luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Send x-forwarded-for in Okta Push Factor request (#12320) 

* Send x-forwarded-for in Okta Push Factor request

Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

* Duplicating the value of X-Forwarded-For if it's passed through to the
  auth backend

* Add changelog entry for 12320
This commit is contained in:
Blake Hitchcock 2021-09-03 15:09:11 -05:00 committed by GitHub
parent 4f8d490419
commit cf15a60a87
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
builtin/credential/okta/backend.go
View File

@ -3,6 +3,7 @@ package okta
import ( import (
"context" "context"
"fmt" "fmt"
"net/textproto"
"time" "time"
"github.com/hashicorp/vault/helper/mfa" "github.com/hashicorp/vault/helper/mfa"
@ -216,6 +217,9 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username, pas
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
if len(req.Headers["X-Forwarded-For"]) > 0 {
verifyReq.Header.Set("X-Forwarded-For", req.Headers[textproto.CanonicalMIMEHeaderKey("X-Forwarded-For")][0])
}
rsp, err := shim.Do(verifyReq, &result) rsp, err := shim.Do(verifyReq, &result)
if err != nil { if err != nil {

3
changelog/12320.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
auth/okta: Send x-forwarded-for in Okta Push Factor request
```