samlutils

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HttpParamSAMLRequest  = `SAMLRequest`
	HttpParamSAMLResponse = `SAMLResponse`
	HttpParamSigAlg       = `SigAlg`
	HttpParamSignature    = `Signature`
	HttpParamRelayState   = `RelayState`
	HttpParamSAMLEncoding = `SAMLEncoding`
)
View Source 
const SAMLEncodingDeflate = `urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE`

Variables

View Source 
var ErrorXMLNotSigned = errors.New("XML document is not signed")

Functions

func FetchMetadata 

func FetchMetadata(ctx context.Context, httpClient *http.Client, metadataURL *url.URL) (*saml.EntityDescriptor, []byte, error)

func FindChild 

func FindChild(parentEl *etree.Element, childNS string, childTag string) (*etree.Element, error)

FindChild search direct child XML element matching given NS and Tag in the given parent element

func ParseMetadataFromFile 

func ParseMetadataFromFile(fileLocation string) (*saml.EntityDescriptor, []byte, error)

func ParseMetadataFromXml 

func ParseMetadataFromXml(xml string) (*saml.EntityDescriptor, []byte, error)

func ResolveMetadata 

func ResolveMetadata(ctx context.Context, metadataSource string, opts ...MetadataResolverOptions) (*saml.EntityDescriptor, []byte, error)

ResolveMetadata try to resolve metadata from given metadata source Following modes are supported - if the source start with "<", it's treated as inline XML text - if the source is a valid HTTP/HTTPS URL, metadata is fetched over network using http.Client - if the source is a valid FILE URL (file://), metadata is loaded from file system - for any other source value, it's treated as file path

func VerifySignature 

func VerifySignature(opts ...SignatureVerifyOptions) error

VerifySignature verify signature of SAML Request/Response/Metadata This function would choose signing protocol based on bindings and provided information. - saml.HTTPRedirectBinding uses Deflated Encoding. SignatureContext.Request and SignatureContext.Certs is required in this mode - saml.HTTPPostBinding uses enveloped XMLDSign. SignatureContext.XMLData is required in this mode - Enveloped XMLDSign is used when Binding is any other value. SignatureContext.XMLData is required in this mode

func WritePostBindingHTML 

func WritePostBindingHTML(formHtml []byte, rw http.ResponseWriter) error

WritePostBindingHTML takes HTML of a request/response submitting form and wrap it in HTML document with proper script security tags and send it to given ResponseWriter

Types

type FixedAuthnRequest 

type FixedAuthnRequest struct {
	saml.AuthnRequest
}

func NewFixedAuthenticationRequest 

func NewFixedAuthenticationRequest(sp *saml.ServiceProvider, idpURL string, binding string, resultBinding string) (*FixedAuthnRequest, error)

func (*FixedAuthnRequest) Redirect 

func (req *FixedAuthnRequest) Redirect(relayState string, sp *saml.ServiceProvider) (*url.URL, error)

Redirect crewjam/saml 0.4.8 hotfix.

type FixedLogoutRequest 

type FixedLogoutRequest struct {
	saml.LogoutRequest
}

func NewFixedLogoutRequest 

func NewFixedLogoutRequest(sp *saml.ServiceProvider, idpURL, nameID string) (*FixedLogoutRequest, error)

func (*FixedLogoutRequest) Redirect 

func (req *FixedLogoutRequest) Redirect(relayState string, sp *saml.ServiceProvider) (*url.URL, error)

Redirect crewjam/saml 0.4.8 hotfix.

type MetadataResolverOption 

type MetadataResolverOption struct {
	HttpClient *http.Client
}

type MetadataResolverOptions 

type MetadataResolverOptions func(opt *MetadataResolverOption)

func WithHttpClient 

func WithHttpClient(client *http.Client) MetadataResolverOptions

type ParsableSamlTypes 

type ParsableSamlTypes interface {
	saml.LogoutRequest | saml.LogoutResponse | saml.AuthnRequest | saml.Response
}

type SAMLObjectParseResult 

type SAMLObjectParseResult struct {
	Binding string
	Encoded string
	Decoded []byte
	Err     error
}

func ParseSAMLObject 

func ParseSAMLObject[T ParsableSamlTypes](gc *gin.Context, dest *T) (ret SAMLObjectParseResult)

type SignatureContext 

type SignatureContext struct {
	Binding string
	Certs   []*x509.Certificate
	Request *http.Request
	XMLData []byte
}

type SignatureVerifyOptions 

type SignatureVerifyOptions func(sc *SignatureContext)

func MetadataSignature 

func MetadataSignature(data []byte, certs ...*x509.Certificate) SignatureVerifyOptions

MetadataSignature returns SignatureVerifyOptions for metadata validation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.