self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 16:53:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added support for JumpCloud.

Browse source 
JumpCloud uses the same canonicalization algorithm as ADFS. Add provider
switch for JumpCloud to use a C14N10 exclusive canonicalizer.
This commit is contained in:
Russell Jones 2022-04-07 17:54:08 +00:00 committed by Russell Jones
parent 87bb833e93
commit 1e24d84c98
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
constants.go
View file

@ -455,6 +455,8 @@ const (
Ping = "ping"
// Okta should be used for Okta OIDC providers.
Okta = "okta"
// JumpCloud is an identity provider.
JumpCloud = "jumpcloud"
)
const (

12
lib/services/saml.go
View file

@ -211,16 +211,18 @@ func GetSAMLServiceProvider(sc types.SAMLConnector, clock clockwork.Clock) (*sam
NameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
}
// adfs specific settings
if sc.GetProvider() == teleport.ADFS {
// Provider specific settings for ADFS and JumpCloud. Specifically these
// providers do not support C14N11, which means a C14N10 canonicalizer has to
// be used.
switch sc.GetProvider() {
case teleport.ADFS, teleport.JumpCloud:
log.WithFields(log.Fields{
trace.Component: teleport.ComponentSAML,
}).Debug("Setting ADFS values.")
}).Debug("Setting ADFS/JumpCloud values.")
if sp.SignAuthnRequests {
// adfs does not support C14N11, we have to use the C14N10 canonicalizer
sp.SignAuthnRequestsCanonicalizer = dsig.MakeC14N10ExclusiveCanonicalizerWithPrefixList(dsig.DefaultPrefix)
// at a minimum we require password protected transport
// At a minimum we require password protected transport.
sp.RequestedAuthnContext = &saml2.RequestedAuthnContext{
Comparison: "minimum",
Contexts: []string{"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"},