Merge 9c71c64 into 71bef9d

Cloud-Foundations · Dec 14, 2020 · a6451a7 · a6451a7
2 parents 71bef9d + 9c71c64
commit a6451a7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,9 @@
 [![Coverage Status](https://coveralls.io/repos/github/Cloud-Foundations/keymaster/badge.svg?branch=master)](https://coveralls.io/github/Cloud-Foundations/keymaster?branch=master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/Cloud-Foundations/keymaster)](https://goreportcard.com/report/github.com/Cloud-Foundations/keymaster)
 
-Keymaster is usable short-term certificate based identity system. With a primary goal to be a single-sign-on (with optional second factor with [Symantec VIP](https://vip.symantec.com/) or [U2F](https://fidoalliance.org/specifications/overview/) tokens) for CLI operations (both SSHD and TLS).
+Keymaster is usable short-term certificate based identity system. With a primary goal to be a single-sign-on (with optional second factor with [Symantec VIP](https://vip.symantec.com/), [U2F](https://fidoalliance.org/specifications/overview/) tokens or [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) compatible apps ([FreeOTP](https://freeotp.github.io/)/google authenticator ) ) for CLI operations (both SSHD and TLS).
+
+As a secondary role keymaster is compliant openidc provider intended for easy use for internal web based applications.
 
 This system is easy to use, configure and administer.
 Keymaster has the following components:

diff --git a/lib/client/twofa/twofa.go b/lib/client/twofa/twofa.go
@@ -20,8 +20,8 @@ import (
 
 	"github.com/Cloud-Foundations/Dominator/lib/log"
 	"github.com/Cloud-Foundations/keymaster/lib/client/twofa/pushtoken"
-	"github.com/Cloud-Foundations/keymaster/lib/client/twofa/u2f"
 	"github.com/Cloud-Foundations/keymaster/lib/client/twofa/totp"
+	"github.com/Cloud-Foundations/keymaster/lib/client/twofa/u2f"
 	"github.com/Cloud-Foundations/keymaster/lib/webapi/v0/proto"
 	"github.com/flynn/u2f/u2fhid" // client side (interface with hardware)
 	"golang.org/x/crypto/ssh"
@@ -128,8 +128,11 @@ func getCertsFromServer(
 	}
 	defer loginResp.Body.Close()
 	if loginResp.StatusCode != 200 {
-		logger.Printf("got error from login call %s", loginResp.Status)
-		return nil, nil, nil, err
+		if loginResp.StatusCode == http.StatusUnauthorized {
+			return nil, nil, nil, fmt.Errorf("Unauthorized reponse from server. Check username and/or password")
+		}
+		logger.Debugf(1, "got error from login call %s", loginResp.Status)
+		return nil, nil, nil, fmt.Errorf("got error from login call %s", loginResp.Status)
 	}
 	//Enusre we have at least one cookie
 	if len(loginResp.Cookies()) < 1 {