Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support split SSH/TLS keys in SSO login endpoints #45876

Merged
merged 9 commits into from
Sep 4, 2024
Merged

support split SSH/TLS keys in SSO login endpoints #45876

merged 9 commits into from
Sep 4, 2024

Conversation

nklaassen
Copy link
Contributor

This PR adds support for split SSH/TLS user keys to all SSO user login endpoints (including the teleport.e buddy PR for OIDC and SAML).

For each SSO auth method, the proxy basically

  1. sends the user public keys via a gPRC call to Create(Method)AuthRequest
  2. later retrieves the original request via an HTTP call to https://<proxy_addr>/(method)/requests/validate

There are a few different types in play to serialize the keys over gRPC and JSON, between client->proxy and client->auth. I have tested that login works with a v16 client connecting to a v16 proxy connected to an auth service on this branch, and it also works with all components on this branch.

Part of RFD 136

@nklaassen nklaassen added the no-changelog Indicates that a PR does not require a changelog entry label Aug 26, 2024
@nklaassen nklaassen force-pushed the nklaassen/split-ssoLogin branch 2 times, most recently from 8306aae to 9f8d2b9 Compare August 27, 2024 23:25
@nklaassen
Copy link
Contributor Author

friendly ping @camscale @timothyb89

@nklaassen nklaassen mentioned this pull request Aug 28, 2024
Merged
@nklaassen nklaassen force-pushed the nklaassen/split-ssoLogin branch from 05c60bb to 75025a0 Compare August 28, 2024 01:26
@nklaassen nklaassen added this pull request to the merge queue Aug 28, 2024
@nklaassen nklaassen removed this pull request from the merge queue due to a manual request Aug 28, 2024
@nklaassen nklaassen force-pushed the nklaassen/split-ssoLogin branch from 75025a0 to 76265d6 Compare August 28, 2024 17:35
@nklaassen nklaassen mentioned this pull request Aug 29, 2024
Closed
bl-nero
bl-nero reviewed Aug 29, 2024
View reviewed changes
@nklaassen nklaassen force-pushed the nklaassen/split-ssoLogin branch from 581c36d to cd74d63 Compare August 30, 2024 22:22
@nklaassen nklaassen force-pushed the nklaassen/split-ssoLogin branch from cd74d63 to 4c40ee2 Compare September 4, 2024 15:56
@nklaassen nklaassen enabled auto-merge September 4, 2024 16:36
@nklaassen nklaassen added this pull request to the merge queue Sep 4, 2024
Merged via the queue into master with commit acc08a3 Sep 4, 2024
42 checks passed
@nklaassen nklaassen deleted the nklaassen/split-ssoLogin branch September 4, 2024 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bl-nero bl-nero bl-nero left review comments

@timothyb89 timothyb89 timothyb89 approved these changes

@camscale camscale camscale approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nklaassen @timothyb89 @bl-nero @camscale