Class: AWSUDO::IdentityProviders::Okta
- Inherits:
-
AWSUDO::IdentityProvider
- Object
- AWSUDO::IdentityProvider
- AWSUDO::IdentityProviders::Okta
- Defined in:
- lib/awsudo/identity_providers/okta.rb
Instance Attribute Summary collapse
-
#api_endpoint ⇒ Object
Returns the value of attribute api_endpoint.
Attributes inherited from AWSUDO::IdentityProvider
#idp_login_url, #logger, #password, #saml_provider_name, #username
Class Method Summary collapse
Instance Method Summary collapse
- #authenticate ⇒ Object
-
#initialize(url, name, endpoint, username, password) ⇒ Okta
constructor
A new instance of Okta.
- #saml_request ⇒ Object
Methods inherited from AWSUDO::IdentityProvider
#assume_role, #get_saml_response, sts
Constructor Details
#initialize(url, name, endpoint, username, password) ⇒ Okta
Returns a new instance of Okta.
15 16 17 18 19 20 21 22 23 24 |
# File 'lib/awsudo/identity_providers/okta.rb', line 15 def initialize(url, name, endpoint, username, password) super(url, name, username, password) @api_endpoint = endpoint logger.debug "api_endpoint: <#{@api_endpoint}>" begin URI.parse(@api_endpoint) rescue raise "`#{@api_endpoint.inspect}' is not a valid API endpoint" end end |
Instance Attribute Details
#api_endpoint ⇒ Object
Returns the value of attribute api_endpoint.
8 9 10 |
# File 'lib/awsudo/identity_providers/okta.rb', line 8 def api_endpoint @api_endpoint end |
Class Method Details
.new_from_config(config, username, password) ⇒ Object
10 11 12 13 |
# File 'lib/awsudo/identity_providers/okta.rb', line 10 def self.new_from_config(config, username, password) new(config['IDP_LOGIN_URL'], config['SAML_PROVIDER_NAME'], config['API_ENDPOINT'], username, password) end |
Instance Method Details
#authenticate ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/awsudo/identity_providers/okta.rb', line 26 def authenticate payload = { 'username' => username, 'password' => password, 'options' => { 'multiOptionalFactorEnroll' => false, 'warnBeforePasswordExpired' => false } }.to_json uri = URI.parse(api_endpoint + '/authn') http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER req = Net::HTTP::Post.new(uri.request_uri) req.content_type = 'application/json' req['Accept'] = 'application/json' req.body = payload logger.debug {"payload: <#{req.body.inspect}>"} res = http.request(req) logger.debug {"Headers: <#{res.to_hash.inspect}>"} logger.debug {"Body: <#{res.body.inspect}>"} result = JSON.parse(res.body) case result['status'] when 'SUCCESS' return result['sessionToken'] when 'MFA_REQUIRED' raise 'MFA required' else raise 'Authentication failed' end end |
#saml_request ⇒ Object
60 61 62 63 64 65 66 |
# File 'lib/awsudo/identity_providers/okta.rb', line 60 def saml_request session_token = authenticate uri = URI.parse(idp_login_url) req = Net::HTTP::Post.new(uri.request_uri) req.set_form_data({'onetimetoken' => session_token}) req end |