Merge branch 'master' into master

Readme.MD

@@ -162,7 +162,12 @@ Here is the list of parameters that can be environment variables or settings in
  - Your link is located under ```EMBED LINK``` 
  - Replace the example values in ```~/.okta/config.properties``` with your values
 
-Note: environment variables take precedence over the config file.
+You can specify configuration overrides for each profile by creating a ```~/.okta/config.{profilename}.properties``` file. The base settings
+will be loaded first and the profile-specific settings will be loaded after, allowing you to only override specific settings that need to be different.
+For example, if you want the ```prod``` profile to connect to a different Okta org, create a ```~/.okta/config.prod.properties```file and set 
+```OKTA_ORG``` to something different.
+
+Note: environment variables take precedence over any config file.
 
 ## Troubleshooting
 

bin/install.sh

@@ -130,37 +130,37 @@ EOF
 mkdir -p "${PREFIX}/bin"
 
 # Create withokta command
-cat <<'EOF' >"${PREFIX}/bin/withokta"
+cat <<EOF >"${PREFIX}/bin/withokta"
 #!/bin/bash
-command="$1"
-profile=$2
+command="\$1"
+profile=\$2
 shift;
 shift;
 if [ "$1" == "logout" ]
 then
  command="logout"
 fi
-env OKTA_PROFILE=$profile java \
- -Djava.util.logging.config.file=~/.okta/logging.properties \
- -classpath ~/.okta/okta-aws-cli.jar \
- com.okta.tools.WithOkta $command "$@"
+env OKTA_PROFILE=\$profile java \
+ -Djava.util.logging.config.file=${PREFIX}/logging.properties \
+ -classpath ${PREFIX}/okta-aws-cli.jar \
+ com.okta.tools.WithOkta \$command "\$@"
 EOF
 chmod +x "${PREFIX}/bin/withokta"
 
 # Create okta-credential_process command
-cat <<'EOF' >"${PREFIX}/bin/okta-credential_process"
+cat <<EOF >"${PREFIX}/bin/okta-credential_process"
 #!/bin/bash
-roleARN="$1"
+roleARN="\$1"
 shift;
-env OKTA_AWS_ROLE_TO_ASSUME="$roleARN" \
- java -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.CredentialProcess
+env OKTA_AWS_ROLE_TO_ASSUME="\$roleARN" \
+ java -classpath ${PREFIX}/okta-aws-cli.jar com.okta.tools.CredentialProcess
 EOF
 chmod +x "${PREFIX}/bin/okta-credential_process"
 
 # Create okta-listroles command
 cat <<EOF >"${PREFIX}/bin/okta-listroles"
 #!/bin/bash
-java -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.ListRoles
+java -classpath ${PREFIX}/okta-aws-cli.jar com.okta.tools.ListRoles
 EOF
 chmod +x "${PREFIX}/bin/okta-listroles"
 
@@ -182,7 +182,7 @@ else
 #OktaAWSCLI
 OKTA_ORG=acmecorp.okta.com.changeme.local
 OKTA_AWS_APP_URL=https://acmecorp.oktapreview.com.changeme.local/home/amazon_aws/0oa5zrwfs815KJmVF0h7/137
-OKTA_USERNAME=$env:USERNAME
+OKTA_USERNAME=\$env:USERNAME
 OKTA_BROWSER_AUTH=true
 EOF
 fi

pom.xml

@@ -20,7 +20,7 @@
 
  <groupId>com.okta.developer</groupId>
  <artifactId>okta-aws-cli</artifactId>
- <version>2.0.4-SNAPSHOT</version>
+ <version>2.0.5-SNAPSHOT</version>
  <packaging>jar</packaging>
 
  <repositories>

src/main/java/com/okta/tools/OktaAwsConfig.java

@@ -15,12 +15,14 @@
  */
 package com.okta.tools;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.SystemUtils;
 
 import java.io.*;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
 import java.util.Optional;
 import java.util.Properties;
 import java.util.logging.Logger;
@@ -31,20 +33,23 @@ final class OktaAwsConfig {
  private static final Logger logger = Logger.getLogger(OktaAwsConfig.class.getName());
 
  private static final String CONFIG_FILENAME = "config.properties";
+ private static final String CONFIG_PROFILE_FILENAME_FORMAT = "config.%s.properties";
 
  static OktaAwsCliEnvironment loadEnvironment() {
- return loadEnvironment(null);
+ return loadEnvironment(System.getenv("OKTA_PROFILE"));
  }
 
  static OktaAwsCliEnvironment loadEnvironment(String profile) {
  Properties properties = new Properties();
- Optional<Path> path = getConfigFile();
- if (path.isPresent()) {
- try (InputStream config = new FileInputStream(path.get().toFile())) {
- logger.finer(() -> "Reading config settings from file: " + path.get().toAbsolutePath().toString());
- properties.load(new InputStreamReader(config));
- } catch (IOException e) {
- throw new IllegalStateException(e);
+ Optional<ArrayList<Path>> paths = getConfigFile(profile);
+ if (paths.isPresent()) {
+ for (Path path : paths.get()) {
+ try (InputStream config = new FileInputStream(path.toFile())) {
+ logger.finer(() -> "Reading config settings from file: " + path.toAbsolutePath().toString());
+ properties.load(new InputStreamReader(config));
+ } catch (IOException e) {
+ throw new IllegalStateException(e);
+ }
  }
  } else {
  try (InputStream config = properties.getClass().getResourceAsStream("/config.properties")) {
@@ -108,17 +113,31 @@ private static String getOutput(Process process) throws IOException {
  }
  }
 
