README
¶
Okta provider
Instructions
Retrieve the AWS application URL from your Okta tenant. This will (may) look something like:
https://$YOUR_ORGANIZATION.okta.com/home/amazon_aws/$OKTA_APPLICATION_ID/$OKTA_OTHER_ID
The path segments /home/amazon_aws in the above URL may vary.
Features
- Supports MFA (Okta Push, Okta TOTP, Duo, and Google Authenticator), when configured at organization or application level.
Documentation
¶
Index ¶
Constants ¶
const ( IdentifierDuoMfa = "DUO WEB" IdentifierSmsMfa = "OKTA SMS" IdentifierPushMfa = "OKTA PUSH" IdentifierTotpMfa = "GOOGLE TOKEN:SOFTWARE:TOTP" IdentifierOktaTotpMfa = "OKTA TOKEN:SOFTWARE:TOTP" IdentifierSymantecTotpMfa = "SYMANTEC TOKEN" IdentifierFIDOWebAuthn = "FIDO WEBAUTHN" IdentifierYubiMfa = "YUBICO TOKEN:HARDWARE" )
const ( MaxOpenRetries = 10 RetryDelayMS = 200 * time.Millisecond )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthRequest ¶
type AuthRequest struct {
Username string `json:"username"`
Password string `json:"password"`
StateToken string `json:"stateToken,omitempty"`
}
AuthRequest represents an mfa okta request
type Client ¶
type Client struct {
provider.ValidateBase
// contains filtered or unexported fields
}
Client is a wrapper representing a Okta SAML client
func (*Client) Authenticate ¶
func (oc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
Authenticate logs into Okta and returns a SAML response
type DeviceFinder ¶
type DeviceFinder interface {
// contains filtered or unexported methods
}
DeviceFinder is used to mock out finding devices
type FidoClient ¶
type FidoClient struct {
ChallengeNonce string
AppID string
Version string
Device u2fhost.Device
KeyHandle string
StateToken string
}
FidoClient represents a challenge and the device used to respond
func NewFidoClient ¶
func NewFidoClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (FidoClient, error)
NewFidoClient returns a new initialized FIDO1-based WebAuthnClient, representing a single device
func (*FidoClient) ChallengeU2F ¶
func (d *FidoClient) ChallengeU2F() (*SignedAssertion, error)
ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta
type SignedAssertion ¶
type SignedAssertion struct {
StateToken string `json:"stateToken"`
ClientData string `json:"clientData"`
SignatureData string `json:"signatureData"`
AuthenticatorData string `json:"authenticatorData"`
}
SignedAssertion is passed back to Okta as response
type U2FDevice ¶
type U2FDevice interface {
u2fhost.Device
}
U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348
type VerifyRequest ¶
type VerifyRequest struct {
StateToken string `json:"stateToken"`
PassCode string `json:"passCode,omitempty"`
}
VerifyRequest represents an mfa verify request
Source Files