Skip to content

Commit

Permalink
Have Okta respect its set max_ttl. (#4111)
Browse files Browse the repository at this point in the history 
Fixes #4110
  • Loading branch information
@jefferai
jefferai authored Mar 13, 2018
1 parent 025825d commit b3c9358
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions builtin/credential/okta/path_login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,21 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
},
}

if resp.Auth.TTL == 0 {
resp.Auth.TTL = b.System().DefaultLeaseTTL()
}
if cfg.MaxTTL > 0 {
maxTTL := cfg.MaxTTL
if maxTTL > b.System().MaxLeaseTTL() {
maxTTL = b.System().MaxLeaseTTL()
}

if resp.Auth.TTL > maxTTL {
resp.Auth.TTL = maxTTL
resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", resp.Auth.TTL, maxTTL))
}
}

for _, groupName := range groupNames {
if groupName == "" {
continue
Expand Down

0 comments on commit b3c9358

Please sign in to comment.