Documentation ¶
Index ¶
- Variables
- func BuildRequestURL(s Settings, u *url.URL, state string, b64XML string) (string, error)
- func GetAuthnRequestURL(s Settings, state string) (string, error)
- func GetLogoutRequestURL(s Settings, state string, nameID string, sessionIndex string) (string, error)
- func GetRequestSignature(data string, key string) (string, error)
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type AuthnContextClassRef
- type AuthnRequest
- func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) CompressedEncodedString() (string, error)
- func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) EncodedString() (string, error)
- func (r *AuthnRequest) SignedString(s *Settings) (string, error)
- func (r *AuthnRequest) String() (string, error)
- func (r *AuthnRequest) Validate(publicCertPath string) error
- type AuthnStatement
- type CompressionSettings
- type Conditions
- type Document
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type IdentityProviderSettings
- type Issuer
- type KeyDescriptor
- type LogoutRequest
- type NameID
- type NameIDPolicy
- type RequestedAuthnContext
- type Response
- func (r *Response) AddAttribute(name, value string)
- func (r *Response) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) GetAttribute(name string) string
- func (r *Response) GetAttributeValues(name string) []string
- func (r *Response) SignedString(s *Settings) (string, error)
- func (r *Response) String() (string, error)
- func (r *Response) Validate(s *Settings) error
- type RootXML
- type SPSSODescriptor
- type ServiceProviderSettings
- type SessionIndex
- type Settings
- type SingleLogoutService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
Constants ¶
This section is empty.
Variables ¶
var ( //ErrPEMFormat error with pem format ErrPEMFormat = errors.New("Certificate not valid pem format") //ErrInvalidSettings settings configuration does not allow for action ErrInvalidSettings = errors.New("SAML settings configuration does not permit this action") //ErrMissingID missing id attribute ErrMissingID = errors.New("Missing ID attribute on SAML Response") //ErrUnsupportedVersion saml version not supported ErrUnsupportedVersion = errors.New("Unsupported SAML Version") //ErrCannotDecode saml document ErrCannotDecode = errors.New("Unable to decode and/or decompress message") )
Functions ¶
func BuildRequestURL ¶
BuildRequestURL build request url with signature
func GetAuthnRequestURL ¶
GetAuthnRequestURL as SP, generate authentication request url to perform sso
Types ¶
type Assertion ¶
type Assertion struct { XMLName xml.Name ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` XS string `xml:"xmlns:xs,attr"` XSI string `xml:"xmlns:xsi,attr"` SAML string `xml:"saml,attr"` IssueInstant string `xml:"IssueInstant,attr"` Issuer Issuer `xml:"Issuer"` Signature packager.Signature Subject Subject Conditions Conditions AttributeStatement AttributeStatement AuthnStatement AuthnStatement `xml:"AuthnStatement,omitempty"` }
Assertion saml response assertion information
type AssertionConsumerService ¶
type AssertionConsumerService struct { XMLName xml.Name Binding string `xml:"Binding,attr"` Location string `xml:"Location,attr"` Index string `xml:"index,attr"` }
AssertionConsumerService sso assertion metadata
type Attribute ¶
type Attribute struct { XMLName xml.Name Name string `xml:",attr"` FriendlyName string `xml:",attr"` NameFormat string `xml:",attr"` AttributeValues []AttributeValue `xml:"AttributeValue"` }
Attribute of subject
type AttributeStatement ¶
AttributeStatement TODO needs description
type AttributeValue ¶
type AttributeValue struct { XMLName xml.Name Type string `xml:"xsi:type,attr"` Value string `xml:",innerxml"` }
AttributeValue of subject attribute
type AuthnContextClassRef ¶
type AuthnContextClassRef struct { XMLName xml.Name SAML string `xml:"xmlns:saml,attr,omitempty"` Transport string `xml:",innerxml"` }
AuthnContextClassRef authentication context to use for saml interaction
type AuthnRequest ¶
type AuthnRequest struct { *RootXML XMLName xml.Name ProtocolBinding string `xml:"ProtocolBinding,attr"` AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"` AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr"` AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr"` NameIDPolicy NameIDPolicy `xml:"NameIDPolicy"` IsPassive bool `xml:"IsPassive,attr"` RequestedAuthnContext *RequestedAuthnContext `xml:"RequestedAuthnContext,omitempty"` }
AuthnRequest saml authentication request
func ApplyAuthnRequest ¶
func ApplyAuthnRequest(s Settings, r *AuthnRequest) *AuthnRequest
ApplyAuthnRequest returns an authentication request object based on SAML Settings passed in
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
