Handle SSO device in oneof switches.

gravitational · Oct 11, 2024 · 75ed533 · 75ed533
1 parent afcdefe
commit 75ed533
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/api/types/mfa.go b/api/types/mfa.go
@@ -125,6 +125,8 @@ func (d *MFADevice) WithoutSensitiveData() (*MFADevice, error) {
 		// OK, no sensitive secrets.
 	case *MFADevice_Webauthn:
 		// OK, no sensitive secrets.
+	case *MFADevice_Sso:
+		// OK, no sensitive secrets.
 	default:
 		return nil, trace.BadParameter("unsupported MFADevice type %T", d.Device)
 	}
@@ -146,13 +148,15 @@ func (d *MFADevice) SetExpiry(exp time.Time) { d.Metadata.SetExpiry(exp) }
 
 // MFAType returns the human-readable name of the MFA protocol of this device.
 func (d *MFADevice) MFAType() string {
-	switch d.Device.(type) {
+	switch d := d.Device.(type) {
 	case *MFADevice_Totp:
 		return "TOTP"
 	case *MFADevice_U2F:
 		return "U2F"
 	case *MFADevice_Webauthn:
 		return "WebAuthn"
+	case *MFADevice_Sso:
+		return d.Sso.ConnectorType
 	default:
 		return "unknown"
 	}

diff --git a/lib/auth/auth.go b/lib/auth/auth.go
@@ -6760,6 +6760,7 @@ func (a *Server) mfaAuthChallenge(ctx context.Context, user string, challengeExt
 type devicesByType struct {
 	TOTP     bool
 	Webauthn []*types.MFADevice
+	SSO      *types.MFADevice
 }
 
 func groupByDeviceType(devs []*types.MFADevice, groupWebauthn bool) devicesByType {
@@ -6776,6 +6777,8 @@ func groupByDeviceType(devs []*types.MFADevice, groupWebauthn bool) devicesByTyp
 			if groupWebauthn {
 				res.Webauthn = append(res.Webauthn, dev)
 			}
+		case *types.MFADevice_Sso:
+			res.SSO = dev
 		default:
 			log.Warningf("Skipping MFA device of unknown type %T.", dev.Device)
 		}