From d4a89dcdb93c271d40befcf544362b6682595a31 Mon Sep 17 00:00:00 2001 From: joerger Date: Fri, 25 Oct 2024 17:53:38 -0700 Subject: [PATCH 01/10] Add SSO provider URLs to ping response. --- api/client/webclient/webclient.go | 6 ++++++ lib/web/apiserver.go | 11 +++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/api/client/webclient/webclient.go b/api/client/webclient/webclient.go index 95ae0ea9747c3..79366751e9ea2 100644 --- a/api/client/webclient/webclient.go +++ b/api/client/webclient/webclient.go @@ -464,6 +464,8 @@ type SAMLSettings struct { Display string `json:"display"` // SingleLogoutEnabled is whether SAML SLO (single logout) is enabled for this auth connector. SingleLogoutEnabled bool `json:"singleLogoutEnabled,omitempty"` + // SSO is the URL of the identity provider's SSO service. + SSO string } // OIDCSettings contains the Name and Display string for OIDC. @@ -472,6 +474,8 @@ type OIDCSettings struct { Name string `json:"name"` // Display is the display name for the connector. Display string `json:"display"` + // Issuer URL is the endpoint of the provider + IssuerURL string } // GithubSettings contains the Name and Display string for Github connector. @@ -480,6 +484,8 @@ type GithubSettings struct { Name string `json:"name"` // Display is the connector display name Display string `json:"display"` + // EndpointURL is the endpoint URL. + EndpointURL string } // DeviceTrustSettings holds cluster-wide device trust settings that are liable diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index faaffa2ff3e1e..09560f6f865c1 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -1278,8 +1278,9 @@ func oidcSettings(connector types.OIDCConnector, cap types.AuthPreference) webcl return webclient.AuthenticationSettings{ Type: constants.OIDC, OIDC: &webclient.OIDCSettings{ - Name: connector.GetName(), - Display: connector.GetDisplay(), + Name: connector.GetName(), + Display: connector.GetDisplay(), + IssuerURL: connector.GetIssuerURL(), }, // Local fallback / MFA. SecondFactor: types.LegacySecondFactorFromSecondFactors(cap.GetSecondFactors()), @@ -1298,6 +1299,7 @@ func samlSettings(connector types.SAMLConnector, cap types.AuthPreference) webcl Name: connector.GetName(), Display: connector.GetDisplay(), SingleLogoutEnabled: connector.GetSingleLogoutURL() != "", + SSO: connector.GetSSO(), }, // Local fallback / MFA. SecondFactor: types.LegacySecondFactorFromSecondFactors(cap.GetSecondFactors()), @@ -1313,8 +1315,9 @@ func githubSettings(connector types.GithubConnector, cap types.AuthPreference) w return webclient.AuthenticationSettings{ Type: constants.Github, Github: &webclient.GithubSettings{ - Name: connector.GetName(), - Display: connector.GetDisplay(), + Name: connector.GetName(), + Display: connector.GetDisplay(), + EndpointURL: connector.GetEndpointURL(), }, // Local fallback / MFA. SecondFactor: types.LegacySecondFactorFromSecondFactors(cap.GetSecondFactors()), From 0d993a613bdaebc6fc39307e0e4cb341e88442da Mon Sep 17 00:00:00 2001 From: joerger Date: Fri, 25 Oct 2024 18:22:09 -0700 Subject: [PATCH 02/10] Add SSOHostname to profile. --- api/profile/profile.go | 3 +++ lib/client/api.go | 31 +++++++++++++++++++++++++++++-- lib/client/client_store.go | 2 ++ lib/client/profile.go | 4 ++++ 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/api/profile/profile.go b/api/profile/profile.go index 02a63e2cd171a..9fd038e09aaea 100644 --- a/api/profile/profile.go +++ b/api/profile/profile.go @@ -119,6 +119,9 @@ type Profile struct { // SSHDialTimeout is the timeout value that should be used for SSH connections. SSHDialTimeout time.Duration `yaml:"ssh_dial_timeout,omitempty"` + + // SSOHostname is the hostname of the SSO provider used to login.. + SSOHostname string `yaml:"sso_hostname,omitempty"` } // Copy returns a shallow copy of p, or nil if p is nil. diff --git a/lib/client/api.go b/lib/client/api.go index 0a7b35dbd5e51..b32ba5a5290f0 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -516,6 +516,9 @@ type Config struct { // HasTouchIDCredentialsFunc allows tests to override touchid.HasCredentials. // If nil touchid.HasCredentials is used. HasTouchIDCredentialsFunc func(rpID, user string) bool + + // SSOHostname is the hostname of the SSO provider used to login.. + SSOHostname string } // CachePolicy defines cache policy for local clients @@ -847,6 +850,8 @@ func (c *Config) LoadProfile(ps ProfileStore, proxyAddr string) error { c.PIVSlot = profile.PIVSlot c.SAMLSingleLogoutEnabled = profile.SAMLSingleLogoutEnabled c.SSHDialTimeout = profile.SSHDialTimeout + c.SSOHostname = profile.SSOHostname + c.AuthenticatorAttachment, err = parseMFAMode(profile.MFAMode) if err != nil { return trace.BadParameter("unable to parse mfa mode in user profile: %v.", err) @@ -897,6 +902,7 @@ func (c *Config) Profile() *profile.Profile { PIVSlot: c.PIVSlot, SAMLSingleLogoutEnabled: c.SAMLSingleLogoutEnabled, SSHDialTimeout: c.SSHDialTimeout, + SSOHostname: c.SSOHostname, } } @@ -4261,7 +4267,9 @@ You may use the --skip-version-check flag to bypass this check. // cached, there is no need to do this test again. tc.TLSRoutingConnUpgradeRequired = client.IsALPNConnUpgradeRequired(ctx, tc.WebProxyAddr, tc.InsecureSkipVerify) - tc.applyAuthSettings(pr.Auth) + if err := tc.applyAuthSettings(pr.Auth); err != nil { + return nil, trace.Wrap(err) + } tc.lastPing = pr @@ -4540,7 +4548,7 @@ func (tc *TeleportClient) applyProxySettings(proxySettings webclient.ProxySettin // applyAuthSettings updates configuration changes based on the advertised // authentication settings, overriding existing fields in tc. -func (tc *TeleportClient) applyAuthSettings(authSettings webclient.AuthenticationSettings) { +func (tc *TeleportClient) applyAuthSettings(authSettings webclient.AuthenticationSettings) error { tc.LoadAllCAs = authSettings.LoadAllCAs // If PIVSlot is not already set, default to the server setting. @@ -4552,6 +4560,25 @@ func (tc *TeleportClient) applyAuthSettings(authSettings webclient.Authenticatio if authSettings.PrivateKeyPolicy != "" && !authSettings.PrivateKeyPolicy.IsSatisfiedBy(tc.PrivateKeyPolicy) { tc.PrivateKeyPolicy = authSettings.PrivateKeyPolicy } + + var ssoURL *url.URL + var err error + switch { + case authSettings.OIDC != nil: + ssoURL, err = url.Parse(authSettings.OIDC.IssuerURL) + case authSettings.SAML != nil: + ssoURL, err = url.Parse(authSettings.SAML.SSO) + case authSettings.Github != nil: + ssoURL, err = url.Parse(authSettings.Github.EndpointURL) + } + if err != nil { + return trace.Wrap(err) + } + if ssoURL != nil { + tc.SSOHostname = ssoURL.Hostname() + } + + return nil } // AddTrustedCA adds a new CA as trusted CA for this client, used in tests diff --git a/lib/client/client_store.go b/lib/client/client_store.go index c62c36e9b3d84..d5543d3292086 100644 --- a/lib/client/client_store.go +++ b/lib/client/client_store.go @@ -202,6 +202,7 @@ func (s *Store) ReadProfileStatus(profileName string) (*ProfileStatus, error) { // Set ValidUntil to now to show that the keys are not available. ValidUntil: time.Now(), SAMLSingleLogoutEnabled: profile.SAMLSingleLogoutEnabled, + SSOHostname: profile.SSOHostname, }, nil } return nil, trace.Wrap(err) @@ -217,6 +218,7 @@ func (s *Store) ReadProfileStatus(profileName string) (*ProfileStatus, error) { SiteName: profile.SiteName, KubeProxyAddr: profile.KubeProxyAddr, SAMLSingleLogoutEnabled: profile.SAMLSingleLogoutEnabled, + SSOHostname: profile.SSOHostname, IsVirtual: !onDisk, }) } diff --git a/lib/client/profile.go b/lib/client/profile.go index e335cd62e5137..c44ec47cde45e 100644 --- a/lib/client/profile.go +++ b/lib/client/profile.go @@ -242,6 +242,9 @@ type ProfileStatus struct { // SAMLSingleLogoutEnabled is whether SAML SLO (single logout) is enabled, this can only be true if this is a SAML SSO session // using an auth connector with a SAML SLO URL configured. SAMLSingleLogoutEnabled bool + + // SSOHostname is the hostname of the SSO provider used to login.. + SSOHostname string } // profileOptions contains fields needed to initialize a profile beyond those @@ -255,6 +258,7 @@ type profileOptions struct { KubeProxyAddr string IsVirtual bool SAMLSingleLogoutEnabled bool + SSOHostname string } // profileStatueFromKeyRing returns a ProfileStatus for the given key ring and options. From 9ae67e2dd85619245cf6cda1d440f834e517d9c2 Mon Sep 17 00:00:00 2001 From: joerger Date: Fri, 25 Oct 2024 18:31:34 -0700 Subject: [PATCH 03/10] Add SSOHostname to teleterm cluster. --- .../go/teleport/lib/teleterm/v1/cluster.pb.go | 237 +++++++++--------- .../ts/teleport/lib/teleterm/v1/cluster_pb.ts | 16 +- lib/client/profile.go | 1 + .../apiserver/handler/handler_clusters.go | 1 + lib/teleterm/clusters/cluster.go | 2 + lib/teleterm/clusters/storage.go | 1 + proto/teleport/lib/teleterm/v1/cluster.proto | 2 + 7 files changed, 146 insertions(+), 114 deletions(-) diff --git a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go index 1f6b225b4df1f..5f721ed8e74e3 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go @@ -184,6 +184,8 @@ type Cluster struct { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. ProfileStatusError string `protobuf:"bytes,12,opt,name=profile_status_error,json=profileStatusError,proto3" json:"profile_status_error,omitempty"` + // sso_hostname is the hostname of the SSO provider used to login.. + SsoHostname string `protobuf:"bytes,13,opt,name=sso_hostname,json=ssoHostname,proto3" json:"sso_hostname,omitempty"` } func (x *Cluster) Reset() { @@ -293,6 +295,13 @@ func (x *Cluster) GetProfileStatusError() string { return "" } +func (x *Cluster) GetSsoHostname() string { + if x != nil { + return x.SsoHostname + } + return "" +} + // LoggedInUser describes a logged-in user type LoggedInUser struct { state protoimpl.MessageState @@ -715,7 +724,7 @@ var file_teleport_lib_teleterm_v1_cluster_proto_rawDesc = []byte{ 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, - 0x76, 0x31, 0x22, 0xdd, 0x03, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x10, + 0x76, 0x31, 0x22, 0x80, 0x04, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x68, 0x6f, @@ -745,124 +754,126 @@ var file_teleport_lib_teleterm_v1_cluster_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x22, 0xac, 0x03, 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, - 0x73, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x1d, 0x0a, - 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x09, 0x73, 0x73, 0x68, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x12, 0x2f, 0x0a, 0x03, - 0x61, 0x63, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x6f, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x73, 0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x73, 0x6f, 0x48, 0x6f, 0x73, + 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xac, 0x03, 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, + 0x49, 0x6e, 0x55, 0x73, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, + 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, + 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x73, 0x68, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x12, + 0x2f, 0x0a, 0x03, 0x61, 0x63, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, + 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x61, 0x63, 0x6c, + 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x73, 0x75, 0x67, + 0x67, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, + 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, 0x74, 0x65, + 0x64, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, + 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, + 0x6c, 0x65, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, 0x73, + 0x65, 0x72, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x75, 0x73, 0x65, + 0x72, 0x54, 0x79, 0x70, 0x65, 0x22, 0x4d, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, + 0x65, 0x12, 0x19, 0x0a, 0x15, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, + 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x10, + 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, + 0x53, 0x4f, 0x10, 0x02, 0x22, 0xc8, 0x07, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x51, 0x0a, 0x0f, + 0x61, 0x75, 0x74, 0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, + 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, + 0x0e, 0x61, 0x75, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x12, + 0x3e, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, + 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, + 0x3e, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, + 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, + 0x53, 0x0a, 0x10, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, + 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, - 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x61, 0x63, 0x6c, 0x12, 0x27, 0x0a, - 0x0f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, - 0x74, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, 0x18, 0x06, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x12, 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, 0x74, 0x65, 0x64, 0x52, 0x65, - 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, - 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x52, 0x0f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x73, 0x12, 0x40, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x40, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, + 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x3c, 0x0a, 0x04, + 0x61, 0x70, 0x70, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x3a, 0x0a, 0x03, 0x64, 0x62, + 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, 0x73, 0x65, 0x72, 0x2e, - 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x54, 0x79, - 0x70, 0x65, 0x22, 0x4d, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, - 0x0a, 0x15, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, - 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x55, 0x53, 0x45, - 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x11, - 0x0a, 0x0d, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x53, 0x4f, 0x10, - 0x02, 0x22, 0xc8, 0x07, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x75, 0x74, - 0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, - 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x75, - 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x05, - 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, + 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x52, 0x03, 0x64, 0x62, 0x73, 0x12, 0x4a, 0x0a, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x05, - 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, 0x10, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x52, 0x0f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x73, 0x12, 0x40, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x73, 0x12, 0x40, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, - 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x3c, 0x0a, 0x04, 0x61, 0x70, 0x70, - 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, - 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x3a, 0x0a, 0x03, 0x64, 0x62, 0x73, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, - 