goldfish icon indicating copy to clipboard operation
goldfish copied to clipboard

Published 20 hours ago verified publisher icon Caiyeon

Feature request: TLS Certificate Auth Method

Open jdelic opened this issue 7 years ago • 1 comments
trafficstars

It would be fantastic if Goldfish could "proxy" the TLS auth backend and request a client-side certificate from the browser, using it to receive a token from Vault. As Vault is still lacking support for generic OAuth endpoints this would at least support one commonly used "enterprise login" method.

jdelic avatar Feb 04 '18 06:02 jdelic

Without loading the private key, it's impossible to communicate properly with Vault and retrieve a token. The only way to do this would be to require the end user to upload both the public and private key. This is programatically possible using go's TLS package, but this feature would require a lot of testing and proper integration tests, which I currently don't have the time for. I'll leave this issue open in case anyone wants to try implementing it, but the likelihood of this being implemented is fairly low.

Caiyeon avatar Feb 05 '18 00:02 Caiyeon