Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send x-forwarded-for in Okta Push Factor request #12320

Merged
merged 2 commits into from Sep 3, 2021
Merged

Send x-forwarded-for in Okta Push Factor request #12320

merged 2 commits into from Sep 3, 2021

Conversation

rbhitchcock
Copy link
Contributor

Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

  • Duplicating the value of X-Forwarded-For if it's passed through to the
    auth backend

Fixes #12319

@rbhitchcock rbhitchcock requested a review from a team August 13, 2021 02:42
@hashicorp-cla
Copy link

hashicorp-cla commented Aug 13, 2021
edited

CLA assistant check
All committers have signed the CLA.

@vercel vercel bot temporarily deployed to Preview – vault-storybook August 13, 2021 02:42 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 13, 2021 02:42 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 13, 2021 02:48 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 13, 2021 02:48 Inactive
@rbhitchcock
Send x-forwarded-for in Okta Push Factor request
c582e3a 
Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

* Duplicating the value of X-Forwarded-For if it's passed through to the
  auth backend
@rbhitchcock
Add changelog entry for 12320
e656c8e
@rbhitchcock rbhitchcock force-pushed the rbhitchcock.12319.okta-verify-x-forwarded-for branch from fd7bf52 to e656c8e Compare September 1, 2021 14:28
@vercel vercel bot temporarily deployed to Preview – vault-storybook September 1, 2021 14:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault September 1, 2021 14:28 Inactive
@rbhitchcock
Copy link
Contributor Author

The failing test appears to be an error in Circle CI unrelated to this change, but please let me know if I am mistaken on that.

@hsimon-hashicorp
Copy link
Contributor

The failing test appears to be an error in Circle CI unrelated to this change, but please let me know if I am mistaken on that.

No, you're correct - we have a few tests that get a little squirrelly. I'm kicking them, and we'll get this sorted soon! :)

@hsimon-hashicorp hsimon-hashicorp merged commit 9705d8b into hashicorp:main Sep 3, 2021
jartek pushed a commit to jartek/vault that referenced this pull request Sep 11, 2021
@rbhitchcock @jartek
Send x-forwarded-for in Okta Push Factor request (hashicorp#12320)
2d7d260 
* Send x-forwarded-for in Okta Push Factor request

Why:

In order for Okta to properly report the location of the authentication
attempt, the X-Forwarded-For header must be included in the request to
Okta (if it exists).

This change addresses the need by:

* Duplicating the value of X-Forwarded-For if it's passed through to the
  auth backend

* Add changelog entry for 12320
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hsimon-hashicorp hsimon-hashicorp hsimon-hashicorp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Okta Auth Backend does not include X-Forwarded-For header in MFA request
3 participants
@rbhitchcock @hashicorp-cla @hsimon-hashicorp