Closed bbbyerly closed 1 year ago
Integrating Okta MFA into the forked Openvpn docker image used for running Openvpn CE from ECS containers. Latest version of Alpine doesn't support python2 so ported to python3 and revised from https://github.com/jpf/okta-openvpn.
https://github.com/jpf/okta-openvpn
(venv) bdbyerly@bbyerlys-MacBook-Pro okta % bash run.sh pwd okta_openvpn-MainProcess[42442]: okta_openvpn: Authenticating username user_MFA_REQUIRED@example.com okta_openvpn-MainProcess[42442]: okta_openvpn: User user_MFA_REQUIRED@example.com password validates, checking second factor okta_openvpn-MainProcess[42442]: okta_openvpn: factor: {'factorType': 'question', '_links': {'verify': {'href': 'http://mocked-okta-api.herokuapp.com/api/v1/authn/factors/ufsm3jZGDQXPJDEIXZMP/verify', 'hints': {'allow': ['POST']}}}, 'id': 'ufsm3jZGDQXPJDEIXZMP', 'profile': {'question': 'disliked_food', 'questionText': 'What is the food you least like?'}, 'provider': 'OKTA'} okta_openvpn-MainProcess[42442]: okta_openvpn: factor: {'factorType': 'token', '_links': {'verify': {'href': 'http://mocked-okta-api.herokuapp.com/api/v1/authn/factors/rsalhpMQVYKHZKXZJQEW/verify', 'hints': {'allow': ['POST']}}}, 'id': 'rsalhpMQVYKHZKXZJQEW', 'profile': {'credentialId': 'isaac@example.org'}, 'provider': 'RSA'} okta_openvpn-MainProcess[42442]: okta_openvpn: factor: {'factorType': 'token:software:totp', '_links': {'verify': {'href': 'http://mocked-okta-api.herokuapp.com/api/v1/authn/factors/uftm3iHSGFQXHCUSDAND/verify', 'hints': {'allow': ['POST']}}}, 'id': 'uftm3iHSGFQXHCUSDAND', 'profile': {'credentialId': 'isaac@example.org'}, 'provider': 'GOOGLE'} okta_openvpn-MainProcess[42442]: okta_openvpn: factor: {'factorType': 'token:software:totp', '_links': {'verify': {'href': 'http://mocked-okta-api.herokuapp.com/api/v1/authn/factors/ostfm3hPNYSOIOIVTQWY/verify', 'hints': {'allow': ['POST']}}}, 'id': 'ostfm3hPNYSOIOIVTQWY', 'profile': {'credentialId': 'isaac@example.org'}, 'provider': 'OKTA'} okta_openvpn-MainProcess[42442]: okta_openvpn: User user_MFA_REQUIRED@example.com is now authenticated with MFA via Okta API
Overview
Integrating Okta MFA into the forked Openvpn docker image used for running Openvpn CE from ECS containers. Latest version of Alpine doesn't support python2 so ported to python3 and revised from
https://github.com/jpf/okta-openvpn
.Related Work
Testing
Additional Notes