Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthFactor ¶ added in v2.7.0
type AuthResponse ¶ added in v2.7.0
type ErrorCauses ¶ added in v2.7.0
type ErrorCauses struct {
Summary string `json:"errorSummary"`
}
type ErrorResponse ¶ added in v2.7.0
type ErrorResponse struct { Code string `json:"errorCode" validate:"required"` Summary string `json:"errorSummary" validate:"required"` Link string `json:"errorLink" validate:"required"` Id string `json:"errorId" validate:"required"` Causes []ErrorCauses `json:"errorCauses" validate:"required"` }
type OktaAPIConfig ¶ added in v2.5.0
type OktaAPIConfig struct { // Okta API server url, ie https://example.oktapreview.com Url string // Your (company's) Okta API token Token string // The suffix to be added to your users names: // ie if UsernameSuffix = "example.com" and your user logs in with "dade.murphy" // the validator will try to authenticate for "dade.murphy@example.com" UsernameSuffix string // A list of valid SSL public key fingerprint to validate the Okta API server certificate against AssertPin []string // Is MFA Required for all users. If yes and Okta authenticates the user without MFA (not configured) // the validator will reject it. MFARequired bool // default: false // Do not require usernames to come from client-side SSL certificates AllowUntrustedUsers bool // default: false // Number of retries when waiting for MFA result MFAPushMaxRetries int // default: 20 // Number of seconds to wait between MFA result retrieval tries MFAPushDelaySeconds int // default: 3 // List (comma separated) of groups allowed to connect AllowedGroups string // If a passcode is provided and TOTP MFA fails, try Push MFA TOTPFallbackToPush bool // default: false }
Contains the configuration for the Okta API connection Those configuration options are read from api.ini
type OktaApiAuth ¶ added in v2.5.0
type OktaApiAuth struct { ApiConfig *OktaAPIConfig UserConfig *OktaUserConfig // contains filtered or unexported fields }
func (*OktaApiAuth) Auth ¶ added in v2.5.0
func (auth *OktaApiAuth) Auth() error
Do a full authentication transaction: preAuth, doAuth (when needed), cancelAuth (when needed) returns nil if has been validated by Okta API, an error otherwise
func (*OktaApiAuth) InitPool ¶ added in v2.5.0
func (auth *OktaApiAuth) InitPool() error
Prepare an http client with a safe TLS config validate the server public key against our list of pinned key fingerprint
func (*OktaApiAuth) Pool ¶ added in v2.5.0
func (auth *OktaApiAuth) Pool() *http.Client
only used by validator_test.go TODO: find a clean way to only export this for tests
type OktaGroup ¶ added in v2.7.0
type OktaGroup struct { Id string `json:"id" validate:"required"` Profile OktaGroupProfile `json:"profile" validate:"required"` }
type OktaGroupProfile ¶ added in v2.7.0
type OktaGroupProfile struct {
Name string `json:"name" validate:"required"`
}
type OktaGroups ¶ added in v2.8.0
type OktaGroups struct {
Groups []OktaGroup `json:"groups" validate:"omitempty,dive"`
}
type OktaUserConfig ¶
User credentials and informations
type PreAuthEmbedded ¶ added in v2.7.0
type PreAuthEmbedded struct {
Factors []AuthFactor `json:"factors"`
}
type PreAuthResponse ¶ added in v2.7.0
type PreAuthResponse struct { Status string `json:"status" validate:"required"` Token string `json:"stateToken"` Embedded PreAuthEmbedded `json:"_embedded"` }
Click to show internal directories.
Click to hide internal directories.