README
¶
go-saml
High-level API library for Single Sign On with SAML 2.0 based on etree and signedxml, a pure Go implementation. The library provides the Identity Provider Implementation with support of both IDPInitiated and SPInitiated flow.
Features
- Generating identity provider metadata
- Validating Redirect/Post Binding signed/unsigned AuthnRequests
- Generating Post signed Responses
- Validating Redirect/Post Binding signed/unsigned LogoutRequest
- Generating Post signed LogoutResponses
- SessionIndex
Installation
Install go-saml into your $GOPATH using go get:
go get github.com/mayanklrtest/go-saml
Usage
Below are samples to show how you might use the library.
Create Idp Provider Instance
idp := saml.IdentityProvider{
IsIdpInitiated: false,
Issuer: "https://identity-provider.com/",
Audiences: "https://service-provider.com/",
IDPCert: "<IDPCert PEM Format>",
IDPKey: "<IDPKey PEM Format>",
SPCert: "<SPCert PEM Format>",
NameIdentifier: "john@idp.com",
NameIdentifierFormat: saml.AttributeFormatUnspecified,
ACSLocation: "https://service-provider-acs.com", //Service Provider Login Url
ACSBinging: saml.HTTPPostBinding,
SessionIndex: "1ac5bc03-06a1-413d-8542-e7a7e7d9e9f2",
LogoutUrl: "https://service-provider-acs.com/logout" //Service Provider Logout Url
}
//Add Attributes
idp.AddAttribute("Fname", "john", saml.AttributeFormatUnspecified)
Validate and Parse AuthnRequest
//This validate the AuthnRequest and set parsed value in the idp instance,
//that used in Generating the SAML Response with InResponseTo property.
//Get Querystring and Payload values from request with url.Value{} type
validationError := idp.ValidateAuthnRequest(method"POST",query url.Values,payload url.Values);
if validationError !=nil {
return validationError
}
Generate Login Response
signedXML, signedXMLErr := idp.NewSignedLoginResponse()
if signedXMLErr != nil {
return signedXMLErr
}
//Generate html content for Post
html, err := idp.ResponseHtml(signedXML, "Response")
if err !=nil {
return err
}
Validate and Parse Logout Request
//This validate the AuthnRequest and set parsed value in the idp instance,
//that used in Generating the SAML Logout Response with InResponseTo property
//Get Querystring and Payload values from request with url.Value{} type
validationError := idp.ValidateLogoutRequest(method"POST",query url.Values,payload url.Values);
if validationError !=nil {
return validationError
}
Generate Logout Response
signedXML, signedXMLErr := idp.NewSignedLoginResponse()
if signedXMLErr != nil {
return signedXMLErr
}
//Generate html content for Post
html, err := idp.ResponseHtml(signedXML, "LogoutResponse")
if err !=nil {
return err
}
Metadata Identity Provider
idp := saml.IdentityProvider{
Issuer: "https://identity-provider.com/",
Audiences: "https://service-provider.com/",
IDPCert: "<IDPCert PEM Format>",
NameIdentifierFormat: saml.AttributeFormatUnspecified,
}
idp.AddSingleSignOnService(saml.MetadataBinding{
Binding: saml.HTTPPostBinding,
Location: "https://identity-provider.com/saml/post",
})
idp.AddSingleSignOnService(saml.MetadataBinding{
Binding: saml.HTTPRedirectBinding,
Location: "https://identity-provider.com/saml/redirect",
})
idp.AddSingleSignOutService(saml.MetadataBinding{
Binding: saml.HTTPPostBinding,
Location: "https://identity-provider.com/saml/post/logout",
})
// Generate xml for IDP Metadata
xml, xmlerr := idp.MetaDataResponse()
Example
Please see examples for how to use the library to be an identity provider.
Contributing
Would love any contributions you, having including better documentation, tests, or more robust functionality. Please follow the contributing guide
License
Documentation
¶
Index ¶
- Constants
- type IdentityProvider
- func (idp *IdentityProvider) AddAttribute(name string, value string, format string)
- func (idp *IdentityProvider) AddSingleSignOnService(service MetadataBinding)
- func (idp *IdentityProvider) AddSingleSignOutService(service MetadataBinding)
- func (idp *IdentityProvider) AuthnRequestTTL(duration time.Duration)
- func (idp *IdentityProvider) MetaDataResponse() (string, error)
- func (idp *IdentityProvider) NewSignedLoginResponse() (string, error)
- func (idp *IdentityProvider) NewSignedLogoutResponse() (string, error)
- func (idp *IdentityProvider) ResponseHtml(signedXML string, requestType string) (string, error)
- func (idp *IdentityProvider) ValidateAuthnRequest(method string, query url.Values, payload url.Values) *Reject
- func (idp *IdentityProvider) ValidateLogoutRequest(method string, query url.Values, payload url.Values) *Reject
- type MetadataBinding
- type Reject
- type SamlRequestParam
Constants ¶
View Source
const ( NameIdFormatPersistent = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameIdFormatTransient = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameIdFormatEmailAddress = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameIdFormatUnspecified = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameIdFormatX509SubjectName = "urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName" HTTPPostBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" HTTPRedirectBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" AttributeFormatUnspecified = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" AttributeFormatBasic = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" AttributeFormatUri = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IdentityProvider ¶
type IdentityProvider struct {
IsIdpInitiated bool
Issuer string
Audiences []string
IDPCert string
IDPKey string
SPCert string
Attributes []map[string]string
SignatureAlgorithm string
SignaturePrefix string
DigestAlgorithm string
LifetimeInSeconds int64
NameIdentifier string
NameIdentifierFormat string
ACSLocation string
ACSBinging string
LogoutUrl string
RelayState string
SessionIndex string
SingleSignOnService []MetadataBinding
SingleSignOutService []MetadataBinding
// contains filtered or unexported fields
}
func (*IdentityProvider) AddAttribute ¶
func (idp *IdentityProvider) AddAttribute(name string, value string, format string)
func (*IdentityProvider) AddSingleSignOnService ¶
func (idp *IdentityProvider) AddSingleSignOnService(service MetadataBinding)
func (*IdentityProvider) AddSingleSignOutService ¶
func (idp *IdentityProvider) AddSingleSignOutService(service MetadataBinding)
func (*IdentityProvider) AuthnRequestTTL ¶
func (idp *IdentityProvider) AuthnRequestTTL(duration time.Duration)
func (*IdentityProvider) MetaDataResponse ¶
func (idp *IdentityProvider) MetaDataResponse() (string, error)
func (*IdentityProvider) NewSignedLoginResponse ¶
func (idp *IdentityProvider) NewSignedLoginResponse() (string, error)
func (*IdentityProvider) NewSignedLogoutResponse ¶
func (idp *IdentityProvider) NewSignedLogoutResponse() (string, error)
func (*IdentityProvider) ResponseHtml ¶
func (idp *IdentityProvider) ResponseHtml(signedXML string, requestType string) (string, error)
func (*IdentityProvider) ValidateAuthnRequest ¶
func (*IdentityProvider) ValidateLogoutRequest ¶
type MetadataBinding ¶
type SamlRequestParam ¶
type SamlRequestParam struct {
Method string
RequestBuffer []byte
SAMLRequest string
RelayState string
SigAlg string
Signature string
AuthnRequest *internal.AuthnRequest
LogoutRequest *internal.LogoutRequest
}
func (*SamlRequestParam) CheckSignature ¶
func (s *SamlRequestParam) CheckSignature(idp *IdentityProvider) error
func (*SamlRequestParam) GetOctetString ¶
func (s *SamlRequestParam) GetOctetString() string
func (*SamlRequestParam) ParseAuthnRequest ¶
func (s *SamlRequestParam) ParseAuthnRequest() error
func (*SamlRequestParam) ParseLogoutRequest ¶
func (s *SamlRequestParam) ParseLogoutRequest() error
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.