mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
Added support for JumpCloud.
JumpCloud uses the same canonicalization algorithm as ADFS. Add provider switch for JumpCloud to use a C14N10 exclusive canonicalizer.
This commit is contained in:
parent
87bb833e93
commit
1e24d84c98
|
@ -455,6 +455,8 @@ const (
|
|||
Ping = "ping"
|
||||
// Okta should be used for Okta OIDC providers.
|
||||
Okta = "okta"
|
||||
// JumpCloud is an identity provider.
|
||||
JumpCloud = "jumpcloud"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
@ -211,16 +211,18 @@ func GetSAMLServiceProvider(sc types.SAMLConnector, clock clockwork.Clock) (*sam
|
|||
NameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
|
||||
}
|
||||
|
||||
// adfs specific settings
|
||||
if sc.GetProvider() == teleport.ADFS {
|
||||
// Provider specific settings for ADFS and JumpCloud. Specifically these
|
||||
// providers do not support C14N11, which means a C14N10 canonicalizer has to
|
||||
// be used.
|
||||
switch sc.GetProvider() {
|
||||
case teleport.ADFS, teleport.JumpCloud:
|
||||
log.WithFields(log.Fields{
|
||||
trace.Component: teleport.ComponentSAML,
|
||||
}).Debug("Setting ADFS values.")
|
||||
}).Debug("Setting ADFS/JumpCloud values.")
|
||||
if sp.SignAuthnRequests {
|
||||
// adfs does not support C14N11, we have to use the C14N10 canonicalizer
|
||||
sp.SignAuthnRequestsCanonicalizer = dsig.MakeC14N10ExclusiveCanonicalizerWithPrefixList(dsig.DefaultPrefix)
|
||||
|
||||
// at a minimum we require password protected transport
|
||||
// At a minimum we require password protected transport.
|
||||
sp.RequestedAuthnContext = &saml2.RequestedAuthnContext{
|
||||
Comparison: "minimum",
|
||||
Contexts: []string{"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"},
|
||||
|
|
Loading…
Reference in a new issue