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x03, - 0x64, 0x62, 0x73, 0x12, 0x4a, 0x0a, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x52, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, - 0x51, 0x0a, 0x0f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x52, 0x0e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x73, 0x12, 0x55, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, 0x64, 0x5f, 0x73, - 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x10, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, - 0x64, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x63, 0x74, - 0x69, 0x76, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0e, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, - 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08, 0x01, - 0x10, 0x02, 0x52, 0x08, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x8e, 0x01, 0x0a, - 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, - 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6c, - 0x69, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x04, 0x72, 0x65, 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x64, 0x69, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x65, 0x64, 0x69, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, - 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x63, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, - 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x75, 0x73, 0x65, 0x22, 0x7b, 0x0a, - 0x08, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x61, 0x64, 0x76, - 0x61, 0x6e, 0x63, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x77, 0x6f, 0x72, - 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x61, 0x64, - 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x57, 0x6f, 0x72, 0x6b, - 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x12, 0x33, 0x0a, 0x16, 0x69, 0x73, 0x5f, 0x75, 0x73, 0x61, 0x67, - 0x65, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x64, 0x5f, 0x62, 0x69, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x69, 0x73, 0x55, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, - 0x73, 0x65, 0x64, 0x42, 0x69, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x2a, 0x73, 0x0a, 0x0d, 0x53, 0x68, - 0x6f, 0x77, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x53, - 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x55, 0x4e, - 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x53, - 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x52, 0x45, - 0x51, 0x55, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x53, - 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x41, 0x43, - 0x43, 0x45, 0x53, 0x53, 0x49, 0x42, 0x4c, 0x45, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x42, - 0x54, 0x5a, 0x52, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, - 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, - 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x74, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x74, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x72, 0x6d, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x55, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, + 0x64, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, + 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x10, 0x72, 0x65, 0x63, 0x6f, + 0x72, 0x64, 0x65, 0x64, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0f, + 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, + 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, + 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x4a, + 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x08, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, + 0x8e, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x72, 0x65, 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x64, + 0x69, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x65, 0x64, 0x69, 0x74, 0x12, 0x16, + 0x0a, 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, + 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x75, 0x73, 0x65, + 0x22, 0x7b, 0x0a, 0x08, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, + 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, + 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x17, 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x57, + 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x12, 0x33, 0x0a, 0x16, 0x69, 0x73, 0x5f, 0x75, + 0x73, 0x61, 0x67, 0x65, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x64, 0x5f, 0x62, 0x69, 0x6c, 0x6c, 0x69, + 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x69, 0x73, 0x55, 0x73, 0x61, 0x67, + 0x65, 0x42, 0x61, 0x73, 0x65, 0x64, 0x42, 0x69, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x2a, 0x73, 0x0a, + 0x0d, 0x53, 0x68, 0x6f, 0x77, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, + 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, + 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, + 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x22, + 0x0a, 0x1e, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, + 0x5f, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x49, 0x42, 0x4c, 0x45, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, + 0x10, 0x02, 0x42, 0x54, 0x5a, 0x52, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, + 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, + 0x62, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x74, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts index 4d625ed932b8c..bc3f97a09a83e 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts @@ -120,6 +120,12 @@ export interface Cluster { * @generated from protobuf field: string profile_status_error = 12; */ profileStatusError: string; + /** + * sso_hostname is the hostname of the SSO provider used to login.. + * + * @generated from protobuf field: string sso_hostname = 13; + */ + ssoHostname: string; } /** * LoggedInUser describes a logged-in user @@ -377,7 +383,8 @@ class Cluster$Type extends MessageType { { no: 9, name: "auth_cluster_id", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 10, name: "proxy_version", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 11, name: "show_resources", kind: "enum", T: () => ["teleport.lib.teleterm.v1.ShowResources", ShowResources, "SHOW_RESOURCES_"] }, - { no: 12, name: "profile_status_error", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 12, name: "profile_status_error", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 13, name: "sso_hostname", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): Cluster { @@ -391,6 +398,7 @@ class Cluster$Type extends MessageType { message.proxyVersion = ""; message.showResources = 0; message.profileStatusError = ""; + message.ssoHostname = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -433,6 +441,9 @@ class Cluster$Type extends MessageType { case /* string profile_status_error */ 12: message.profileStatusError = reader.string(); break; + case /* string sso_hostname */ 13: + message.ssoHostname = reader.string(); + break; default: let u = options.readUnknownField; if (u === "throw") @@ -478,6 +489,9 @@ class Cluster$Type extends MessageType { /* string profile_status_error = 12; */ if (message.profileStatusError !== "") writer.tag(12, WireType.LengthDelimited).string(message.profileStatusError); + /* string sso_hostname = 13; */ + if (message.ssoHostname !== "") + writer.tag(13, WireType.LengthDelimited).string(message.ssoHostname); let u = options.writeUnknownFields; if (u !