class AWSUDO::IdentityProviders::Okta
Attributes
api_endpoint[RW]
Public Class Methods
new(url, name, endpoint, username, password)
click to toggle source
Calls superclass method
AWSUDO::IdentityProvider::new
# File lib/awsudo/identity_providers/okta.rb, line 15 def initialize(url, name, endpoint, username, password) super(url, name, username, password) @api_endpoint = endpoint logger.debug "api_endpoint: <#{@api_endpoint}>" begin URI.parse(@api_endpoint) rescue raise "`#{@api_endpoint.inspect}' is not a valid API endpoint" end end
new_from_config(config, username, password)
click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 10 def self.new_from_config(config, username, password) new(config['IDP_LOGIN_URL'], config['SAML_PROVIDER_NAME'], config['API_ENDPOINT'], username, password) end
Public Instance Methods
authenticate()
click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 26 def authenticate payload = { 'username' => username, 'password' => password, 'options' => { 'multiOptionalFactorEnroll' => false, 'warnBeforePasswordExpired' => false } }.to_json uri = URI.parse(api_endpoint + '/authn') http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER req = Net::HTTP::Post.new(uri.request_uri) req.content_type = 'application/json' req['Accept'] = 'application/json' req.body = payload logger.debug {"payload: <#{req.body.inspect}>"} res = http.request(req) logger.debug {"Headers: <#{res.to_hash.inspect}>"} logger.debug {"Body: <#{res.body.inspect}>"} result = JSON.parse(res.body) case result['status'] when 'SUCCESS' return result['sessionToken'] when 'MFA_REQUIRED' raise 'MFA required' else raise 'Authentication failed' end end
saml_request()
click to toggle source
# File lib/awsudo/identity_providers/okta.rb, line 60 def saml_request session_token = authenticate uri = URI.parse(idp_login_url) req = Net::HTTP::Post.new(uri.request_uri) req.set_form_data({'onetimetoken' => session_token}) req end