37 lines
1.1 KiB
Go
37 lines
1.1 KiB
Go
|
|
// Package privacyidea implements the domain.MFAProvider interface by delegating
|
||
|
|
// all MFA decisions to a privacyIDEA server. KeyCape contains no MFA logic —
|
||
|
|
// every check and validation call is forwarded verbatim to privacyIDEA.
|
||
|
|
package privacyidea
|
||
|
|
|
||
|
|
import "net/http"
|
||
|
|
|
||
|
|
// Config holds all connection parameters for the privacyIDEA adapter.
|
||
|
|
type Config struct {
|
||
|
|
// BaseURL is the privacyIDEA server base URL, e.g. "https://privacyidea.local".
|
||
|
|
BaseURL string
|
||
|
|
|
||
|
|
// AdminToken is the service-account JWT used to authenticate requests to the
|
||
|
|
// privacyIDEA admin API.
|
||
|
|
AdminToken string
|
||
|
|
|
||
|
|
// Realm is the privacyIDEA realm to scope token and validate requests.
|
||
|
|
// Defaults to "netkingdom" when empty.
|
||
|
|
Realm string
|
||
|
|
}
|
||
|
|
|
||
|
|
// realm returns the effective realm, falling back to "netkingdom".
|
||
|
|
func (c Config) realm() string {
|
||
|
|
if c.Realm != "" {
|
||
|
|
return c.Realm
|
||
|
|
}
|
||
|
|
return "netkingdom"
|
||
|
|
}
|
||
|
|
|
||
|
|
// HTTPClient is a minimal interface over net/http.Client for test injection.
|
||
|
|
type HTTPClient interface {
|
||
|
|
Do(req *http.Request) (*http.Response, error)
|
||
|
|
}
|
||
|
|
|
||
|
|
// defaultHTTPClient is the production HTTP client used when none is injected.
|
||
|
|
var defaultHTTPClient HTTPClient = &http.Client{}
|