Documentation ¶
Index ¶
- Constants
- func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
- func GetNode(n *html.Node) (val string, node *html.Node)
- func GetRoleFromSAML(resp *saml.Response, profileARN string) (string, string, error)
- func NewConfigFromEnv() (config, error)
- func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
- func Prompt(prompt string, sensitive bool) (string, error)
- type DuoClient
- func (d *DuoClient) ChallengeU2f() (err error)
- func (d *DuoClient) DoAuth(tx string) (sid string, err error)
- func (d *DuoClient) DoCallback(auth string) (err error)
- func (d *DuoClient) DoPrompt(sid string) (txid string, err error)
- func (d *DuoClient) DoStatus(txid, sid string) (auth string, err error)
- type KeyringSessions
- type OktaClient
- type OktaCreds
- type OktaProvider
- type OktaStateToken
- type OktaUser
- type OktaUserAuthn
- type OktaUserAuthnEmbedded
- type OktaUserAuthnFactor
- type OktaUserAuthnFactorEmbedded
- type OktaUserAuthnFactorEmbeddedVerification
- type OktaUserAuthnFactorEmbeddedVerificationLinks
- type OktaUserAuthnFactorEmbeddedVerificationLinksComplete
- type PromptResp
- type Provider
- type ProviderOptions
- type SAMLAssertion
- type StatusResp
Constants ¶
const ( MaxSessionDuration = time.Hour * 36 MinSessionDuration = time.Minute * 15 MinAssumeRoleDuration = time.Minute * 15 MaxAssumeRoleDuration = time.Hour DefaultSessionDuration = time.Hour * 4 DefaultAssumeRoleDuration = time.Minute * 15 )
const (
OktaServer = "okta.com"
)
Variables ¶
This section is empty.
Functions ¶
func GetFactorId ¶
func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
func GetRoleFromSAML ¶
func NewConfigFromEnv ¶
func NewConfigFromEnv() (config, error)
func ParseSAML ¶
func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
Types ¶
type DuoClient ¶
func NewDuoClient ¶
func (*DuoClient) ChallengeU2f ¶
ChallengeU2F performs multiple call against an obscure Duo API.
Normally you use an iframe to perform those calls but here the main idea is to fake Duo is order to use the CLI without any browser.
The function perform three successive calls to retry the challenge data. Wait for the user to perform the verification (Duo Push or Yubikey). And then call the callback url.
TODO: Use a Context to gracefully shutdown the thing and have a nice timeout
func (*DuoClient) DoAuth ¶
DoAuth sends a POST request to the Duo /frame/web/v1/auth endpoint. The request will not follow the redirect and retrieve the location from the HTTP header. From the Location we get the Duo Session ID (sid) required for the rest of the communication.
The function will return the sid
func (*DuoClient) DoCallback ¶
DoCallback send a POST request to the Okta callback url defined in the DuoClient
The callback request requires the stateToken from Okta and a sig_response built from the precedent requests.
type KeyringSessions ¶
func NewKeyringSessions ¶
func NewKeyringSessions(k keyring.Keyring, p profiles) (*KeyringSessions, error)
func (*KeyringSessions) Delete ¶
func (s *KeyringSessions) Delete(profile string) (n int, err error)
func (*KeyringSessions) Retrieve ¶
func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)
func (*KeyringSessions) Store ¶
func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error
type OktaClient ¶
type OktaClient struct { Organization string Username string Password string UserAuth *OktaUserAuthn DuoClient *DuoClient AccessKeyId string SecretAccessKey string SessionToken string Expiration time.Time OktaAwsSAMLUrl string }
func NewOktaClient ¶
func NewOktaClient(creds OktaCreds, oktaAwsSAMLUrl string) *OktaClient
func (*OktaClient) AuthenticateProfile ¶
func (o *OktaClient) AuthenticateProfile(profileARN string, duration time.Duration) (sts.Credentials, error)
type OktaProvider ¶
type OktaProvider struct { Keyring keyring.Keyring ProfileARN string SessionDuration time.Duration OktaAwsSAMLUrl string }
func (*OktaProvider) Retrieve ¶
func (p *OktaProvider) Retrieve() (sts.Credentials, error)
type OktaStateToken ¶
type OktaStateToken struct {
StateToken string `json:"stateToken"`
}
type OktaUserAuthn ¶
type OktaUserAuthnEmbedded ¶
type OktaUserAuthnEmbedded struct { Factors []OktaUserAuthnFactor `json:"factors"` Factor OktaUserAuthnFactor `json:"factor"` }
type OktaUserAuthnFactor ¶
type OktaUserAuthnFactor struct { Id string `json:"id"` FactorType string `json:"factorType"` Provider string `json:"provider"` Embedded OktaUserAuthnFactorEmbedded `json:"_embedded"` }
type OktaUserAuthnFactorEmbedded ¶
type OktaUserAuthnFactorEmbedded struct {
Verification OktaUserAuthnFactorEmbeddedVerification `json:"verification"`
}
type OktaUserAuthnFactorEmbeddedVerification ¶
type OktaUserAuthnFactorEmbeddedVerification struct { Host string `json:"host"` Signature string `json:"signature"` FactorResult string `json:"factorResult"` Links OktaUserAuthnFactorEmbeddedVerificationLinks `json:"_links"` }
type OktaUserAuthnFactorEmbeddedVerificationLinks ¶
type OktaUserAuthnFactorEmbeddedVerificationLinks struct {
Complete OktaUserAuthnFactorEmbeddedVerificationLinksComplete `json:"complete"`
}
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete ¶
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete struct {
Href string `json:"href"`
}
type PromptResp ¶
type Provider ¶
type Provider struct { credentials.Expiry ProviderOptions // contains filtered or unexported fields }
func NewProvider ¶
type ProviderOptions ¶
type ProviderOptions struct { SessionDuration time.Duration AssumeRoleDuration time.Duration ExpiryWindow time.Duration Profiles profiles }
func (ProviderOptions) ApplyDefaults ¶
func (o ProviderOptions) ApplyDefaults() ProviderOptions
func (ProviderOptions) Validate ¶
func (o ProviderOptions) Validate() error
type SAMLAssertion ¶
type StatusResp ¶
type StatusResp struct { Response struct { U2FSignRequest []struct { Version string `json:"version"` Challenge string `json:"challenge"` AppID string `json:"appId"` KeyHandle string `json:"keyHandle"` SessionID string `json:"sessionId"` } `json:"u2f_sign_request"` Status string `json:"status"` StatusCode string `json:"status_code"` Reason string `json:"reason"` Parent string `json:"parent"` Cookie string `json:"cookie"` Result string `json:"result"` } `json:"response"` Stat string `json:"stat"` }