- private static Optional<Path> getConfigFile() {
- Path configInWorkingDir = Paths.get(CONFIG_FILENAME);
- if (configInWorkingDir.toFile().isFile()) {
- return Optional.of(configInWorkingDir);
+ private static Optional<ArrayList<Path>> getConfigFile(String profile) {
+ ArrayList<String> configFiles = new ArrayList<>();
+ configFiles.add(CONFIG_FILENAME);
+ if (StringUtils.isNotBlank(profile)) {
+ configFiles.add(String.format(CONFIG_PROFILE_FILENAME_FORMAT, profile));
+ }
+
+ ArrayList<Path> paths = new ArrayList<>();
+ for (String configFile : configFiles) {
+ Path configInWorkingDir = Paths.get(configFile);
+ if (configInWorkingDir.toFile().isFile()) {
+ paths.add(configInWorkingDir);
+ }
+ Path userHome = Paths.get(System.getProperty("user.home"));
+ Path oktaDir = userHome.resolve(".okta");
+ Path configInOktaDir = oktaDir.resolve(configFile);
+ if (configInOktaDir.toFile().isFile()) {
+ paths.add(configInOktaDir);
+ }
  }
- Path userHome = Paths.get(System.getProperty("user.home"));
- Path oktaDir = userHome.resolve(".okta");
- Path configInOktaDir = oktaDir.resolve(CONFIG_FILENAME);
- if (configInOktaDir.toFile().isFile()) {
- return Optional.of(configInOktaDir);
+
+ if (!paths.isEmpty()) {
+ return Optional.of(paths);
  }
+
  return Optional.empty();
  }
 

src/main/java/com/okta/tools/authentication/BrowserAuthentication.java

@@ -80,8 +80,8 @@ public void start(final Stage stage) throws IOException {
  initializeCookies(uri);
 
  SubresourceIntegrityStrippingHack.overrideHttpsProtocolHandler(environment);
- webEngine.getLoadWorker().stateProperty()
- .addListener((ov, oldState, newState) -> {
+ webEngine.locationProperty()
+ .addListener((ov, oldLocation, newLocation) -> {
  if (webEngine.getDocument() != null) {
  checkForAwsSamlSignon(stage, webEngine);
  stage.setTitle(webEngine.getLocation());

src/main/java/com/okta/tools/authentication/OktaMFA.java

@@ -289,23 +289,40 @@ private static String verifyAnswer(String answer, JSONObject factor, String stat
  }
 
  private static String handlePushPolling(JSONObject profile, JSONObject jsonObjResponse) throws IOException, InterruptedException {
- JSONObject links = jsonObjResponse.getJSONObject(LINKS);
- JSONObject pollLink = links.getJSONObject("poll");
- String pollUrl = pollLink.getString("href");
+ String pollUrl = getPollURL(jsonObjResponse);
 
  JSONObject pollResult = postAndGetJsonResponse(profile, pollUrl);
  String result = pollResult.getString(FACTOR_RESULT);
  while ("WAITING".equals(result)) {
  System.err.println("Waiting for you to approve the Okta push notification on your device...");
  Thread.sleep(500);
  pollResult = postAndGetJsonResponse(profile, pollUrl);
+ String status = pollResult.getString(STATUS);
+ if ("SUCCESS".equals(status)) {
+ return pollResult.getString(SESSION_TOKEN);
+ }
  result = pollResult.getString(FACTOR_RESULT);
  }
- if ("SUCCESS".equals(result)) {
- return pollResult.getString(SESSION_TOKEN);
- } else {
- return result;
+ return result;
+ }
+
+ private static String getPollURL(JSONObject jsonObjResponse) throws RuntimeException {
+ JSONObject linksObj = jsonObjResponse.getJSONObject(LINKS);
+ JSONArray linkNames = linksObj.names();
+ JSONArray links = linksObj.toJSONArray(linkNames);
+ JSONObject pollLink = null;
+ for (int i = 0; i < links.length(); i++) {
+ JSONObject link = links.getJSONObject(i);
+ String linkName = link.getString("name");
+ if (linkName.equals("poll")) {
+ pollLink = link;
+ break;
+ }
+ }
+ if (pollLink == null) {
+ throw new IllegalStateException("Could not determine URL for MFA polling");
  }
+ return pollLink.getString("href");
  }
 
  private static JSONObject postAndGetJsonResponse(JSONObject profile, String url) throws IOException {