lib

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2017 License: MIT Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxSessionDuration    = time.Hour * 36
	MinSessionDuration    = time.Minute * 15
	MinAssumeRoleDuration = time.Minute * 15
	MaxAssumeRoleDuration = time.Hour

	DefaultSessionDuration    = time.Hour * 4
	DefaultAssumeRoleDuration = time.Minute * 15
)
View Source 
const (
	OktaServer = "okta.com"
)

Variables

This section is empty.

Functions

func GetFactorId 

func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)

func GetNode 

func GetNode(n *html.Node) (val string, node *html.Node)

func GetRoleFromSAML 

func GetRoleFromSAML(resp *saml.Response, profileARN string) (string, string, error)

func NewConfigFromEnv 

func NewConfigFromEnv() (config, error)

func ParseSAML 

func ParseSAML(body []byte, resp *SAMLAssertion) (err error)

func Prompt 

func Prompt(prompt string, sensitive bool) (string, error)

Types

type DuoClient 

type DuoClient struct {
	Host       string
	Signature  string
	Callback   string
	StateToken string
}

func NewDuoClient 

func NewDuoClient(host, signature, callback string) *DuoClient

func (*DuoClient) ChallengeU2f 

func (d *DuoClient) ChallengeU2f() (err error)

ChallengeU2F performs multiple call against an obscure Duo API.

Normally you use an iframe to perform those calls but here the main idea is to fake Duo is order to use the CLI without any browser.

The function perform three successive calls to retry the challenge data. Wait for the user to perform the verification (Duo Push or Yubikey). And then call the callback url.

TODO: Use a Context to gracefully shutdown the thing and have a nice timeout

func (*DuoClient) DoAuth 

func (d *DuoClient) DoAuth(tx string) (sid string, err error)

DoAuth sends a POST request to the Duo /frame/web/v1/auth endpoint. The request will not follow the redirect and retrieve the location from the HTTP header. From the Location we get the Duo Session ID (sid) required for the rest of the communication.

The function will return the sid

func (*DuoClient) DoCallback 

func (d *DuoClient) DoCallback(auth string) (err error)

DoCallback send a POST request to the Okta callback url defined in the DuoClient

The callback request requires the stateToken from Okta and a sig_response built from the precedent requests.

func (*DuoClient) DoPrompt 

func (d *DuoClient) DoPrompt(sid string) (txid string, err error)

DoPrompt sends a POST request to the Duo /frame/promt endpoint

The functions returns the Duo transaction ID which is different from the Okta transaction ID

func (*DuoClient) DoStatus 

func (d *DuoClient) DoStatus(txid, sid string) (auth string, err error)

DoStatus sends a POST request against the Duo /frame/status endpoint

The function returns the auth string required for the Okta Callback if the request succeeded.

type KeyringSessions 

type KeyringSessions struct {
	Keyring  keyring.Keyring
	Profiles profiles
}

func NewKeyringSessions 

func NewKeyringSessions(k keyring.Keyring, p profiles) (*KeyringSessions, error)

func (*KeyringSessions) Delete 

func (s *KeyringSessions) Delete(profile string) (n int, err error)

func (*KeyringSessions) Retrieve 

func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)

func (*KeyringSessions) Store 

func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error

type OktaClient 

type OktaClient struct {
	Organization    string
	Username        string
	Password        string
	UserAuth        *OktaUserAuthn
	DuoClient       *DuoClient
	AccessKeyId     string
	SecretAccessKey string
	SessionToken    string
	Expiration      time.Time
	OktaAwsSAMLUrl  string
}

func NewOktaClient 

func NewOktaClient(creds OktaCreds, oktaAwsSAMLUrl string) *OktaClient

func (*OktaClient) AuthenticateProfile 

func (o *OktaClient) AuthenticateProfile(profileARN string, duration time.Duration) (sts.Credentials, error)

func (*OktaClient) Get 

func (o *OktaClient) Get(method string, path string, data []byte, recv interface{}, format string) (err error)

type OktaCreds 

type OktaCreds struct {
	Organization string
	Username     string
	Password     string
}

