okta

package
v2.36.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: MIT Imports: 31 Imported by: 0

README

Okta provider

Instructions

Retrieve the AWS application URL from your Okta tenant. This will (may) look something like:

https://$YOUR_ORGANIZATION.okta.com/home/amazon_aws/$OKTA_APPLICATION_ID/$OKTA_OTHER_ID

The path segments /home/amazon_aws in the above URL may vary.

Features

  • Supports MFA (Okta Push, Okta TOTP, Duo, and Google Authenticator), when configured at organization or application level.

Documentation

Index

Constants

View Source 
const (
	IdentifierDuoMfa          = "DUO WEB"
	IdentifierSmsMfa          = "OKTA SMS"
	IdentifierPushMfa         = "OKTA PUSH"
	IdentifierTotpMfa         = "GOOGLE TOKEN:SOFTWARE:TOTP"
	IdentifierOktaTotpMfa     = "OKTA TOKEN:SOFTWARE:TOTP"
	IdentifierSymantecTotpMfa = "SYMANTEC TOKEN"
	IdentifierFIDOWebAuthn    = "FIDO WEBAUTHN"
	IdentifierYubiMfa         = "YUBICO TOKEN:HARDWARE"
)
View Source 
const (
	MaxOpenRetries = 10
	RetryDelayMS   = 200 * time.Millisecond
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthRequest 

type AuthRequest struct {
	Username   string `json:"username"`
	Password   string `json:"password"`
	StateToken string `json:"stateToken,omitempty"`
}

AuthRequest represents an mfa okta request

type Client 

type Client struct {
	provider.ValidateBase
	// contains filtered or unexported fields
}

Client is a wrapper representing a Okta SAML client

func New 

func New(idpAccount *cfg.IDPAccount) (*Client, error)

New creates a new Okta client

func (*Client) Authenticate 

func (oc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)

Authenticate logs into Okta and returns a SAML response

type DUOU2FClient added in v2.36.8 

type DUOU2FClient struct {
	ChallengeNonce string
	AppID          string
	Version        string
	Device         u2fhost.Device
	KeyHandle      string
	StateToken     string
}

DUOU2fClient represents a challenge and the device used to respond

func NewDUOU2FClient added in v2.36.8 

func NewDUOU2FClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (*DUOU2FClient, error)

NewDUOU2FClient returns a new initialized DUOU2F-based WebAuthnClient, representing a single device

func (*DUOU2FClient) ChallengeU2F added in v2.36.8 

func (d *DUOU2FClient) ChallengeU2F() (*ResponseData, error)

ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta

type DeviceFinder 

type DeviceFinder interface {
	// contains filtered or unexported methods
}

DeviceFinder is used to mock out finding devices

type FidoClient 

type FidoClient struct {
	ChallengeNonce string
	AppID          string
	Version        string
	Device         u2fhost.Device
	KeyHandle      string
	StateToken     string
}

FidoClient represents a challenge and the device used to respond

func NewFidoClient 

func NewFidoClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (FidoClient, error)

NewFidoClient returns a new initialized FIDO1-based WebAuthnClient, representing a single device

func (*FidoClient) ChallengeU2F 

func (d *FidoClient) ChallengeU2F() (*SignedAssertion, error)

ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta

type ResponseData added in v2.36.8 

type ResponseData struct {
	SessionId     string `json:"sessionId"`
	ClientData    string `json:"clientData"`
	SignatureData string `json:"signatureData"`
	KeyHandle     string `json:"keyHandle"`
}

ResponseData is passed back to DUO as a response

type SessionRequst added in v2.31.0 

type SessionRequst struct {
	SessionToken string `json:"sessionToken"`
}

SessionRequst holds the SessionToken used to create an Okta Session

type SignedAssertion 

type SignedAssertion struct {
	StateToken        string `json:"stateToken"`
	ClientData        string `json:"clientData"`
	SignatureData     string `json:"signatureData"`
	AuthenticatorData string `json:"authenticatorData"`
}

SignedAssertion is passed back to Okta as response

func ChallengeSystemWebAuthn added in v2.36.14 

func ChallengeSystemWebAuthn(challengeNonce, appID, stateToken string) (*SignedAssertion, error)

ChallengeSystemWebAuthn challenges the system level WebAuthn API (e.g. Windows Hello) and returns a SignedAssertion

type U2FDevice 

type U2FDevice interface {
	u2fhost.Device
}

U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348

type U2FDeviceFinder 

type U2FDeviceFinder struct{}

U2FDeviceFinder returns a U2F device

type VerifyRequest 

type VerifyRequest struct {
	StateToken     string `json:"stateToken"`
	PassCode       string `json:"passCode,omitempty"`
	RememberDevice string `json:"rememberDevice,omitempty"` // This is needed to remember Okta MFA device
}

VerifyRequest represents an mfa verify request

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.