README
¶
go-saml
A just good enough SAML client library written in Go. This library is by no means complete and has been developed to solve several specific integration efforts. However, it's a start, and it would be great to see it evolve into a more fleshed out implemention.
Inspired by the early work of RobotsAndPencils.
The library supports:
- generating signed/unsigned AuthnRequests
- validating signed AuthnRequests
- generating service provider metadata
- generating signed Responses
- validating signed Responses
Installation
$ go get github.com/xionglun/saml
Usage
Below are samples to show how you might use the library.
Generating Signed AuthnRequests
sp := saml.ServiceProviderSettings{
IDPSSOURL: "http://idp/saml2",
IDPSSODescriptorURL: "http://idp/issuer",
IDPPublicCertPath: "certs/idp.crt",
SPSignRequest: "true",
AssertionConsumerServiceURL: "http://localhost:8000/saml_consume",
}
sp.Init()
// generate the AuthnRequest and then get a base64 encoded string of the XML
authnRequest := sp.GetAuthnRequest()
b64XML, err := authnRequest.EncodedSignedString(sp.PrivateKeyPath)
if err != nil {
panic(err)
}
// for convenience, get a URL formed with the SAMLRequest parameter
url, err := saml.GetAuthnRequestURL(sp.IDPSSOURL, b64XML)
if err != nil {
panic(err)
}
// below is bonus for how you might respond to a request with a form that POSTs to the IdP
data := struct {
Base64AuthRequest string
URL string
}{
Base64AuthRequest: b64XML,
URL: url,
}
t := template.New("saml")
t, err = t.Parse("<html><body style=\"display: none\" onload=\"document.frm.submit()\"><form method=\"post\" name=\"frm\" action=\"{{.URL}}\"><input type=\"hidden\" name=\"SAMLRequest\" value=\"{{.Base64AuthRequest}}\" /><input type=\"submit\" value=\"Submit\" /></form></body></html>")
// how you might respond to a request with the templated form that will auto post
t.Execute(w, data)
Validating a received SAML Response
response = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
encodedXML := r.FormValue("SAMLResponse")
if encodedXML == "" {
httpcommon.SendBadRequest(w, "SAMLResponse form value missing")
return
}
response, err := saml.ParseEncodedResponse(encodedXML)
if err != nil {
httpcommon.SendBadRequest(w, "SAMLResponse parse: "+err.Error())
return
}
err = response.Validate(&sp)
if err != nil {
httpcommon.SendBadRequest(w, "SAMLResponse validation: "+err.Error())
return
}
samlID := response.GetAttribute("uid")
if samlID == "" {
httpcommon.SendBadRequest(w, "SAML attribute identifier uid missing")
return
}
//...
}
Service provider metadata
func samlMetadataHandler(sp *saml.ServiceProviderSettings) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
md, err := sp.GetEntityDescriptor()
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
w.Header().Set("Content-Type", "application/xml")
w.Write([]byte(md))
})
}
Receiving a authnRequest
b64Request := r.URL.Query().Get("SAMLRequest")
if b64Request == "" {
w.WriteHeader(400)
w.Write([]byte("SAMLRequest parameter missing"))
return
}
defated, err := base64.StdEncoding.DecodeString(b64Request)
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
// enflate and unmarshal
var buffer bytes.Buffer
rdr := flate.NewReader(bytes.NewReader(defated))
io.Copy(&buffer, rdr)
var authnRequest saml.AuthnRequest
err = xml.Unmarshal(buffer.Bytes(), &authnRequest)
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
if authnRequest.Issuer.Url != issuerURL {
w.WriteHeader(500)
w.Write([]byte("unauthorized issuer "+authnRequest.Issuer.Url))
return
}
Creating a SAML Response (if acting as an IdP)
issuer := "http://localhost:8000/saml"
authnResponse := saml.NewSignedResponse()
authnResponse.Issuer.Url = issuer
authnResponse.Assertion.Issuer.Url = issuer
authnResponse.Signature.KeyInfo.X509Data.X509Certificate.Cert = stringValueOfCert
authnResponse.Assertion.Subject.NameID.Value = userIdThatYouAuthenticated
authnResponse.AddAttribute("uid", userIdThatYouAuthenticated)
authnResponse.AddAttribute("email", "someone@domain")
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.InResponseTo = authnRequestIdRespondingTo
authnResponse.InResponseTo = authnRequestIdRespondingTo
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient = issuer
// signed XML string
signed, err := authnResponse.SignedString("/path/to/private.key")
// or signed base64 encoded XML string
b64XML, err := authnResponse.EncodedSignedString("/path/to/private.key")
Contributing
Would love any contributions you having including better documentation, tests, or more robust functionality.
