error)
}

type Response

type Response struct {
	XMLName      xml.Name
	SAMLP        string `xml:"xmlns:saml2p,attr"`
	SAML         string `xml:"xmlns:saml2,attr"`
	SAMLSIG      string `xml:"xmlns:saml2sig,attr"`
	Destination  string `xml:"Destination,attr"`
	ID           string `xml:"ID,attr"`
	Version      string `xml:"Version,attr"`
	IssueInstant string `xml:"IssueInstant,attr"`
	InResponseTo string `xml:"InResponseTo,attr"`

	Assertion Assertion `xml:"Assertion"`
	Status    Status    `xml:"Status"`
}

type SAMLAssertion

type SAMLAssertion struct {
	Resp    *Response
	RawData []byte
}

type SAMLRoleSelection

type SAMLRoleSelection interface {
	ChooseRole(roles []AssumableRole) (int, error)
}

type SessionCacheInterface

type SessionCacheInterface interface {
	Get(session.Key) (*session.Session, error)
	Put(session.Key, *session.Session) error
}

type Status

type Status struct {
	XMLName    xml.Name
	StatusCode StatusCode `xml:"StatusCode"`
}

type StatusCode

type StatusCode struct {
	XMLName xml.Name
	Value   string `xml:",attr"`
}

type Subject

type Subject struct {
	XMLName             xml.Name
	NameID              NameID
	SubjectConfirmation SubjectConfirmation
}

type SubjectConfirmation

type SubjectConfirmation struct {
	XMLName                 xml.Name
	Method                  string `xml:",attr"`
	SubjectConfirmationData SubjectConfirmationData
}

type SubjectConfirmationData

type SubjectConfirmationData struct {
	InResponseTo string `xml:",attr"`
	NotOnOrAfter string `xml:",attr"`
	Recipient    string `xml:",attr"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL