Fix hardware key support for sso web login#33433
Merged
Conversation
Joerger
changed the title
Joerger
force-pushed
the
joerger/hardware-key-support-webui
branch
2 times, most recently
from
c216758 to
81e9395
Compare
Contributor
Author
tigrato
approved these changes
Oct 16, 2023
Joerger
force-pushed
the
joerger/hardware-key-support-webui-fix-idp-login
branch
from
b249e1b to
c46b28b
Compare
AntonAM
reviewed
Oct 16, 2023
Contributor
There was a problem hiding this comment.
Should we also delete the session? Something like a.WebSession().Delete(ctx, ...)
Contributor
Author
There was a problem hiding this comment.
Good point. I moved the check to CreateXXXAuthRequest so we can check before creating the web session rather than deleting it.
Contributor
Author
There was a problem hiding this comment.
Actually, I've just put the check in both places for redundancy. The session will automatically expire on its own, and this path should be practically unreachable, so I think it's ok not to delete it explicitly. Ideally we should check before creating the web session but it would require a bit of a refactor.
Joerger
force-pushed
the
joerger/hardware-key-support-webui-fix-idp-login
branch
2 times, most recently
from
9b1da4c to
bc6bb04
Compare
AntonAM
approved these changes
Oct 16, 2023
Joerger
force-pushed
the
joerger/hardware-key-support-webui-fix-idp-login
branch
from
bc6bb04 to
dba37c4
Compare
Joerger
added a commit
that referenced
this pull request
Oct 17, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes sso web login with hardware key support. SSO web sessions created by the Proxy Service will now be attested with the private key policy
web_session.Depends on #32781
e PR - https://github.com/gravitational/teleport.e/pull/2426