git clone git@github.com:xionglun/saml.git
make init
make test
License
The MIT License (MIT)
Copyright (c) 2016 Allen Heavey
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Documentation
¶
Index ¶
- Constants
- Variables
- func GetAuthnRequestURL(baseURL string, b64XML string, state string) (string, error)
- func ID() string
- func SignRequest(xml string, privateKeyPath string) (string, error)
- func SignResponse(xml string, privateKeyPath string) (string, error)
- func VerifyRequestSignature(xml string, publicCertPath string) error
- func VerifyResponseSignature(xml string, publicCertPath string) error
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) CompressedEncodedString() (string, error)
- func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) EncodedString() (string, error)
- func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) String() (string, error)
- func (r *AuthnRequest) Validate(publicCertPath string) error
- type AuthnStatement
- type CanonicalizationMethod
- type Conditions
- type DigestMethod
- type DigestValue
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type IDPList
- type IdentityProviderSettings
- type Issuer
- type KeyDescriptor
- type KeyInfo
- type NameID
- type NameIDPolicy
- type RequestedAuthnContext
- type Response
- func (r *Response) AddAttribute(name, value string)
- func (r *Response) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) GetAttributeValue(name string) string
- func (r *Response) GetAttributeValues(name string) []string
- func (r *Response) SetIssuer(issuer string)
- func (r *Response) SetNameID(nameID string)
- func (r *Response) SetResponseTo(responseTo string)
- func (r *Response) SignedString(privateKeyPath string) (string, error)
- func (r *Response) String() (string, error)
- func (r *Response) Validate(s *ServiceProviderSettings) error
- type SPSSODescriptor
- type SPSSODescriptors
- type SamlsigReference
- type Scoping
- type ServiceProviderSettings
- func (s *ServiceProviderSettings) GetAuthnRequest() *AuthnRequest
- func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
- func (s *ServiceProviderSettings) IDPPublicCert() string
- func (s *ServiceProviderSettings) Init() (err error)
- func (s *ServiceProviderSettings) PrivateKey() string
- func (s *ServiceProviderSettings) PublicCert() string
- type Signature
- type SignatureMethod
- type SignatureValue
- type SignedInfo
- type SingleLogoutService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type Transform
- type Transforms
- type X509Certificate
- type X509Data
Constants ¶
View Source
const ( RESP_STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success" RESP_STATUS_REQUESTER = "urn:oasis:names:tc:SAML:2.0:status:Requester" RESP_STATUS_RESPONDER = "urn:oasis:names:tc:SAML:2.0:status:Responder" RESP_STATUS_VERSION_MISMATCH = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch" RESP_STATUS_AUTHN_FAILED = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" RESP_STATUS_INVALID_ATTR_NAME_OR_VALUE = "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue" RESP_STATUS_INVALID_NAMEID_POLICY = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" RESP_STATUS_NO_AUTHN_CONTEXT = "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" RESP_STATUS_NO_AVAILABLE_IDP = "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP" RESP_STATUS_NO_PASSIVE = "urn:oasis:names:tc:SAML:2.0:status:NoPassive" RESP_STATUS_NO_SUPPORTED_IDP = "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP" RESP_STATUS_PARTIAL_LOGOUT = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout" RESP_STATUS_PROXY_COUNT_EXCEEDED = "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded" RESP_STATUS_REQUEST_DENIED = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied" RESP_STATUS_REQUEST_UNSUPPORTED = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported" RESP_STATUS_REQUEST_VERSION_DEPRECATED = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated" RESP_STATUS_REQUEST_VERSION_TOO_HIGH = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh" RESP_STATUS_REQUEST_VERSION_TOO_LOW = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow" RESP_STATUS_RESOURCE_NOT_RECOGNIZED = "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized" RESP_STATUS_TOO_MANY_RESPONSES = "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses" RESP_STATUS_UNKNOWN_ATTR_PROFILE = "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile" RESP_STATUS_UNKNOWN_PRINCIPAL = "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal" RESP_STATUS_UNSUPPORTED_BINDING = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding" )
View Source
const (
SAML_BINDING_HTTP_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
)
Variables ¶
View Source
var ( ERR_RESP_UNSUPPORT_VERSION = errors.New("Unsupport saml version!") ERR_RESP_NEED_ID = errors.New("Missing ID attribute on SAML Response") ERR_RESP_NEED_ASSERTION = errors.New("Need Assertions!") ERR_RESP_NEED_SIGNATURE = errors.New("Need signature!") ERR_RESP_DEST_MISMATH = errors.New("Destination mismath!") ERR_RESP_METHOD_WRONG = errors.New("Wrong assertion method!") ERR_RESP_RECIP_MISMATH = errors.New("Subject recipient mismatch!") ERR_RESP_ASSERTION_EXPIRED = errors.New("Assertion has expired!") )
Functions ¶
func GetAuthnRequestURL ¶
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func SignRequest ¶
SignRequest sign a SAML 2.0 AuthnRequest `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func SignResponse ¶
SignResponse sign a SAML 2.0 Response `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyRequestSignature ¶
VerifyRequestSignature verify signature of a SAML 2.0 AuthnRequest document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyResponseSignature ¶
VerifyResponseSignature verify signature of a SAML 2.0 Response document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
Types ¶
type Assertion ¶
type Assertion struct {
XMLName xml.Name
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
XS string `xml:"xmlns:xs,attr"`
XSI string `xml:"xmlns:xsi,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
Issuer Issuer `xml:"Issuer"`
Subject Subject
Conditions Conditions
AuthnStatement AuthnStatement
AttributeStatement AttributeStatement
Signature *Signature `xml:"ds:Signature,omitempty"`
}
SAML response assertion
type AttributeStatement ¶
type AttributeValue ¶
type AudienceRestriction ¶
type AudienceRestriction struct {
Audience string `xml:"saml:Audience"`
}
type AuthnContext ¶
type AuthnContext struct {
ClassRef string `xml:"saml:AuthnContextClassRef"`
}
type AuthnContextClassRef ¶
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
ProtocolBinding string `xml:"ProtocolBinding,attr"`
AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr"`
AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr"`
Issuer Issuer `xml:"Issuer"`
NameIDPolicy NameIDPolicy `xml:"NameIDPolicy,omitempty"`
RequestedAuthnContext RequestedAuthnContext `xml:"RequestedAuthnContext"`
Signature *Signature `xml:"Signature,omitempty"`
Subject Subject `xml:"Subject,omitempty"`
Conditions Conditions `xml:"Conditions,omitempty"`
Scoping Scoping `xml:"Scoping,omitempty"`
// contains filtered or unexported fields
}
An AuthnRequest is generated by SP(Service Provider) and send to IdP(Identity Provider) Refer: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf [Page 36, 48]
Attributes and Sequences
Name Type Description ID ID required; An identifier for the request. Version string required; The version of the request. IssueInstant dateTime required; The time instant of issue of the request. Destination anyURI optional; A URI reference indicating the address to which this request has been sent. Consent anyURI optional; Indicates whether or not consent has been obtained from a principal. ForceAuthn boolean optional; Indicate IdP MUST authenticate directly or not. IsPassive boolean optional; IdP can take control of the user interface or not. ProtocolBinding anyURI optional; A URI reference that indetifies RESPONSE protocol binding. AssertionConsumerServiceIndex uint optional; Indirectly identifies the location to which the <Response> message should be returned to the requester. AssertionConsumerServiceURL anyURI optional; Specifies by value the location to which the <Response> message MUST be returned to the requester. AttributeConsumingServiceIndex uint optional; Indirectly identifies the SAML attributes to be supplied by the identity provider ProviderName string optional; Specifies the human-readable name of the requester for use by the presenter's user agent or the identity provider. Issuer Issuer optional; Identifies the entity that generated the request message. Signature Signature optional; An XML Signature that authenticates the requester and provides message integrity. Subject Subject optional; Specifies the requested subject of the resulting assertion(s). Conditions Conditions optional; Specifies the SAML conditions the requester expects to limit the validity and/or use of the resulting assertion(s). Scoping Scoping optional; Specifies a set of identity providers trusted by the requester to authenticate the presenter
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
func ParseCompressedEncodedRequest ¶
func ParseCompressedEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func ParseEncodedRequest ¶
func ParseEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) CompressedEncodedString ¶
func (r *AuthnRequest) CompressedEncodedString() (string, error)
func (*AuthnRequest) EncodedSignedString ¶
func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func (*AuthnRequest) EncodedString ¶
func (r *AuthnRequest) EncodedString() (string, error)
func (*AuthnRequest) SignedString ¶
func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) String ¶
func (r *AuthnRequest) String() (string, error)
func (*AuthnRequest) Validate ¶
func (r *AuthnRequest) Validate(publicCertPath string) error
type AuthnStatement ¶
type CanonicalizationMethod ¶
type Conditions ¶
type Conditions struct {
XMLName xml.Name
NotBefore string `xml:",attr"`
NotOnOrAfter string `xml:",attr"`
AudienceRestriction AudienceRestriction `xml:"saml:AudienceRestriction"`
}
type DigestMethod ¶
type DigestValue ¶
type EntityAttributes ¶
type EntityDescriptor ¶
type EntityDescriptor struct {
XMLName xml.Name
DS string `xml:"xmlns:ds,attr"`
XMLNS string `xml:"xmlns,attr"`
MD string `xml:"xmlns:md,attr"`
EntityId string `xml:"entityID,attr"`
Extensions Extensions `xml:"Extensions"`
SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"`
}
type Extensions ¶
type IdentityProviderSettings ¶
type IdentityProviderSettings struct {
}
type Issuer ¶
type KeyDescriptor ¶
type NameIDPolicy ¶
type NameIDPolicy struct {
XMLName xml.Name
SPNameQualifier string `xml:"SPNameQualifier,attr,omitempty"`
AllowCreate bool `xml:"AllowCreate,attr,omitempty"`
Format string `xml:"Format,attr,omitempty"`
}
func NewNameIDPolicy ¶
func NewNameIDPolicy() *NameIDPolicy
type RequestedAuthnContext ¶
type RequestedAuthnContext struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
Comparison string `xml:"Comparison,attr"`
AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"`
}
type Response ¶
type Response struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
Destination string `xml:"Destination,attr"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
InResponseTo string `xml:"InResponseTo,attr"`
Issuer Issuer `xml:"Issuer"`
Signature Signature `xml:"Signature,omitempty"`
Status Status `xml:"Status"`
Assertion Assertion `xml:"Assertion"`
// contains filtered or unexported fields
}
SAML Response structure
func NewSignedResponse ¶
func NewSignedResponse() *Response
NewSignedResponse create a new signed response
func ParseEncodedResponse ¶
func (*Response) AddAttribute ¶