NewAuthnRequest get a new authentication request object
func ParseAuthnRequest ¶
func ParseAuthnRequest(s Settings, b64RequestXML string) (*AuthnRequest, error)
ParseAuthnRequest as IDP, parse incoming authentication request
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
CompressedEncodedSignedString get compressed, base64 encoded and xml signed string representation of authentication request
func (*AuthnRequest) CompressedEncodedString ¶
func (r *AuthnRequest) CompressedEncodedString() (string, error)
CompressedEncodedString get compressed and base64 encoded string representation of authentication request object
func (*AuthnRequest) EncodedSignedString ¶
func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
EncodedSignedString get base64 encoded and xml signed string representation of authentication request
func (*AuthnRequest) EncodedString ¶
func (r *AuthnRequest) EncodedString() (string, error)
EncodedString get base64 encoded string representation of authentication request object
func (*AuthnRequest) SignedString ¶
func (r *AuthnRequest) SignedString(s *Settings) (string, error)
SignedString get xml signed string representation of authentication request
func (*AuthnRequest) String ¶
func (r *AuthnRequest) String() (string, error)
String get string representation of authentication request
func (*AuthnRequest) Validate ¶
func (r *AuthnRequest) Validate(publicCertPath string) error
Validate authentication request
type AuthnStatement ¶
type AuthnStatement struct { XMLName xml.Name AuthnInstant string `xml:",attr"` SessionIndex string `xml:",attr,omitempty"` SessionNotOnOrAfter string `xml:",attr,omitempty"` AuthnContext RequestedAuthnContext `xml:"AuthnContext"` }
AuthnStatement statement for session information
type CompressionSettings ¶
CompressionSettings to determine if requests and responses should be compressed
type Conditions ¶
type Conditions struct { XMLName xml.Name NotBefore string `xml:",attr"` NotOnOrAfter string `xml:",attr"` }
Conditions of assertion
type EntityAttributes ¶
type EntityAttributes struct { XMLName xml.Name SAML string `xml:"xmlns:saml,attr"` EntityAttributes []Attribute `xml:"Attribute"` // should be array?? }
EntityAttributes TODO needs description
type EntityDescriptor ¶
type EntityDescriptor struct { XMLName xml.Name DS string `xml:"xmlns:ds,attr"` XMLNS string `xml:"xmlns,attr"` MD string `xml:"xmlns:md,attr"` EntityID string `xml:"entityID,attr"` Extensions Extensions `xml:"Extensions"` SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"` }
EntityDescriptor saml metadata descriptor
type Extensions ¶
type Extensions struct { XMLName xml.Name Alg string `xml:"xmlns:alg,attr"` MDAttr string `xml:"xmlns:mdattr,attr"` MDRPI string `xml:"xmlns:mdrpi,attr"` EntityAttributes string `xml:"EntityAttributes"` }
Extensions TODO needs description
type IdentityProviderSettings ¶
type IdentityProviderSettings struct { SingleLogoutURL string SingleSignOnURL string SingleSignOnDescriptorURL string PublicCertPath string PublicCertString string NameIDFormat string // contains filtered or unexported fields }
IdentityProviderSettings to configure idp specific settings
type Issuer ¶
type Issuer struct { XMLName xml.Name SAML string `xml:"xmlns:saml,attr,omitempty"` URL string `xml:",innerxml"` }
Issuer request issuer
type KeyDescriptor ¶
type KeyDescriptor struct { XMLName xml.Name Use string `xml:"use,attr"` KeyInfo packager.KeyInfo `xml:"KeyInfo"` }
KeyDescriptor TODO needs description
type LogoutRequest ¶
type LogoutRequest struct { *RootXML XMLName xml.Name NameID NameID `xml:"NameID"` SessionIndex SessionIndex `xml:",omitempty"` }
LogoutRequest saml logout request
func ApplyLogoutRequest ¶
func ApplyLogoutRequest(settings *Settings, r *LogoutRequest, nameID string, sessionIndex string) *LogoutRequest
ApplyLogoutRequest entity as specified by provided parameters
func NewLogoutRequest ¶
func NewLogoutRequest() *LogoutRequest
NewLogoutRequest create new logout request entity
func ParseLogoutRequest ¶
func ParseLogoutRequest(s Settings, b64RequestXML string) (*LogoutRequest, error)
ParseLogoutRequest as IDP, parse incoming logout request
func (*LogoutRequest) SignedString ¶
func (r *LogoutRequest) SignedString(s *Settings) (string, error)
SignedString get xml signed string representation of logout request
func (*LogoutRequest) String ¶
func (r *LogoutRequest) String() (string, error)
String get string representation of logout request
type NameIDPolicy ¶
type NameIDPolicy struct { XMLName xml.Name AllowCreate bool `xml:"AllowCreate,attr"` Format string `xml:"Format,attr"` }
NameIDPolicy policy for saml nameid
type RequestedAuthnContext ¶
type RequestedAuthnContext struct { XMLName xml.Name SAMLP string `xml:"xmlns:samlp,attr,omitempty"` Comparison string `xml:"Comparison,attr"` AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"` }
RequestedAuthnContext requested authentication context
type Response ¶
type Response struct { *RootXML XMLName xml.Name InResponseTo string `xml:"InResponseTo,attr"` Assertion Assertion `xml:"Assertion"` Status Status `xml:"Status"` }
Response saml responses
func NewAuthnResponse ¶
func NewAuthnResponse() *Response
NewAuthnResponse get new signed response object
func NewLogoutResponse ¶
func NewLogoutResponse() *Response
NewLogoutResponse create new logout response entity
func ParseAuthnResponse ¶
ParseAuthnResponse as SP, parse incoming authentication response
func ParseLogoutResponse ¶
ParseLogoutResponse as SP, parse incoming logout response
func (*Response) AddAttribute ¶
AddAttribute add strong attribute to the Response
func (*Response) CompressedEncodedSignedString ¶
CompressedEncodedSignedString get compressed, base64 encoded and xml signed string representation of authentication response object
func (*Response) EncodedSignedString ¶
EncodedSignedString get base64 encoded and xml signed string representation of authentication response object
func (*Response) GetAttribute ¶
GetAttribute by Name or by FriendlyName. Return blank string if not found
func (*Response) GetAttributeValues ¶
GetAttributeValues from attribute name or FriendlyName. Return string slice of values.
func (*Response) SignedString ¶
SignedString get xml signed string representation of response object
type RootXML ¶
type RootXML struct { SAMLP string `xml:"xmlns:samlp,attr"` SAML string `xml:"xmlns:saml,attr"` SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` Destination string `xml:"Destination,attr"` IssueInstant string `xml:"IssueInstant,attr"` Issuer Issuer `xml:"Issuer"` Signature *packager.Signature `xml:"Signature,omitempty"` // contains filtered or unexported fields }
RootXML saml root xml data Although all root xml elements have XMLName, it is not marshalled properly without explicit addition to the type
type SPSSODescriptor ¶
type SPSSODescriptor struct { XMLName xml.Name AuthnRequestsSigned bool `xml:",attr"` WantAssertionsSigned bool `xml:"wantAssertionsSigned,attr"` ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"` SigningKeyDescriptor KeyDescriptor EncryptionKeyDescriptor KeyDescriptor SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"` AssertionConsumerServices []AssertionConsumerService }
SPSSODescriptor TODO needs description
type ServiceProviderSettings ¶
type ServiceProviderSettings struct { EntityID string PublicCertPath string PublicCertString string PrivateKeyPath string PrivateKeyString string AssertionConsumerServiceURL string SingleLogoutServiceURL string SignRequest bool IsPassive bool // contains filtered or unexported fields }
ServiceProviderSettings provides settings to configure server acting as a SAML Service Provider. Expect only one IDP per SP in this configuration.
type SessionIndex ¶
SessionIndex request session information
type Settings ¶
type Settings struct { SP ServiceProviderSettings IDP IdentityProviderSettings Compress CompressionSettings // contains filtered or unexported fields }
Settings to configure saml properties for one idp and/or one sp. If you need to configure multipe IDPs for an SP then configure multiple instances of this object
func (*Settings) GetEntityDescriptor ¶
GetEntityDescriptor get saml entity metadata XML as specified by http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1x-metadata-cs-01.html
func (*Settings) IDPPublicCert ¶
IDPPublicCert get loaded idp public certificate in pem format
func (*Settings) Init ¶
Init settings and load configuration files as needed This will panic on error as SP/IDP fails to load
func (*Settings) SPPrivateKey ¶
SPPrivateKey get loaded sp private key in pem format
func (*Settings) SPPublicCert ¶
SPPublicCert get loaded sp public certificate data
type SingleLogoutService ¶
type SingleLogoutService struct { XMLName xml.Name Binding string `xml:"Binding,attr"` Location string `xml:"Location,attr"` }
SingleLogoutService logout service metadata
type Status ¶
type Status struct { XMLName xml.Name StatusCode StatusCode `xml:"StatusCode"` }
Status of response
type StatusCode ¶
StatusCode TODO needs description
type Subject ¶
type Subject struct { XMLName xml.Name NameID NameID SubjectConfirmation SubjectConfirmation }
Subject of assertion
type SubjectConfirmation ¶
type SubjectConfirmation struct { XMLName xml.Name Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
SubjectConfirmation TODO needs description
type SubjectConfirmationData ¶
type SubjectConfirmationData struct { InResponseTo string `xml:",attr"` NotOnOrAfter string `xml:",attr"` Recipient string `xml:",attr"` }
SubjectConfirmationData TODO needs description