type OktaProvider 

type OktaProvider struct {
	Keyring         keyring.Keyring
	ProfileARN      string
	SessionDuration time.Duration
	OktaAwsSAMLUrl  string
}

func (*OktaProvider) Retrieve 

func (p *OktaProvider) Retrieve() (sts.Credentials, string, error)

type OktaStateToken 

type OktaStateToken struct {
	StateToken string `json:"stateToken"`
}

type OktaUser 

type OktaUser struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

http://developer.okta.com/docs/api/resources/authn.html

type OktaUserAuthn 

type OktaUserAuthn struct {
	StateToken   string                `json:"stateToken"`
	SessionToken string                `json:"sessionToken"`
	ExpiresAt    string                `json:"expiresAt"`
	Status       string                `json:"status"`
	Embedded     OktaUserAuthnEmbedded `json:"_embedded"`
	FactorResult string                `json:"factorResult"`
}

type OktaUserAuthnEmbedded 

type OktaUserAuthnEmbedded struct {
	Factors []OktaUserAuthnFactor `json:"factors"`
	Factor  OktaUserAuthnFactor   `json:"factor"`
}

type OktaUserAuthnFactor 

type OktaUserAuthnFactor struct {
	Id         string                      `json:"id"`
	FactorType string                      `json:"factorType"`
	Provider   string                      `json:"provider"`
	Embedded   OktaUserAuthnFactorEmbedded `json:"_embedded"`
}

type OktaUserAuthnFactorEmbedded 

type OktaUserAuthnFactorEmbedded struct {
	Verification OktaUserAuthnFactorEmbeddedVerification `json:"verification"`
}

type OktaUserAuthnFactorEmbeddedVerification 

type OktaUserAuthnFactorEmbeddedVerification struct {
	Host         string                                       `json:"host"`
	Signature    string                                       `json:"signature"`
	FactorResult string                                       `json:"factorResult"`
	Links        OktaUserAuthnFactorEmbeddedVerificationLinks `json:"_links"`
}
type OktaUserAuthnFactorEmbeddedVerificationLinks struct {
	Complete OktaUserAuthnFactorEmbeddedVerificationLinksComplete `json:"complete"`
}

type OktaUserAuthnFactorEmbeddedVerificationLinksComplete 

type OktaUserAuthnFactorEmbeddedVerificationLinksComplete struct {
	Href string `json:"href"`
}

type PromptResp 

type PromptResp struct {
	Response struct {
		Txid string `json:"txid"`
	} `json:"response"`
	Stat string `json:"stat"`
}

type Provider 

type Provider struct {
	credentials.Expiry
	ProviderOptions
	// contains filtered or unexported fields
}

func NewProvider 

func NewProvider(k keyring.Keyring, profile string, opts ProviderOptions) (*Provider, error)

func (*Provider) Retrieve 

func (p *Provider) Retrieve() (credentials.Value, error)

type ProviderOptions 

type ProviderOptions struct {
	SessionDuration    time.Duration
	AssumeRoleDuration time.Duration
	ExpiryWindow       time.Duration
	Profiles           profiles
}

func (ProviderOptions) ApplyDefaults 

func (o ProviderOptions) ApplyDefaults() ProviderOptions

func (ProviderOptions) Validate 

func (o ProviderOptions) Validate() error

type SAMLAssertion 

type SAMLAssertion struct {
	Resp    *saml.Response
	RawData []byte
}

type StatusResp 

type StatusResp struct {
	Response struct {
		U2FSignRequest []struct {
			Version   string `json:"version"`
			Challenge string `json:"challenge"`
			AppID     string `json:"appId"`
			KeyHandle string `json:"keyHandle"`
			SessionID string `json:"sessionId"`
		} `json:"u2f_sign_request"`
		Status     string `json:"status"`
		StatusCode string `json:"status_code"`
		Reason     string `json:"reason"`
		Parent     string `json:"parent"`
		Cookie     string `json:"cookie"`
		Result     string `json:"result"`
	} `json:"response"`
	Stat string `json:"stat"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.