AddAttribute add strong attribute to the Response
func (*Response) CompressedEncodedSignedString ¶
func (*Response) EncodedSignedString ¶
func (*Response) GetAttributeValue ¶
GetAttributeValue by Name or by FriendlyName. Return blank string if not found
func (*Response) GetAttributeValues ¶
GetAttributeValues returns attribute's values
func (*Response) SetResponseTo ¶
set repsonse to
func (*Response) SignedString ¶
func (*Response) Validate ¶
func (r *Response) Validate(s *ServiceProviderSettings) error
type SPSSODescriptor ¶
type SPSSODescriptor struct {
XMLName xml.Name
ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"`
SigningKeyDescriptor KeyDescriptor
EncryptionKeyDescriptor KeyDescriptor
// SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"`
AssertionConsumerServices []AssertionConsumerService
}
type SPSSODescriptors ¶
type SPSSODescriptors struct {
}
type SamlsigReference ¶
type SamlsigReference struct {
XMLName xml.Name
URI string `xml:"URI,attr"`
Transforms Transforms `xml:",innerxml"`
DigestMethod DigestMethod `xml:",innerxml"`
DigestValue DigestValue `xml:",innerxml"`
}
type ServiceProviderSettings ¶
type ServiceProviderSettings struct {
PublicCertPath string
PrivateKeyPath string
IDPSSOURL string
IDPSSODescriptorURL string
IDPPublicCertPath string
AssertionConsumerServiceURL string
SPSignRequest bool
// contains filtered or unexported fields
}
ServiceProviderSettings provides settings to configure server acting as a SAML Service Provider. Expect only one IDP per SP in this configuration. If you need to configure multipe IDPs for an SP then configure multiple instances of this module
func (*ServiceProviderSettings) GetAuthnRequest ¶
func (s *ServiceProviderSettings) GetAuthnRequest() *AuthnRequest
GetSignedAuthnRequest returns a singed XML document that represents a AuthnRequest SAML document
func (*ServiceProviderSettings) GetEntityDescriptor ¶
func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
func (*ServiceProviderSettings) IDPPublicCert ¶
func (s *ServiceProviderSettings) IDPPublicCert() string
func (*ServiceProviderSettings) Init ¶
func (s *ServiceProviderSettings) Init() (err error)
func (*ServiceProviderSettings) PrivateKey ¶
func (s *ServiceProviderSettings) PrivateKey() string
func (*ServiceProviderSettings) PublicCert ¶
func (s *ServiceProviderSettings) PublicCert() string
type Signature ¶
type Signature struct {
XMLName xml.Name
SAMLSIG string `xml:"xmlns:ds,attr"`
SignedInfo SignedInfo
SignatureValue SignatureValue
KeyInfo KeyInfo
}
func NewSignature ¶
func NewSignature() *Signature
type SignatureMethod ¶
type SignatureValue ¶
type SignedInfo ¶
type SignedInfo struct {
XMLName xml.Name
CanonicalizationMethod CanonicalizationMethod
SignatureMethod SignatureMethod
SamlsigReference SamlsigReference
}
func NewSignedInfo ¶
func NewSignedInfo() *SignedInfo
type SingleLogoutService ¶
type Status ¶
type Status struct {
XMLName xml.Name
StatusCode StatusCode `xml:"StatusCode"`
}
type StatusCode ¶
type Subject ¶
type Subject struct {
XMLName xml.Name
NameID NameID
SubjectConfirmation SubjectConfirmation
}
structure of <Subject>
type SubjectConfirmation ¶
type SubjectConfirmation struct {
XMLName xml.Name
Method string `xml:",attr"`
SubjectConfirmationData SubjectConfirmationData
}
structure of <Subject>
type SubjectConfirmationData ¶
type SubjectConfirmationData struct {
XMLName xml.Name
InResponseTo string `xml:",attr,omitempty"`
NotOnOrAfter string `xml:",attr,omitempty"`
NotBefore string `xml:",attr,omitempty"`
Recipient string `xml:",attr,omitempty"`
Address string `xml:",attr,omitempty"`
}
It specifies additional data that allows the subject to be confirmed or constrains the circumstances under which the act of subject confirmation can take place
type Transforms ¶
type X509Certificate ¶
type X509Data ¶
type X509Data struct {
XMLName xml.Name
X509Certificate X509Certificate `xml:",innerxml"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.