Skip to content

Commit

Permalink
Add PSU provider
Browse files Browse the repository at this point in the history
This provider implements the IDP authentication mechanism necessary to
authenticate with Penn State University's custom implementation of Shibboleth,
Cosign, and Duo, based on the work originally done in
https://github.com/acobaugh/psu-aws-saml-login.
  • Loading branch information
acobaugh committed Nov 21, 2018
1 parent b12432a commit ec5bcf7
Show file tree
Hide file tree
Showing 8 changed files with 429 additions and 12 deletions.
63 changes: 54 additions & 9 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions Gopkg.toml
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,7 @@
[prune]
go-tests = true
unused-packages = true

[[constraint]]
branch = "master"
name = "github.com/headzoo/surf"
4 changes: 2 additions & 2 deletions cmd/saml2aws/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ func main() {

// Settings not related to commands
verbose := app.Flag("verbose", "Enable verbose logging").Bool()
provider := app.Flag("provider", "This flag it is obsolete see https://github.com/Versent/saml2aws#adding-idp-accounts.").Short('i').Enum("ADFS", "ADFS2", "Ping", "JumpCloud", "Okta", "OneLogin", "KeyCloak")
provider := app.Flag("provider", "This flag it is obsolete see https://github.com/Versent/saml2aws#adding-idp-accounts.").Short('i').Enum("ADFS", "ADFS2", "Ping", "JumpCloud", "Okta", "OneLogin", "PSU", "KeyCloak")

// Common (to all commands) settings
commonFlags := new(flags.CommonFlags)
app.Flag("idp-account", "The name of the configured IDP account").Short('a').Default("default").StringVar(&commonFlags.IdpAccount)
app.Flag("idp-provider", "The configured IDP provider").EnumVar(&commonFlags.IdpProvider, "ADFS", "ADFS2", "Ping", "JumpCloud", "Okta", "OneLogin", "KeyCloak")
app.Flag("idp-provider", "The configured IDP provider").EnumVar(&commonFlags.IdpProvider, "ADFS", "ADFS2", "Ping", "JumpCloud", "Okta", "OneLogin", "PSU", "KeyCloak")
app.Flag("mfa", "The name of the mfa").StringVar(&commonFlags.MFA)
app.Flag("skip-verify", "Skip verification of server certificate.").Short('s').BoolVar(&commonFlags.SkipVerify)
app.Flag("url", "The URL of the SAML IDP server used to login.").StringVar(&commonFlags.URL)
Expand Down
21 changes: 21 additions & 0 deletions pkg/provider/psu/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# PSU provider

This provider authenticates via Penn State University's Cosign+Shibboleth
implementation, then handles the typical WebAccess 2FA multi-factor
authentication using either Duo or YubiKeys.

## Instructions

Uses default Shibboleth 3.3 pathing for the entry point. e.g. if url is
"https://idp.example.com" and the AWS URN is left as the default, this will
construct the following URL to use.
`https://idp.example.com/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices`

To configure for PSU Access Shibboleth, run `saml2aws configure`, select PSU as
the provider, and enter `https://as1.fim.psu.edu` for URL. Username is
optional.

## Features

* Prompts for Duo MFA when logging in. Options are Duo Push, Phone Call, and
Passcode. Similar to the Duo SSH integration.
Loading

0 comments on commit ec5bcf7

Please sign in to comment.