Documentation
¶
Index ¶
- Constants
- func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
- func GetNode(n *html.Node, name string) (val string, node *html.Node)
- func GetRoleFromSAML(resp *saml.Response, profileARN string) (string, string, error)
- func NewConfigFromEnv() (config, error)
- func OpenKeyring(allowedBackends []keyring.BackendType) (kr keyring.Keyring, err error)
- func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
- func Prompt(prompt string, sensitive bool) (string, error)
- type DuoClient
- func (d *DuoClient) ChallengeU2f() (err error)
- func (d *DuoClient) DoAuth(tx string, inputSid string, inputCertsURL string) (sid string, err error)
- func (d *DuoClient) DoCallback(auth string) (err error)
- func (d *DuoClient) DoPrompt(sid string) (txid string, err error)
- func (d *DuoClient) DoRedirect(url string, sid string) (string, error)
- func (d *DuoClient) DoStatus(txid, sid string) (auth string, err error)
- type KeyringSessions
- type OktaClient
- type OktaCreds
- type OktaProvider
- type OktaStateToken
- type OktaUser
- type OktaUserAuthn
- type OktaUserAuthnEmbedded
- type OktaUserAuthnFactor
- type OktaUserAuthnFactorEmbedded
- type OktaUserAuthnFactorEmbeddedVerification
- type OktaUserAuthnFactorEmbeddedVerificationLinks
- type OktaUserAuthnFactorEmbeddedVerificationLinksComplete
- type PromptResp
- type Provider
- type ProviderOptions
- type SAMLAssertion
- type StatusResp
Constants ¶
View Source
const ( MaxSessionDuration = time.Hour * 36 MinSessionDuration = time.Minute * 15 MinAssumeRoleDuration = time.Minute * 15 MaxAssumeRoleDuration = time.Hour * 12 DefaultSessionDuration = time.Hour * 4 DefaultAssumeRoleDuration = time.Minute * 15 )
View Source
const (
OktaServer = "okta.com"
)
Variables ¶
This section is empty.
Functions ¶
func GetFactorId ¶
func GetFactorId(f *OktaUserAuthnFactor) (id string, err error)
func GetRoleFromSAML ¶
func NewConfigFromEnv ¶
func NewConfigFromEnv() (config, error)
func OpenKeyring ¶
func OpenKeyring(allowedBackends []keyring.BackendType) (kr keyring.Keyring, err error)
func ParseSAML ¶
func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
Types ¶
type DuoClient ¶
func NewDuoClient ¶
func (*DuoClient) ChallengeU2f ¶
ChallengeU2F performs multiple call against an obscure Duo API.
Normally you use an iframe to perform those calls but here the main idea is to fake Duo is order to use the CLI without any browser.
The function perform three successive calls to retry the challenge data. Wait for the user to perform the verification (Duo Push or Yubikey). And then call the callback url.
TODO: Use a Context to gracefully shutdown the thing and have a nice timeout
func (*DuoClient) DoAuth ¶
func (d *DuoClient) DoAuth(tx string, inputSid string, inputCertsURL string) (sid string, err error)
DoAuth sends a POST request to the Duo /frame/web/v1/auth endpoint. The request will not follow the redirect and retrieve the location from the HTTP header. From the Location we get the Duo Session ID (sid) required for the rest of the communication. In some integrations of Duo, an empty POST to the Duo /frame/web/v1/auth endpoint will return StatusOK with a form of hidden inputs. In that case, we redo the POST with data from the hidden inputs, which triggers the usual redirect/location flow and allows for a successful authentication.