== false) (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); diff --git a/lib/client/profile.go b/lib/client/profile.go index c44ec47cde45e..c58bf0cb2faa5 100644 --- a/lib/client/profile.go +++ b/lib/client/profile.go @@ -379,6 +379,7 @@ func profileStatusFromKeyRing(keyRing *KeyRing, opts profileOptions) (*ProfileSt IsVirtual: opts.IsVirtual, AllowedResourceIDs: allowedResourceIDs, SAMLSingleLogoutEnabled: opts.SAMLSingleLogoutEnabled, + SSOHostname: opts.SSOHostname, }, nil } diff --git a/lib/teleterm/apiserver/handler/handler_clusters.go b/lib/teleterm/apiserver/handler/handler_clusters.go index 61711395034f2..4dff36c52c216 100644 --- a/lib/teleterm/apiserver/handler/handler_clusters.go +++ b/lib/teleterm/apiserver/handler/handler_clusters.go @@ -105,6 +105,7 @@ func newAPIRootCluster(cluster *clusters.Cluster) *api.Cluster { Roles: loggedInUser.Roles, ActiveRequests: loggedInUser.ActiveRequests, }, + SsoHostname: cluster.SSOHostname, } if cluster.GetProfileStatusError() != nil { diff --git a/lib/teleterm/clusters/cluster.go b/lib/teleterm/clusters/cluster.go index 2c7fd4129cd5f..5057a63f64d09 100644 --- a/lib/teleterm/clusters/cluster.go +++ b/lib/teleterm/clusters/cluster.go @@ -62,6 +62,8 @@ type Cluster struct { clusterClient *client.TeleportClient // clock is a clock for time-related operations clock clockwork.Clock + // SSOHostname is the hostname of the SSO provider used to login.. + SSOHostname string } type ClusterWithDetails struct { diff --git a/lib/teleterm/clusters/storage.go b/lib/teleterm/clusters/storage.go index 79e6f63f57a0d..6694f32bc9f47 100644 --- a/lib/teleterm/clusters/storage.go +++ b/lib/teleterm/clusters/storage.go @@ -245,6 +245,7 @@ func (s *Storage) fromProfile(profileName, leafClusterName string) (*Cluster, *c } if status != nil { cluster.status = *status + cluster.SSOHostname = status.SSOHostname } return cluster, clusterClient, trace.Wrap(err) diff --git a/proto/teleport/lib/teleterm/v1/cluster.proto b/proto/teleport/lib/teleterm/v1/cluster.proto index 2c02885b6797f..c0d50e81d00f3 100644 --- a/proto/teleport/lib/teleterm/v1/cluster.proto +++ b/proto/teleport/lib/teleterm/v1/cluster.proto @@ -64,6 +64,8 @@ message Cluster { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. string profile_status_error = 12; + // sso_hostname is the hostname of the SSO provider used to login.. + string sso_hostname = 13; } // ShowResources tells if the cluster can show requestable resources on the resources page. From 6f994a88426d35c0c0a84fbeb67dfe0aa7172712 Mon Sep 17 00:00:00 2001 From: joerger Date: Mon, 28 Oct 2024 11:04:12 -0700 Subject: [PATCH 04/10] Add SSO hostname to connect's proxy host allow list. --- .../rootClusterProxyHostAllowList.ts | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts index 979adc3b96545..e61839c65496b 100644 --- a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts +++ b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts @@ -77,22 +77,24 @@ export function manageRootClusterProxyHostAllowList({ allowList.clear(); for (const rootCluster of rootClusters) { - if (!rootCluster.proxyHost) { - continue; + if (rootCluster.proxyHost) { + let browserProxyHost: string; + try { + browserProxyHost = proxyHostToBrowserProxyHost(rootCluster.proxyHost); + } catch (error) { + logger.error( + 'Ran into an error when converting proxy host to browser proxy host', + error + ); + continue; + } + allowList.add(browserProxyHost); } - let browserProxyHost: string; - try { - browserProxyHost = proxyHostToBrowserProxyHost(rootCluster.proxyHost); - } catch (error) { - logger.error( - 'Ran into an error when converting proxy host to browser proxy host', - error - ); - continue; + // Allow the SSO hostname for SSO login/mfa redirects. + if (rootCluster.ssoHostname) { + allowList.add(rootCluster.ssoHostname); } - - allowList.add(browserProxyHost); } }; From 4318f1df09088e4f48e3b9d0a1c50ef473efb6af Mon Sep 17 00:00:00 2001 From: joerger Date: Mon, 28 Oct 2024 13:06:43 -0700 Subject: [PATCH 05/10] Fix lint. --- web/packages/teleterm/src/services/tshd/testHelpers.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/packages/teleterm/src/services/tshd/testHelpers.ts b/web/packages/teleterm/src/services/tshd/testHelpers.ts index e993dd8ac9d6f..a44cbc934d4d2 100644 --- a/web/packages/teleterm/src/services/tshd/testHelpers.ts +++ b/web/packages/teleterm/src/services/tshd/testHelpers.ts @@ -92,6 +92,7 @@ export const makeRootCluster = ( showResources: ShowResources.REQUESTABLE, profileStatusError: '', ...props, + ssoHostname: 'example.auth0.com', }); export const makeLeafCluster = ( @@ -108,6 +109,7 @@ export const makeLeafCluster = ( profileStatusError: '', showResources: ShowResources.UNSPECIFIED, ...props, + ssoHostname: 'example.auth0.com', }); export const makeLoggedInUser = ( From 43fa89266e9380588839014a1a57750c4c5cefd9 Mon Sep 17 00:00:00 2001 From: joerger Date: Wed, 30 Oct 2024 12:02:30 -0700 Subject: [PATCH 06/10] Address comments. --- api/profile/profile.go | 2 +- gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go | 2 +- gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts | 2 +- lib/client/api.go | 2 +- lib/client/profile.go | 2 +- lib/teleterm/clusters/cluster.go | 2 +- proto/teleport/lib/teleterm/v1/cluster.proto | 2 +- .../teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts | 3 +-- web/packages/teleterm/src/services/tshd/testHelpers.ts | 4 ++-- 9 files changed, 10 insertions(+), 11 deletions(-) diff --git a/api/profile/profile.go b/api/profile/profile.go index 9fd038e09aaea..7e28716ebb5f9 100644 --- a/api/profile/profile.go +++ b/api/profile/profile.go @@ -120,7 +120,7 @@ type Profile struct { // SSHDialTimeout is the timeout value that should be used for SSH connections. SSHDialTimeout time.Duration `yaml:"ssh_dial_timeout,omitempty"` - // SSOHostname is the hostname of the SSO provider used to login.. + // SSOHostname is the hostname of the SSO provider used to log in. SSOHostname string `yaml:"sso_hostname,omitempty"` } diff --git a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go index 5f721ed8e74e3..a5b693a2c4525 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go @@ -184,7 +184,7 @@ type Cluster struct { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. ProfileStatusError string `protobuf:"bytes,12,opt,name=profile_status_error,json=profileStatusError,proto3" json:"profile_status_error,omitempty"` - // sso_hostname is the hostname of the SSO provider used to login.. + // sso_hostname is the hostname of the SSO provider used to log in. SsoHostname string `protobuf:"bytes,13,opt,name=sso_hostname,json=ssoHostname,proto3" json:"sso_hostname,omitempty"` } diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts index bc3f97a09a83e..1ad9c635153bc 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts @@ -121,7 +121,7 @@ export interface Cluster { */ profileStatusError: string; /** - * sso_hostname is the hostname of the SSO provider used to login.. + * sso_hostname is the hostname of the SSO provider used to log in. * * @generated from protobuf field: string sso_hostname = 13; */ diff --git a/lib/client/api.go b/lib/client/api.go index b32ba5a5290f0..15b8cec01e8b8 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -517,7 +517,7 @@ type Config struct { // If nil touchid.HasCredentials is used. HasTouchIDCredentialsFunc func(rpID, user string) bool - // SSOHostname is the hostname of the SSO provider used to login.. + // SSOHostname is the hostname of the SSO provider used to log in. SSOHostname string } diff --git a/lib/client/profile.go b/lib/client/profile.go index c58bf0cb2faa5..6684a2a33848e 100644 --- a/lib/client/profile.go +++ b/lib/client/profile.go @@ -243,7 +243,7 @@ type ProfileStatus struct { // using an auth connector with a SAML SLO URL configured. SAMLSingleLogoutEnabled bool - // SSOHostname is the hostname of the SSO provider used to login.. + // SSOHostname is the hostname of the SSO provider used to log in. SSOHostname string } diff --git a/lib/teleterm/clusters/cluster.go b/lib/teleterm/clusters/cluster.go index 5057a63f64d09..162087b108cf2 100644 --- a/lib/teleterm/clusters/cluster.go +++ b/lib/teleterm/clusters/cluster.go @@ -62,7 +62,7 @@ type Cluster struct { clusterClient *client.TeleportClient // clock is a clock for time-related operations clock clockwork.Clock - // SSOHostname is the hostname of the SSO provider used to login.. + // SSOHostname is the hostname of the SSO provider used to log in. SSOHostname string } diff --git a/proto/teleport/lib/teleterm/v1/cluster.proto b/proto/teleport/lib/teleterm/v1/cluster.proto index c0d50e81d00f3..c2b311aee9bf3 100644 --- a/proto/teleport/lib/teleterm/v1/cluster.proto +++ b/proto/teleport/lib/teleterm/v1/cluster.proto @@ -64,7 +64,7 @@ message Cluster { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. string profile_status_error = 12; - // sso_hostname is the hostname of the SSO provider used to login.. + // sso_hostname is the hostname of the SSO provider used to log in. string sso_hostname = 13; } diff --git a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts index e61839c65496b..5beb2fdcd7f0d 100644 --- a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts +++ b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts @@ -81,14 +81,13 @@ export function manageRootClusterProxyHostAllowList({ let browserProxyHost: string; try { browserProxyHost = proxyHostToBrowserProxyHost(rootCluster.proxyHost); + allowList.add(browserProxyHost); } catch (error) { logger.error( 'Ran into an error when converting proxy host to browser proxy host', error ); - continue; } - allowList.add(browserProxyHost); } // Allow the SSO hostname for SSO login/mfa redirects. diff --git a/web/packages/teleterm/src/services/tshd/testHelpers.ts b/web/packages/teleterm/src/services/tshd/testHelpers.ts index a44cbc934d4d2..3b2c351a0990c 100644 --- a/web/packages/teleterm/src/services/tshd/testHelpers.ts +++ b/web/packages/teleterm/src/services/tshd/testHelpers.ts @@ -91,8 +91,8 @@ export const makeRootCluster = ( proxyVersion: '11.1.0', showResources: ShowResources.REQUESTABLE, profileStatusError: '', - ...props, ssoHostname: 'example.auth0.com', + ...props, }); export const makeLeafCluster = ( @@ -108,8 +108,8 @@ export const makeLeafCluster = ( proxyVersion: '', profileStatusError: '', showResources: ShowResources.UNSPECIFIED, - ...props, ssoHostname: 'example.auth0.com', + ...props, }); export const makeLoggedInUser = ( From 98751031e5da8fecbde78a5948935b1899e5ee4c Mon Sep 17 00:00:00 2001 From: joerger Date: Thu, 31 Oct 2024 10:59:52 -0700 Subject: [PATCH 07/10] Document use of SSOHostname in the profile. --- api/profile/profile.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/api/profile/profile.go b/api/profile/profile.go index 7e28716ebb5f9..004b8e10367c3 100644 --- a/api/profile/profile.go +++ b/api/profile/profile.go @@ -120,7 +120,9 @@ type Profile struct { // SSHDialTimeout is the timeout value that should be used for SSH connections. SSHDialTimeout time.Duration `yaml:"ssh_dial_timeout,omitempty"` - // SSOHostname is the hostname of the SSO provider used to log in. + // SSOHostname is the hostname of the SSO provider used to log in. Clients can check this value, + // along with WebProxyAddr, to determine if a webpage is safe to open. Currently used by Teleport + // Connect in the proxy host allow list. SSOHostname string `yaml:"sso_hostname,omitempty"` } From 9d0d1fffce814b1359c4ac0321df77ae69a0234f Mon Sep 17 00:00:00 2001 From: joerger Date: Mon, 4 Nov 2024 10:09:15 -0800 Subject: [PATCH 08/10] Use sso host, not hostname. --- api/profile/profile.go | 6 +- .../go/teleport/lib/teleterm/v1/cluster.pb.go | 244 +++++++++--------- .../ts/teleport/lib/teleterm/v1/cluster_pb.ts | 20 +- lib/client/api.go | 10 +- lib/client/client_store.go | 4 +- lib/client/profile.go | 8 +- .../apiserver/handler/handler_clusters.go | 2 +- lib/teleterm/clusters/cluster.go | 4 +- lib/teleterm/clusters/storage.go | 2 +- proto/teleport/lib/teleterm/v1/cluster.proto | 4 +- .../rootClusterProxyHostAllowList.ts | 4 +- .../teleterm/src/services/tshd/testHelpers.ts | 4 +- 12 files changed, 156 insertions(+), 156 deletions(-) diff --git a/api/profile/profile.go b/api/profile/profile.go index 004b8e10367c3..b1449eda148fa 100644 --- a/api/profile/profile.go +++ b/api/profile/profile.go @@ -120,10 +120,10 @@ type Profile struct { // SSHDialTimeout is the timeout value that should be used for SSH connections. SSHDialTimeout time.Duration `yaml:"ssh_dial_timeout,omitempty"` - // SSOHostname is the hostname of the SSO provider used to log in. Clients can check this value, - // along with WebProxyAddr, to determine if a webpage is safe to open. Currently used by Teleport + // SSOHost is the host of the SSO provider used to log in. Clients can check this value, along + // with WebProxyAddr, to determine if a webpage is safe to open. Currently used by Teleport // Connect in the proxy host allow list. - SSOHostname string `yaml:"sso_hostname,omitempty"` + SSOHost string `yaml:"sso_host,omitempty"` } // Copy returns a shallow copy of p, or nil if p is nil. diff --git a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go index a5b693a2c4525..5135263a7855f 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go @@ -184,8 +184,8 @@ type Cluster struct { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. ProfileStatusError string `protobuf:"bytes,12,opt,name=profile_status_error,json=profileStatusError,proto3" json:"profile_status_error,omitempty"` - // sso_hostname is the hostname of the SSO provider used to log in. - SsoHostname string `protobuf:"bytes,13,opt,name=sso_hostname,json=ssoHostname,proto3" json:"sso_hostname,omitempty"` + // sso_host is the host of the SSO provider used to log in. + SsoHost string `protobuf:"bytes,13,opt,name=sso_host,json=ssoHost,proto3" json:"sso_host,omitempty"` } func (x *Cluster) Reset() { @@ -295,9 +295,9 @@ func (x *Cluster) GetProfileStatusError() string { return "" } -func (x *Cluster) GetSsoHostname() string { +func (x *Cluster) GetSsoHost() string { if x != nil { - return x.SsoHostname + return x.SsoHost } return "" } @@ -724,7 +724,7 @@ var file_teleport_lib_teleterm_v1_cluster_proto_rawDesc = []byte{ 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, - 0x76, 0x31, 0x22, 0x80, 0x04, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x10, + 0x76, 0x31, 0x22, 0xf8, 0x03, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x68, 0x6f, @@ -754,126 +754,126 @@ var file_teleport_lib_teleterm_v1_cluster_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x73, 0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x73, 0x6f, 0x48, 0x6f, 0x73, - 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xac, 0x03, 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, - 0x49, 0x6e, 0x55, 0x73, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, - 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, - 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x73, 0x68, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x12, - 0x2f, 0x0a, 0x03, 0x61, 0x63, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, - 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x43, 0x4c, 0x52, 0x03, 0x61, 0x63, 0x6c, - 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x73, 0x75, 0x67, - 