luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Have Okta respect its set max_ttl. (#4111) 

Fixes #4110
This commit is contained in:
Jeff Mitchell 2018-03-13 10:39:51 -04:00 committed by GitHub
parent 2f8e3c27f4
commit 300ca9c6ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
builtin/credential/okta/path_login.go
View File

@ -96,6 +96,21 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
},
}
if resp.Auth.TTL == 0 {
resp.Auth.TTL = b.System().DefaultLeaseTTL()
}
if cfg.MaxTTL > 0 {
maxTTL := cfg.MaxTTL
if maxTTL > b.System().MaxLeaseTTL() {
maxTTL = b.System().MaxLeaseTTL()
}
if resp.Auth.TTL > maxTTL {
resp.Auth.TTL = maxTTL
resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", resp.Auth.TTL, maxTTL))
}
}
for _, groupName := range groupNames {
if groupName == "" {
continue