Add local part of an email and email as a principals.

For user certificates, if an email is passed as a principal, include in the principals list the email, and the local-part. This imitates the behavior for OIDC provisioners on other provisioners like JWK. On `step ssh certificate` we will only include them if no principals are passed using the `--principal` flag. Fixes #389
2025-08-07 16:02:54 +03:00 · 2020-10-13 14:49:19 -07:00
parent 0e2548c48c
commit d2bce30295
5 changed files with 21 additions and 3 deletions
--- a/command/ssh/proxycommand.go
+++ b/command/ssh/proxycommand.go
@@ -129,6 +129,7 @@ func doLoginIfNeeded(ctx *cli.Context, subject string) error {
 		return err
 	}

+	// There's not need to sanitize the principal, it should come from ssh.
 	principals := []string{subject}

 	// Make sure the validAfter is in the past. It avoids `Certificate