Send x-forwarded-for in Okta Push Factor request (#12320)

* Send x-forwarded-for in Okta Push Factor request Why: In order for Okta to properly report the location of the authentication attempt, the X-Forwarded-For header must be included in the request to Okta (if it exists). This change addresses the need by: * Duplicating the value of X-Forwarded-For if it's passed through to the auth backend * Add changelog entry for 12320
2021-09-03 15:09:11 -05:00 · 2021-09-03 15:09:11 -05:00 · cf15a60a87
parent 4f8d490419
commit cf15a60a87
2 changed files with 7 additions and 0 deletions
--- a/builtin/credential/okta/backend.go
+++ b/builtin/credential/okta/backend.go
@ -3,6 +3,7 @@ package okta
 import (
 	"context"
 	"fmt"
+	"net/textproto"
 	"time"

 	"github.com/hashicorp/vault/helper/mfa"
@ -216,6 +217,9 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username, pas
 		if err != nil {
 			return nil, nil, nil, err
 		}
+		if len(req.Headers["X-Forwarded-For"]) > 0 {
+			verifyReq.Header.Set("X-Forwarded-For", req.Headers[textproto.CanonicalMIMEHeaderKey("X-Forwarded-For")][0])
+		}

 		rsp, err := shim.Do(verifyReq, &result)
 		if err != nil {
--- a/changelog/12320.txt
+++ b/changelog/12320.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+auth/okta: Send x-forwarded-for in Okta Push Factor request
+```