Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] Add SSO MFA prompt for WebUI MFA flows #50529

Merged
merged 6 commits into from
Jan 21, 2025
Merged

[v17] Add SSO MFA prompt for WebUI MFA flows #50529

merged 6 commits into from
Jan 21, 2025

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Dec 20, 2024
edited
Loading

Changelog: Add full SSO MFA support for the WebUI.

Backport #4979, #50793, and #50844 to branch/v17

@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-50529.d212ksyjt6y4yg.amplifyapp.com

zmb3
zmb3 requested changes Dec 23, 2024
View reviewed changes
web/packages/teleport/src/DesktopSession/useDesktopSession.tsx Outdated
@@ -22,7 +22,7 @@ import { useParams } from 'react-router';
import useAttempt from 'shared/hooks/useAttemptNext';

import { ButtonState } from 'teleport/lib/tdp';
import { useMfa } from 'teleport/lib/useMfa';
import { useMfaTty } from 'teleport/lib/useMfa';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure this breaks per-session MFA for desktops: see #50557

Requesting changes and adding a do-not-merge label to prevent this from getting in a release.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added the fix #50793 into this backport

@Joerger Joerger linked an issue Jan 6, 2025 that may be closed by this pull request
Per-session MFA for desktops is broken #50557
Closed
@Joerger Joerger removed a link to an issue Jan 6, 2025
Per-session MFA for desktops is broken #50557
Closed
This was referenced Jan 6, 2025
Merged
Merged
@Joerger Joerger force-pushed the joerger/v17/sso-mfa-method branch from b9adc43 to 5ec8278 Compare January 13, 2025 18:25
@Joerger Joerger requested a review from zmb3 January 13, 2025 18:25
@Joerger Joerger force-pushed the joerger/v17/sso-mfa-method branch from 8acdf41 to 6799f94 Compare January 14, 2025 19:43
@Joerger
Copy link
Contributor Author

Joerger commented Jan 16, 2025

@zmb3 The Desktop Access regression has been fixed and backported here, can you take another look?

@Joerger Joerger force-pushed the joerger/v17/sso-mfa-method branch from e3a2c31 to 5676dfb Compare January 16, 2025 19:40
@camscale camscale mentioned this pull request Jan 17, 2025
Merged
@Joerger
Add SSO MFA prompt for WebUI MFA flows (#49794)
038a3a6 
* Include sso channel ID in web mfa challenges.

* Handle SSO MFA challenges.

* Handle sso response in backend.

* Handle non-webauthn mfa response for file transfer, admin actions, and app session.

* Simplify useMfa with new helpers.

* Fix lint.

* Use AuthnDialog for file transfers; Fix json backend logic for file transfers.

* Make useMfa and AuthnDialog more reusable and error proof.

* Use AuthnDialog for App sessions.

* Resolve comments.

* Fix broken app launcher; improve mfaRequired logic in useMfa.

* Fix AuthnDialog test.

* Fix merge conflict with Db web access.

* fix stories.

* Refactor mfa required logic.

* Address bl-nero's comments.

* Address Ryan's comments.

* Add useMfa unit test.

* Fix story lint.

* Replace Promise.withResolvers for compatiblity with older browers; Fix bug where MFA couldn't be retried after a failed attempt; Add extra tests.
@Joerger
Fix Per-session MFA for desktops (#50793)
270ce4a 
* Add sendChallengeResponse implementation for desktop sessions.

* Rename useMfaTty to useMfaEmitter.
@Joerger
Remove unused code.
9bbcac4
@Joerger
Fix useMfa error handling (#50844)
f5f100b 
* Fix useMfa cancel logic to avoid duplicate error messages across dialog layers.

* Add MfaCanceledError and use promise.reject for mfa cancel.

* Address comments.

* Fix test.

* Remove outdated comment.

* Add comment; Simplify who dialog logic.
@Joerger Joerger force-pushed the joerger/v17/sso-mfa-method branch from 5676dfb to f5f100b Compare January 21, 2025 18:32
@Joerger Joerger enabled auto-merge January 21, 2025 21:44
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from bl-nero January 21, 2025 22:44
@Joerger Joerger added this pull request to the merge queue Jan 21, 2025
Merged via the queue into branch/v17 with commit 7916a96 Jan 21, 2025
43 checks passed
@Joerger Joerger deleted the joerger/v17/sso-mfa-method branch January 21, 2025 23:21
@BrewTestBot BrewTestBot mentioned this pull request Jan 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanclark ryanclark ryanclark approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees
No one assigned
Labels
backport size/md ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Joerger @zmb3 @ryanclark @r0mant