Commit d9c6788f authored by ale's avatar ale

Add the possibility to override the service used for ASP matching

parent ab15167e
Pipeline #3211 failed with stages
in 1 minute and 23 seconds
......@@ -138,6 +138,7 @@ func createService(config *Config, sc *ServiceConfig, backends map[string]backen
s := &service{
enforce2FA: sc.Enforce2FA,
challengeResponse: sc.ChallengeResponse,
aspService: sc.ASPService,
}
// Parse all BackendSpecs.
......@@ -358,6 +359,11 @@ func (s *Server) authenticateUser(req *auth.Request, svc *service, user *backend
if svc.challengeResponse {
resp, err = s.authenticateUserWith2FA(user, req)
} else {
// Rewrite the 'service' for app-specific
// password matching, if necessary.
if sc.aspService != "" {
req.Service = sc.aspService
}
resp, err = s.authenticateUserWithASP(user, req)
}
} else {
......
......@@ -19,6 +19,7 @@ type ServiceConfig struct {
EnableLastLoginReporting bool `yaml:"enable_last_login_reporting"`
EnableDeviceTracking bool `yaml:"enable_device_tracking"`
Ratelimits []string `yaml:"rate_limits"`
ASPService string `yaml:"asp_service"`
}
// Config for the authentication server.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment