diff --git a/api/client/webclient/webclient.go b/api/client/webclient/webclient.go index f0b6f4920e50a..4ac5bd05f47ab 100644 --- a/api/client/webclient/webclient.go +++ b/api/client/webclient/webclient.go @@ -22,6 +22,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/json" + "errors" "fmt" "net" "net/http" @@ -185,8 +186,14 @@ func Ping(cfg *Config) (*PingResponse, error) { if err != nil { return nil, trace.Wrap(err) } - defer resp.Body.Close() + if resp.StatusCode == http.StatusBadRequest { + per := &PingErrorResponse{} + if err := json.NewDecoder(resp.Body).Decode(per); err != nil { + return nil, trace.Wrap(err) + } + return nil, errors.New(per.Error.Message) + } pr := &PingResponse{} if err := json.NewDecoder(resp.Body).Decode(pr); err != nil { return nil, trace.Wrap(err) @@ -263,6 +270,17 @@ type PingResponse struct { MinClientVersion string `json:"min_client_version"` } +// PingErrorResponse contains the error message if the requested connector +// does not match one that has been registered. +type PingErrorResponse struct { + Error PingError `json:"error"` +} + +// PingError contains the string message from the PingErrorResponse +type PingError struct { + Message string `json:"message"` +} + // ProxySettings contains basic information about proxy settings type ProxySettings struct { // Kube is a kubernetes specific proxy section diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index c2c6848ecee44..0cd73444365e1 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -801,31 +801,53 @@ func (h *Handler) pingWithConnector(w http.ResponseWriter, r *http.Request, p ht return response, nil } + // collectorNames stores a list of the registered collector names so that + // in the event that no connector has matched, the list can be returned. + var collectorNames []string + // first look for a oidc connector with that name - oidcConnector, err := authClient.GetOIDCConnector(r.Context(), connectorName, false) + oidcConnectors, err := authClient.GetOIDCConnectors(r.Context(), false) if err == nil { - response.Auth = oidcSettings(oidcConnector, cap) - response.Auth.HasMessageOfTheDay = hasMessageOfTheDay - return response, nil + for index, value := range oidcConnectors { + collectorNames = append(collectorNames, value.GetMetadata().Name) + if value.GetMetadata().Name == connectorName { + response.Auth = oidcSettings(oidcConnectors[index], cap) + response.Auth.HasMessageOfTheDay = hasMessageOfTheDay + return response, nil + } + } } // if no oidc connector was found, look for a saml connector - samlConnector, err := authClient.GetSAMLConnector(r.Context(), connectorName, false) + samlConnectors, err := authClient.GetSAMLConnectors(r.Context(), false) if err == nil { - response.Auth = samlSettings(samlConnector, cap) - response.Auth.HasMessageOfTheDay = hasMessageOfTheDay - return response, nil + for index, value := range samlConnectors { + collectorNames = append(collectorNames, value.GetMetadata().Name) + if value.GetMetadata().Name == connectorName { + response.Auth = samlSettings(samlConnectors[index], cap) + response.Auth.HasMessageOfTheDay = hasMessageOfTheDay + return response, nil + } + } } // look for github connector - githubConnector, err := authClient.GetGithubConnector(r.Context(), connectorName, false) + githubConnectors, err := authClient.GetGithubConnectors(r.Context(), false) if err == nil { - response.Auth = githubSettings(githubConnector, cap) - response.Auth.HasMessageOfTheDay = hasMessageOfTheDay - return response, nil + for index, value := range githubConnectors { + collectorNames = append(collectorNames, value.GetMetadata().Name) + if value.GetMetadata().Name == connectorName { + response.Auth = githubSettings(githubConnectors[index], cap) + response.Auth.HasMessageOfTheDay = hasMessageOfTheDay + return response, nil + } + } } - return nil, trace.BadParameter("invalid connector name %v", connectorName) + return nil, + trace.BadParameter( + "invalid connector name: %v; valid options: %s", + connectorName, strings.Join(collectorNames, ", ")) } // getWebConfig returns configuration for the web application. diff --git a/tool/tsh/tsh.go b/tool/tsh/tsh.go index 868fccd2d905c..4f30f80e3dd83 100644 --- a/tool/tsh/tsh.go +++ b/tool/tsh/tsh.go @@ -375,7 +375,7 @@ func Run(args []string, opts ...cliOption) error { BoolVar(&cf.InsecureSkipVerify) } - app.Flag("auth", "Specify the type of authentication connector to use.").Envar(authEnvVar).StringVar(&cf.AuthConnector) + app.Flag("auth", "Specify the name of authentication connector to use.").Envar(authEnvVar).StringVar(&cf.AuthConnector) app.Flag("namespace", "Namespace of the cluster").Default(apidefaults.Namespace).Hidden().StringVar(&cf.Namespace) app.Flag("gops", "Start gops endpoint on a given address").Hidden().BoolVar(&cf.Gops) app.Flag("gops-addr", "Specify gops addr to listen on").Hidden().StringVar(&cf.GopsAddr)