Joel Thompson ee55e36af6 Check if there's a bound iam arn when renewing (#2819) ...

Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781

2017-06-06 22:35:12 -04:00

..

app-id.html.md

Use relative links

2017-03-16 12:04:36 -07:00

approle.html.md

Use relative links

2017-03-16 12:04:36 -07:00

aws.html.md

Check if there's a bound iam arn when renewing (#2819)

2017-06-06 22:35:12 -04:00

cert.html.md

Add constraints on the Common Name for certificate-based authentication (#2595)

2017-04-30 11:37:10 -04:00

github.html.md

Added document to github auth backend covering user-specific policies. (#2084)

2016-11-11 08:59:26 -05:00

index.html.md

Preferred method is AppRole since AppId is now deprecated

2016-07-28 14:32:20 -04:00

ldap.html.md

Use service bind for searching LDAP groups (#2534)

2017-04-18 15:52:05 -04:00

mfa.html.md

Fixing a few typos in the docs (#2344)

2017-02-07 11:55:29 -05:00

okta.html.md

Okta implementation (#1966)

2017-01-26 19:08:52 -05:00

radius.html.md

RADIUS Authentication Backend (#2268)

2017-02-07 16:04:27 -05:00

token.html.md

Links

2017-03-17 14:27:32 -04:00

userpass.html.md

Added docs for reading and deleting username

2016-09-30 16:13:57 -04:00