0x67, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, 0x74, 0x65, - 0x64, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, - 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, - 0x6c, 0x65, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, 0x73, - 0x65, 0x72, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x75, 0x73, 0x65, - 0x72, 0x54, 0x79, 0x70, 0x65, 0x22, 0x4d, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x19, 0x0a, 0x15, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, - 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x10, - 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, - 0x53, 0x4f, 0x10, 0x02, 0x22, 0xc8, 0x07, 0x0a, 0x03, 0x41, 0x43, 0x4c, 0x12, 0x51, 0x0a, 0x0f, - 0x61, 0x75, 0x74, 0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, - 0x0e, 0x61, 0x75, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x12, - 0x3e, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, - 0x3e, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, - 0x53, 0x0a, 0x10, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, - 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x52, 0x0f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x73, 0x12, 0x40, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x6f, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x73, 0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x73, 0x6f, 0x48, 0x6f, 0x73, 0x74, 0x22, 0xac, 0x03, + 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, 0x73, 0x65, 0x72, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, + 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x73, + 0x68, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x73, 0x12, 0x2f, 0x0a, 0x03, 0x61, 0x63, 0x6c, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, - 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x40, 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x41, 0x43, 0x4c, 0x52, 0x03, 0x61, 0x63, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x63, 0x74, 0x69, + 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, + 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, + 0x73, 0x75, 0x67, 0x67, 0x65, 0x73, 0x74, 0x65, 0x64, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x65, + 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, + 0x65, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, + 0x4c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, + 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, + 0x67, 0x67, 0x65, 0x64, 0x49, 0x6e, 0x55, 0x73, 0x65, 0x72, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x22, 0x4d, 0x0a, + 0x08, 0x55, 0x73, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x55, 0x53, 0x45, + 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, + 0x45, 0x44, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x55, 0x53, 0x45, + 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x53, 0x4f, 0x10, 0x02, 0x22, 0xc8, 0x07, 0x0a, + 0x03, 0x41, 0x43, 0x4c, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x63, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, + 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, - 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x3c, 0x0a, 0x04, - 0x61, 0x70, 0x70, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x3a, 0x0a, 0x03, 0x64, 0x62, - 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, - 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x52, 0x03, 0x64, 0x62, 0x73, 0x12, 0x4a, 0x0a, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x55, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, - 0x64, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x10, 0x72, 0x65, 0x63, 0x6f, - 0x72, 0x64, 0x65, 0x64, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0f, - 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, - 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x4a, - 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x08, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, - 0x8e, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x72, 0x65, 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x64, - 0x69, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x65, 0x64, 0x69, 0x74, 0x12, 0x16, - 0x0a, 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, - 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x10, - 0x0a, 0x03, 0x75, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x75, 0x73, 0x65, - 0x22, 0x7b, 0x0a, 0x08, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, - 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, - 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x17, 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x57, - 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, 0x12, 0x33, 0x0a, 0x16, 0x69, 0x73, 0x5f, 0x75, - 0x73, 0x61, 0x67, 0x65, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x64, 0x5f, 0x62, 0x69, 0x6c, 0x6c, 0x69, - 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x69, 0x73, 0x55, 0x73, 0x61, 0x67, - 0x65, 0x42, 0x61, 0x73, 0x65, 0x64, 0x42, 0x69, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x2a, 0x73, 0x0a, - 0x0d, 0x53, 0x68, 0x6f, 0x77, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, - 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, - 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, - 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x22, - 0x0a, 0x1e, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, - 0x5f, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x49, 0x42, 0x4c, 0x45, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, - 0x10, 0x02, 0x42, 0x54, 0x5a, 0x52, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, - 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, - 0x62, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x74, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, 0x10, 0x74, 0x72, 0x75, 0x73, 0x74, + 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, + 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0f, 0x74, 0x72, 0x75, + 0x73, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x40, 0x0a, 0x06, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, + 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x40, + 0x0a, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, + 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, + 0x12, 0x42, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, + 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x73, 0x12, 0x3c, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, + 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x04, 0x61, 0x70, + 0x70, 0x73, 0x12, 0x3a, 0x0a, 0x03, 0x64, 0x62, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x03, 0x64, 0x62, 0x73, 0x12, 0x4a, + 0x0a, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, + 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0b, 0x6b, + 0x75, 0x62, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x0c, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, + 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x55, 0x0a, + 0x11, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, + 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x52, 0x10, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x65, 0x64, 0x53, 0x65, 0x73, 0x73, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, + 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x72, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x53, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x08, 0x73, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x8e, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x12, + 0x0a, 0x04, 0x72, 0x65, 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x72, 0x65, + 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x64, 0x69, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x04, 0x65, 0x64, 0x69, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, + 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x73, 0x65, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x03, 0x75, 0x73, 0x65, 0x22, 0x7b, 0x0a, 0x08, 0x46, 0x65, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, + 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x61, 0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, + 0x64, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x73, + 0x12, 0x33, 0x0a, 0x16, 0x69, 0x73, 0x5f, 0x75, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x62, 0x61, 0x73, + 0x65, 0x64, 0x5f, 0x62, 0x69, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x13, 0x69, 0x73, 0x55, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x64, 0x42, 0x69, + 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x2a, 0x73, 0x0a, 0x0d, 0x53, 0x68, 0x6f, 0x77, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, + 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, + 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, + 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, + 0x41, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x53, 0x48, 0x4f, 0x57, 0x5f, 0x52, + 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x53, 0x5f, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x49, + 0x42, 0x4c, 0x45, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x42, 0x54, 0x5a, 0x52, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, + 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x72, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x74, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x72, 0x6d, 0x76, 0x31, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts index 1ad9c635153bc..574810287fae4 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts @@ -121,11 +121,11 @@ export interface Cluster { */ profileStatusError: string; /** - * sso_hostname is the hostname of the SSO provider used to log in. + * sso_host is the host of the SSO provider used to log in. * - * @generated from protobuf field: string sso_hostname = 13; + * @generated from protobuf field: string sso_host = 13; */ - ssoHostname: string; + ssoHost: string; } /** * LoggedInUser describes a logged-in user @@ -384,7 +384,7 @@ class Cluster$Type extends MessageType { { no: 10, name: "proxy_version", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 11, name: "show_resources", kind: "enum", T: () => ["teleport.lib.teleterm.v1.ShowResources", ShowResources, "SHOW_RESOURCES_"] }, { no: 12, name: "profile_status_error", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, - { no: 13, name: "sso_hostname", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 13, name: "sso_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): Cluster { @@ -398,7 +398,7 @@ class Cluster$Type extends MessageType { message.proxyVersion = ""; message.showResources = 0; message.profileStatusError = ""; - message.ssoHostname = ""; + message.ssoHost = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -441,8 +441,8 @@ class Cluster$Type extends MessageType { case /* string profile_status_error */ 12: message.profileStatusError = reader.string(); break; - case /* string sso_hostname */ 13: - message.ssoHostname = reader.string(); + case /* string sso_host */ 13: + message.ssoHost = reader.string(); break; default: let u = options.readUnknownField; @@ -489,9 +489,9 @@ class Cluster$Type extends MessageType { /* string profile_status_error = 12; */ if (message.profileStatusError !== "") writer.tag(12, WireType.LengthDelimited).string(message.profileStatusError); - /* string sso_hostname = 13; */ - if (message.ssoHostname !== "") - writer.tag(13, WireType.LengthDelimited).string(message.ssoHostname); + /* string sso_host = 13; */ + if (message.ssoHost !== "") + writer.tag(13, WireType.LengthDelimited).string(message.ssoHost); let u = options.writeUnknownFields; if (u !== false) (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); diff --git a/lib/client/api.go b/lib/client/api.go index 15b8cec01e8b8..ade1e97011cc3 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -517,8 +517,8 @@ type Config struct { // If nil touchid.HasCredentials is used. HasTouchIDCredentialsFunc func(rpID, user string) bool - // SSOHostname is the hostname of the SSO provider used to log in. - SSOHostname string + // SSOHost is the host of the SSO provider used to log in. + SSOHost string } // CachePolicy defines cache policy for local clients @@ -850,7 +850,7 @@ func (c *Config) LoadProfile(ps ProfileStore, proxyAddr string) error { c.PIVSlot = profile.PIVSlot c.SAMLSingleLogoutEnabled = profile.SAMLSingleLogoutEnabled c.SSHDialTimeout = profile.SSHDialTimeout - c.SSOHostname = profile.SSOHostname + c.SSOHost = profile.SSOHost c.AuthenticatorAttachment, err = parseMFAMode(profile.MFAMode) if err != nil { @@ -902,7 +902,7 @@ func (c *Config) Profile() *profile.Profile { PIVSlot: c.PIVSlot, SAMLSingleLogoutEnabled: c.SAMLSingleLogoutEnabled, SSHDialTimeout: c.SSHDialTimeout, - SSOHostname: c.SSOHostname, + SSOHost: c.SSOHost, } } @@ -4575,7 +4575,7 @@ func (tc *TeleportClient) applyAuthSettings(authSettings webclient.Authenticatio return trace.Wrap(err) } if ssoURL != nil { - tc.SSOHostname = ssoURL.Hostname() + tc.SSOHost = ssoURL.Host } return nil diff --git a/lib/client/client_store.go b/lib/client/client_store.go index d5543d3292086..df4fcb05de968 100644 --- a/lib/client/client_store.go +++ b/lib/client/client_store.go @@ -202,7 +202,7 @@ func (s *Store) ReadProfileStatus(profileName string) (*ProfileStatus, error) { // Set ValidUntil to now to show that the keys are not available. ValidUntil: time.Now(), SAMLSingleLogoutEnabled: profile.SAMLSingleLogoutEnabled, - SSOHostname: profile.SSOHostname, + SSOHost: profile.SSOHost, }, nil } return nil, trace.Wrap(err) @@ -218,7 +218,7 @@ func (s *Store) ReadProfileStatus(profileName string) (*ProfileStatus, error) { SiteName: profile.SiteName, KubeProxyAddr: profile.KubeProxyAddr, SAMLSingleLogoutEnabled: profile.SAMLSingleLogoutEnabled, - SSOHostname: profile.SSOHostname, + SSOHost: profile.SSOHost, IsVirtual: !onDisk, }) } diff --git a/lib/client/profile.go b/lib/client/profile.go index 6684a2a33848e..f037d2e67fd23 100644 --- a/lib/client/profile.go +++ b/lib/client/profile.go @@ -243,8 +243,8 @@ type ProfileStatus struct { // using an auth connector with a SAML SLO URL configured. SAMLSingleLogoutEnabled bool - // SSOHostname is the hostname of the SSO provider used to log in. - SSOHostname string + // SSOHost is the host of the SSO provider used to log in. + SSOHost string } // profileOptions contains fields needed to initialize a profile beyond those @@ -258,7 +258,7 @@ type profileOptions struct { KubeProxyAddr string IsVirtual bool SAMLSingleLogoutEnabled bool - SSOHostname string + SSOHost string } // profileStatueFromKeyRing returns a ProfileStatus for the given key ring and options. @@ -379,7 +379,7 @@ func profileStatusFromKeyRing(keyRing *KeyRing, opts profileOptions) (*ProfileSt IsVirtual: opts.IsVirtual, AllowedResourceIDs: allowedResourceIDs, SAMLSingleLogoutEnabled: opts.SAMLSingleLogoutEnabled, - SSOHostname: opts.SSOHostname, + SSOHost: opts.SSOHost, }, nil } diff --git a/lib/teleterm/apiserver/handler/handler_clusters.go b/lib/teleterm/apiserver/handler/handler_clusters.go index 4dff36c52c216..3823fa8811c1c 100644 --- a/lib/teleterm/apiserver/handler/handler_clusters.go +++ b/lib/teleterm/apiserver/handler/handler_clusters.go @@ -105,7 +105,7 @@ func newAPIRootCluster(cluster *clusters.Cluster) *api.Cluster { Roles: loggedInUser.Roles, ActiveRequests: loggedInUser.ActiveRequests, }, - SsoHostname: cluster.SSOHostname, + SsoHost: cluster.SSOHost, } if cluster.GetProfileStatusError() != nil { diff --git a/lib/teleterm/clusters/cluster.go b/lib/teleterm/clusters/cluster.go index 162087b108cf2..ef075fa8dbaa0 100644 --- a/lib/teleterm/clusters/cluster.go +++ b/lib/teleterm/clusters/cluster.go @@ -62,8 +62,8 @@ type Cluster struct { clusterClient *client.TeleportClient // clock is a clock for time-related operations clock clockwork.Clock - // SSOHostname is the hostname of the SSO provider used to log in. - SSOHostname string + // SSOHost is the host of the SSO provider used to log in. + SSOHost string } type ClusterWithDetails struct { diff --git a/lib/teleterm/clusters/storage.go b/lib/teleterm/clusters/storage.go index 6694f32bc9f47..f00adfc73c15c 100644 --- a/lib/teleterm/clusters/storage.go +++ b/lib/teleterm/clusters/storage.go @@ -245,7 +245,7 @@ func (s *Storage) fromProfile(profileName, leafClusterName string) (*Cluster, *c } if status != nil { cluster.status = *status - cluster.SSOHostname = status.SSOHostname + cluster.SSOHost = status.SSOHost } return cluster, clusterClient, trace.Wrap(err) diff --git a/proto/teleport/lib/teleterm/v1/cluster.proto b/proto/teleport/lib/teleterm/v1/cluster.proto index c2b311aee9bf3..6c697b75ec28a 100644 --- a/proto/teleport/lib/teleterm/v1/cluster.proto +++ b/proto/teleport/lib/teleterm/v1/cluster.proto @@ -64,8 +64,8 @@ message Cluster { // profile_status_error is set if there was an error when reading the profile. // This allows the app to be usable, when one or more profiles cannot be read. string profile_status_error = 12; - // sso_hostname is the hostname of the SSO provider used to log in. - string sso_hostname = 13; + // sso_host is the host of the SSO provider used to log in. + string sso_host = 13; } // ShowResources tells if the cluster can show requestable resources on the resources page. diff --git a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts index 5beb2fdcd7f0d..454a42d8c9401 100644 --- a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts +++ b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts @@ -91,8 +91,8 @@ export function manageRootClusterProxyHostAllowList({ } // Allow the SSO hostname for SSO login/mfa redirects. - if (rootCluster.ssoHostname) { - allowList.add(rootCluster.ssoHostname); + if (rootCluster.ssoHost) { + allowList.add(rootCluster.ssoHost); } } }; diff --git a/web/packages/teleterm/src/services/tshd/testHelpers.ts b/web/packages/teleterm/src/services/tshd/testHelpers.ts index 3b2c351a0990c..ac86d0b3636cb 100644 --- a/web/packages/teleterm/src/services/tshd/testHelpers.ts +++ b/web/packages/teleterm/src/services/tshd/testHelpers.ts @@ -91,7 +91,7 @@ export const makeRootCluster = ( proxyVersion: '11.1.0', showResources: ShowResources.REQUESTABLE, profileStatusError: '', - ssoHostname: 'example.auth0.com', + ssoHost: 'example.auth0.com', ...props, }); @@ -108,7 +108,7 @@ export const makeLeafCluster = ( proxyVersion: '', profileStatusError: '', showResources: ShowResources.UNSPECIFIED, - ssoHostname: 'example.auth0.com', + ssoHost: 'example.auth0.com', ...props, }); From 21840be94950e6ad2effd49cce934d00cd87ade9 Mon Sep 17 00:00:00 2001 From: joerger Date: Mon, 4 Nov 2024 10:43:14 -0800 Subject: [PATCH 09/10] Ping with connector. --- lib/teleterm/clusters/cluster_auth.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/teleterm/clusters/cluster_auth.go b/lib/teleterm/clusters/cluster_auth.go index 2793e27b722cc..c8b8b4ebe1a40 100644 --- a/lib/teleterm/clusters/cluster_auth.go +++ b/lib/teleterm/clusters/cluster_auth.go @@ -100,12 +100,13 @@ func (c *Cluster) LocalLogin(ctx context.Context, user, password, otpToken strin // SSOLogin logs in a user to the Teleport cluster using supported SSO provider func (c *Cluster) SSOLogin(ctx context.Context, providerType, providerName string) error { + // Get the ping response for the given auth connector. + c.clusterClient.AuthConnector = providerName + if _, err := c.updateClientFromPingResponse(ctx); err != nil { return trace.Wrap(err) } - c.clusterClient.AuthConnector = providerName - if err := c.login(ctx, c.ssoLogin(providerType, providerName)); err != nil { return trace.Wrap(err) } @@ -115,12 +116,13 @@ func (c *Cluster) SSOLogin(ctx context.Context, providerType, providerName strin // PasswordlessLogin processes passwordless logins for this cluster. func (c *Cluster) PasswordlessLogin(ctx context.Context, stream api.TerminalService_LoginPasswordlessServer) error { + // Get the ping response for the given auth connector. + c.clusterClient.AuthConnector = constants.PasswordlessConnector + if _, err := c.updateClientFromPingResponse(ctx); err != nil { return trace.Wrap(err) } - c.clusterClient.AuthConnector = constants.PasswordlessConnector - if err := c.login(ctx, c.passwordlessLogin(stream)); err != nil { return trace.Wrap(err) } From 903e6e631ea3e6727d8078e1c4bd8741a0ff20d2 Mon Sep 17 00:00:00 2001 From: joerger Date: Tue, 5 Nov 2024 10:25:56 -0800 Subject: [PATCH 10/10] Resolve comments. --- lib/client/api.go | 4 ++-- lib/web/apiserver.go | 5 ++++- .../mainProcess/rootClusterProxyHostAllowList.ts | 13 +++++++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lib/client/api.go b/lib/client/api.go index ade1e97011cc3..808dd8a29393b 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -4564,10 +4564,10 @@ func (tc *TeleportClient) applyAuthSettings(authSettings webclient.Authenticatio var ssoURL *url.URL var err error switch { - case authSettings.OIDC != nil: - ssoURL, err = url.Parse(authSettings.OIDC.IssuerURL) case authSettings.SAML != nil: ssoURL, err = url.Parse(authSettings.SAML.SSO) + case authSettings.OIDC != nil: + ssoURL, err = url.Parse(authSettings.OIDC.IssuerURL) case authSettings.Github != nil: ssoURL, err = url.Parse(authSettings.Github.EndpointURL) } diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index fad9f2d9b7d22..8022ac4d9ed08 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -1321,7 +1321,10 @@ func samlSettings(connector types.SAMLConnector, cap types.AuthPreference) webcl Name: connector.GetName(), Display: connector.GetDisplay(), SingleLogoutEnabled: connector.GetSingleLogoutURL() != "", - SSO: connector.GetSSO(), + // Note that we get the connector's primary SSO field, not the MFA SSO field. + // These two values are often unique, but should have the same host prefix + // (e.g. https://dev-813354.oktapreview.com) in reasonable, functional setups. + SSO: connector.GetSSO(), }, // Local fallback / MFA. SecondFactor: types.LegacySecondFactorFromSecondFactors(cap.GetSecondFactors()), diff --git a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts index 454a42d8c9401..cba97e4e0ddcf 100644 --- a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts +++ b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts @@ -90,9 +90,18 @@ export function manageRootClusterProxyHostAllowList({ } } - // Allow the SSO hostname for SSO login/mfa redirects. + // Allow the SSO host for SSO login/mfa redirects. if (rootCluster.ssoHost) { - allowList.add(rootCluster.ssoHost); + let browserSsoHost: string; + try { + browserSsoHost = proxyHostToBrowserProxyHost(rootCluster.ssoHost); + allowList.add(browserSsoHost); + } catch (error) { + logger.error( + 'Ran into an error when converting sso host to browser sso host', + error + ); + } } } };