Skip to content

Instantly share code, notes, and snippets.

@qrkourier

qrkourier/ziti-mfa.bash

Last active February 28, 2024 18:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save qrkourier/debabe9865b7e79848513d22c86f5775 to your computer and use it in GitHub Desktop.
Save qrkourier/debabe9865b7e79848513d22c86f5775 to your computer and use it in GitHub Desktop.
Download ZIP
send Ziti Edge Tunnel MFA when Yubikey is present
Raw
ziti-mfa.bash
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
if systemctl is-enabled --quiet ziti-edge-tunnel.service && ykman piv info &>/dev/null
then
RESPONSE=$(ykman oath accounts code "$ZITI_IDENTITY" \
| awk '{print $2;}' \
| xargs -r ziti-edge-tunnel submit_mfa --identity "/opt/openziti/etc/identities/${ZITI_IDENTITY}.json" --authcode
)
RESPONSE="$(sed -nE 's/.*\{(.*)\}.*/{\1}/p' <<< "$RESPONSE")"
RESULT="$(jq -r .Success <<< "$RESPONSE")"
if [[ $RESULT == true ]]
then
echo "INFO: $ZITI_IDENTITY MFA accepted"
else
zenity --display=":1" --notification --text="$ZITI_IDENTITY MFA failed"
fi
else
echo "INFO: yubikey not detected"
fi
Raw
ziti-mfa.service
# ~/.config/systemd/user/ziti-mfa.service
[Unit]
Description=Send Ziti MFA Token
[Service]
Environment="ZITI_IDENTITY=mattermost"
ExecStart=/opt/openziti/bin/ziti-mfa.bash
Raw
ziti-mfa.timer
# ~/.config/systemd/user/ziti-mfa.timer
[Unit]
Description=Send Ziti MFA Token
[Timer]
OnCalendar=*:0/5
[Install]
WantedBy=timers.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment