Commit 1724c178 authored by ale's avatar ale

Add documentation for keystore_enable_groups

parent 7fec26e6
Pipeline #1574 failed with stages
in 1 minute and 20 seconds
......@@ -61,6 +61,8 @@ attributes:
* `cert`: path to the client certificate
* `key`: path to the private key
* `ca`: path to the CA used to validate the server
* `keystore_enable_groups`: (a list) if set, the keystore will only be
enabled for users that are members of these groups
* `u2f_app_id`: set the U2F AppID - if unset, it will be autodetected
based on the domain name in the request
* `url_path_prefix`: URL path prefix of the SSO server application
......
......@@ -24,11 +24,12 @@ type fakeAuthClient struct{}
func (c *fakeAuthClient) Authenticate(_ context.Context, req *auth.Request) (*auth.Response, error) {
p := string(req.Password)
info := &auth.UserInfo{Shard: "shard1"}
switch {
case req.Username == "testuser" && p == "password":
return &auth.Response{Status: auth.StatusOK}, nil
return &auth.Response{Status: auth.StatusOK, UserInfo: info}, nil
case req.Username == "test2fa" && p == "password" && req.OTP == "123456":
return &auth.Response{Status: auth.StatusOK}, nil
return &auth.Response{Status: auth.StatusOK, UserInfo: info}, nil
case req.Username == "test2fa" && p == "password":
return &auth.Response{
Status: auth.StatusInsufficientCredentials,
......
......@@ -135,7 +135,9 @@ func (l *loginHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
switch newState {
case loginStateSuccess:
// Successful login. Delete the login session.
// Successful login. Delete the login session and invoke
// the login callback, before redirecting to the
// original URL.
httpSession.Options.MaxAge = -1
if err := httpSession.Save(req, w); err != nil {
log.Printf("login error saving session: %v", err)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment