Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require step up authentication for Recovery Token create and delete actions #264

Merged
merged 6 commits into from
Jul 4, 2022
Merged

Require step up authentication for Recovery Token create and delete actions #264

merged 6 commits into from
Jul 4, 2022

Conversation

MKodde
Copy link
Member

@MKodde MKodde commented Jun 23, 2022
edited
Loading

  1. In preparation, the SAT controller was cleaned up by segregating the dedicated RT actions from the registration related actions
  2. The 'test' authentication consume assertion endpoint was re-re-used to also serve self-asserted recovery token step up authentications. I considered creating a new SFO SP for this. But that would get complex really soon. The step up bundle does not support multiple ACS locations either. So this solution seemed to fit best.

@MKodde MKodde force-pushed the feature/sat-recovery-token-finetuneing branch from 6fb761c to 67bc092 Compare June 23, 2022 06:35
@MKodde MKodde force-pushed the feature/sat-require-step-up-for-rt-create-delete branch from 1cc3e17 to 0d33d98 Compare June 27, 2022 13:52
@MKodde
Require LoA 1.5 when testing a SF token
85b777d 
This was previously set to 2, eliminating self-asserted tokens from the
token test in GW.
@MKodde MKodde force-pushed the feature/sat-require-step-up-for-rt-create-delete branch from 0d33d98 to 9fc2366 Compare June 27, 2022 13:56
@MKodde MKodde changed the base branch from feature/sat-recovery-token-finetuneing to feature/self-asserted-tokens June 27, 2022 13:57
@MKodde MKodde force-pushed the feature/sat-require-step-up-for-rt-create-delete branch 2 times, most recently from 52c42a3 to 5285e07 Compare June 28, 2022 07:25
@MKodde
Restructure SAT controller actions
ed3c805 
The SAT registration and dedicated Recovery token actions have been
decoupled into separate controllers. The shared logic is placed in a
trait. For now the constructors of both controllers are the same, and
they now live in the trait.

All controller actions have been given a developer friendly description
with a high level description of what the action is responsible for.
@MKodde
Give step up when creating and deleting RTs
8d1d035 
The RT state storage is used heavily to indicate when
step up is given. And to verify when the user still needs
to give step-up to perform create and delete actions on the Recovert
Tokens.
@MKodde MKodde force-pushed the feature/sat-require-step-up-for-rt-create-delete branch from 5285e07 to a9925e2 Compare June 28, 2022 07:27
@MKodde MKodde requested a review from pablothedude June 28, 2022 07:44
@MKodde MKodde force-pushed the feature/sat-require-step-up-for-rt-create-delete branch from 8d99ecf to 5da7f21 Compare June 28, 2022 08:41
pablothedude
pablothedude approved these changes Jun 29, 2022
View reviewed changes
Copy link
Contributor

@pablothedude pablothedude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the extensive documentation!

@MKodde MKodde merged commit e917014 into feature/self-asserted-tokens Jul 4, 2022
@MKodde MKodde deleted the feature/sat-require-step-up-for-rt-create-delete branch July 4, 2022 07:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pablothedude pablothedude pablothedude approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MKodde @pablothedude