self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-09-06 00:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enhance openid claim missing error (#12608)

Browse source 
The error implies an expected claim is missing even when 
the claim is present. Added an additional error message 
to clarify the problem.
This commit is contained in:
Aditya Manthramurthy 2021-06-30 17:11:23 -07:00 committed by GitHub
parent 5a33d3f05a
commit dc6958b6a1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
cmd/sts-handlers.go
View file

@ -343,14 +343,21 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
// JWT custom claims.
var policyName string
policySet, ok := iampolicy.GetPoliciesFromClaims(m, iamPolicyClaimNameOpenID())
policies := strings.Join(policySet.ToSlice(), ",")
if ok {
policyName = globalIAMSys.CurrentPolicies(strings.Join(policySet.ToSlice(), ","))
policyName = globalIAMSys.CurrentPolicies(policies)
}
if policyName == "" && globalPolicyOPA == nil {
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
fmt.Errorf("%s claim missing from the JWT token, credentials will not be generated", iamPolicyClaimNameOpenID()))
return
if globalPolicyOPA == nil {
if !ok {
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
fmt.Errorf("%s claim missing from the JWT token, credentials will not be generated", iamPolicyClaimNameOpenID()))
return
} else if policyName == "" {
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
fmt.Errorf("None of the given policies (`%s`) are defined, credentials will not be generated", policies))
return
}
}
m[iamPolicyClaimNameOpenID()] = policyName