class AWSUDO::IdentityProviders::Okta

Attributes

api_endpoint[RW]

Public Class Methods

new(url, name, endpoint, username, password) click to toggle source
Calls superclass method AWSUDO::IdentityProvider::new
# File lib/awsudo/identity_providers/okta.rb, line 15
def initialize(url, name, endpoint, username, password)
  super(url, name, username, password)
  @api_endpoint = endpoint
  logger.debug "api_endpoint: <#{@api_endpoint}>"
  begin
    URI.parse(@api_endpoint)
  rescue
    raise "`#{@api_endpoint.inspect}' is not a valid API endpoint"
  end
end
new_from_config(config, username, password) click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 10
def self.new_from_config(config, username, password)
  new(config['IDP_LOGIN_URL'], config['SAML_PROVIDER_NAME'],
      config['API_ENDPOINT'], username, password)
end

Public Instance Methods

authenticate() click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 26
def authenticate
  payload = { 
    'username' => username,
    'password' => password,
    'options'  => {
      'multiOptionalFactorEnroll' => false,
    'warnBeforePasswordExpired' => false
    }
  }.to_json
  uri = URI.parse(api_endpoint + '/authn')
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER

  req = Net::HTTP::Post.new(uri.request_uri)
  req.content_type = 'application/json'
  req['Accept'] = 'application/json'
  req.body = payload
  logger.debug {"payload: <#{req.body.inspect}>"}
  res = http.request(req)
  logger.debug {"Headers: <#{res.to_hash.inspect}>"}
  logger.debug {"Body: <#{res.body.inspect}>"}
  result = JSON.parse(res.body)

  case result['status']
  when 'SUCCESS'
    return result['sessionToken']
  when 'MFA_REQUIRED'
    raise 'MFA required'
  else
    raise 'Authentication failed'
  end
end
saml_request() click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 60
def saml_request
  session_token = authenticate
  uri = URI.parse(idp_login_url)
  req = Net::HTTP::Post.new(uri.request_uri)
  req.set_form_data({'onetimetoken' => session_token})
  req
end