Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO MFA - fail gracefully when the Proxy is down #48641

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SSO MFA - fail gracefully when the Proxy is down #48641

wants to merge 1 commit into from
+9 −6

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Nov 7, 2024

Allow SSO MFA to fail gracefully on the client when the Proxy is down. The SSO MFA ceremony construct fails because it can't create the redirector flow without the proxy addr.

Fixes #48633

marcoandredinis
marcoandredinis approved these changes Nov 8, 2024
View reviewed changes
api/mfa/ceremony.go
return nil, trace.Wrap(err, "failed to handle SSO MFA ceremony")
// We may fail to start the SSO MFA flow in cases where the Proxy is down or broken. Fall
// back to skipping SSO MFA, especially since SSO MFA may not even be allowed on the server.
slog.DebugContext(ctx, "Failed to attempt SSO MFA, continuing with other MFA methods.", "error", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
slog.DebugContext(ctx, "Failed to attempt SSO MFA, continuing with other MFA methods.", "error", err)
slog.DebugContext(ctx, "Failed to attempt SSO MFA, continuing with other MFA methods", "error", err)

From rfd154

  1. The message should be a fragment, and not a full sentence. Terminating the message with punctuation should be avoided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

Assignees
No one assigned
Labels
backport/branch/v17 merge-for-v17 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tctl users add fails on auth-only cluster
3 participants
@Joerger @marcoandredinis @rosstimothy