The function will return the sid
func (*DuoClient) DoCallback ¶
DoCallback send a POST request to the Okta callback url defined in the DuoClient
The callback request requires the stateToken from Okta and a sig_response built from the precedent requests.
func (*DuoClient) DoPrompt ¶
DoPrompt sends a POST request to the Duo /frame/promt endpoint
The functions returns the Duo transaction ID which is different from the Okta transaction ID
func (*DuoClient) DoRedirect ¶
type KeyringSessions ¶
func NewKeyringSessions ¶
func NewKeyringSessions(k keyring.Keyring, p profiles) (*KeyringSessions, error)
func (*KeyringSessions) Delete ¶
func (s *KeyringSessions) Delete(profile string) (n int, err error)
func (*KeyringSessions) Retrieve ¶
func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (sts.Credentials, string, error)
func (*KeyringSessions) Store ¶
func (s *KeyringSessions) Store(profile string, sessionName string, creds sts.Credentials, duration time.Duration) error
type OktaClient ¶
type OktaClient struct {
Organization string
Username string
Password string
UserAuth *OktaUserAuthn
DuoClient *DuoClient
AccessKeyId string
SecretAccessKey string
SessionToken string
Expiration time.Time
OktaAwsSAMLUrl string
CookieJar http.CookieJar
BaseURL *url.URL
}
func NewOktaClient ¶
func NewOktaClient(creds OktaCreds, oktaAwsSAMLUrl string, sessionCookie string) (*OktaClient, error)
func (*OktaClient) AuthenticateProfile ¶
func (o *OktaClient) AuthenticateProfile(profileARN string, duration time.Duration) (sts.Credentials, string, error)
func (*OktaClient) AuthenticateUser ¶
func (o *OktaClient) AuthenticateUser() error
type OktaProvider ¶
type OktaProvider struct {
Keyring keyring.Keyring
ProfileARN string
SessionDuration time.Duration
OktaAwsSAMLUrl string
}
func (*OktaProvider) Retrieve ¶
func (p *OktaProvider) Retrieve() (sts.Credentials, string, error)
type OktaStateToken ¶
type OktaUserAuthn ¶
type OktaUserAuthnEmbedded ¶
type OktaUserAuthnEmbedded struct {
Factors []OktaUserAuthnFactor `json:"factors"`
Factor OktaUserAuthnFactor `json:"factor"`
}
type OktaUserAuthnFactor ¶
type OktaUserAuthnFactor struct {
Id string `json:"id"`
FactorType string `json:"factorType"`
Provider string `json:"provider"`
Embedded OktaUserAuthnFactorEmbedded `json:"_embedded"`
}
type OktaUserAuthnFactorEmbedded ¶
type OktaUserAuthnFactorEmbedded struct {
Verification OktaUserAuthnFactorEmbeddedVerification `json:"verification"`
}
type OktaUserAuthnFactorEmbeddedVerification ¶
type OktaUserAuthnFactorEmbeddedVerification struct {
Host string `json:"host"`
Signature string `json:"signature"`
FactorResult string `json:"factorResult"`
Links OktaUserAuthnFactorEmbeddedVerificationLinks `json:"_links"`
}
type OktaUserAuthnFactorEmbeddedVerificationLinks ¶
type OktaUserAuthnFactorEmbeddedVerificationLinks struct {
Complete OktaUserAuthnFactorEmbeddedVerificationLinksComplete `json:"complete"`
}
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete ¶
type OktaUserAuthnFactorEmbeddedVerificationLinksComplete struct {
Href string `json:"href"`
}
type PromptResp ¶
type Provider ¶
type Provider struct {
credentials.Expiry
ProviderOptions
// contains filtered or unexported fields
}
func NewProvider ¶
type ProviderOptions ¶
type ProviderOptions struct {
SessionDuration time.Duration
AssumeRoleDuration time.Duration
ExpiryWindow time.Duration
Profiles profiles
}
func (ProviderOptions) ApplyDefaults ¶
func (o ProviderOptions) ApplyDefaults() ProviderOptions
func (ProviderOptions) Validate ¶
func (o ProviderOptions) Validate() error
type SAMLAssertion ¶
type StatusResp ¶
type StatusResp struct {
Response struct {
U2FSignRequest []struct {
Version string `json:"version"`
Challenge string `json:"challenge"`
AppID string `json:"appId"`
KeyHandle string `json:"keyHandle"`
SessionID string `json:"sessionId"`
} `json:"u2f_sign_request"`
Status string `json:"status"`
StatusCode string `json:"status_code"`
Reason string `json:"reason"`
Parent string `json:"parent"`
Cookie string `json:"cookie"`
Result string `json:"result"`
ResultURL string `json:"result_url"`
} `json:"response"`
Stat string `json:"stat"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.