wayfhybrid

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2021 License: MIT Imports: 30 Imported by: 0

README

Go Report Card

wayfhybrid

Wayfhybrid is a WAYF specific SAML hybrid based on wayf-dk/gohybrid

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ACSService 

func ACSService(w http.ResponseWriter, r *http.Request) (err error)

ACSService handles all the stuff related to receiving response and attribute handling

func Attributesc14n added in v1.0.17 

func Attributesc14n(request, response, idpMd, spMd *goxml.Xp)

Attributesc14n - Convert to - and compute canonical attributes

func BirkSLOService 

func BirkSLOService(w http.ResponseWriter, r *http.Request) (err error)

BirkSLOService refers to birk single logout service. Takes request as a parameter and returns an error if any

func CopyAttributes added in v1.0.13 

func CopyAttributes(sourceResponse, response, idpMd, spMd *goxml.Xp) (ardValues map[string][]string, ardHash string)

CopyAttributes copies the attributes

Example 
idpMd := goxml.NewXpFromFile("testdata/idp_md_dtu.xml")
hubMd := goxml.NewXpFromFile("testdata/hub_md.xml")
spMd := goxml.NewXpFromFile("testdata/sp_md.xml")
prepareTables(hubMd)
sourceResponse := goxml.NewXpFromFile("testdata/sourceresponse_dtu.saml")
WayfACSServiceHandler(idpMd, hubMd, spMd, nil, sourceResponse.CpXp(), false)
newresponse := gosaml.NewResponse(idpMd, spMd, sourceResponse, sourceResponse)
CopyAttributes(sourceResponse, newresponse, spMd)
gosaml.AttributeCanonicalDump(os.Stdout, newresponse)

Output:

cn urn:oid:2.5.4.3 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    Mads Freek Petersen
displayName urn:oid:2.16.840.1.113730.3.1.241 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    Mads Freek Petersen
eduPersonAssurance urn:oid:1.3.6.1.4.1.5923.1.1.1.11 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    2
eduPersonEntitlement urn:oid:1.3.6.1.4.1.5923.1.1.1.7 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    this.is.a.prefix.with.an.allowed.postfix
    this.is.an.allowed.infix.with.a.postfix
    this.is.an.allowed.prefix.with.a.postfix
    this.is.an.allowed.regexp.with.a.postfix
    urn:mace:terena.org:tcs:escience-user
eduPersonPrimaryAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.5 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    staff
eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    madpe@dtu.dk
eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    member@dtu.dk
    staff@dtu.dk
    staff@just.testing.dtu.dk
eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    WAYF-DK-9c03f6bdabf9e280d9dfdedb42ebaf161c30ed51
gn urn:oid:2.5.4.42 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    Mads Freek
mail urn:oid:0.9.2342.19200300.100.1.3 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    madpe@dtu.dk
organizationName urn:oid:2.5.4.10 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    Danmarks Tekniske Universitet
preferredLanguage urn:oid:2.16.840.1.113730.3.1.39 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    da-DK
schacDateOfBirth urn:oid:1.3.6.1.4.1.25178.1.2.3 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    18580824
schacHomeOrganization urn:oid:1.3.6.1.4.1.25178.1.2.9 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    dtu.dk
schacHomeOrganizationType urn:oid:1.3.6.1.4.1.25178.1.2.10 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    urn:mace:terena.org:schac:homeOrganizationType:eu:higherEducationalInstitution
schacPersonalUniqueID urn:oid:1.3.6.1.4.1.25178.1.2.15 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    urn:mace:terena.org:schac:personalUniqueID:dk:CPR:2408588834
schacYearOfBirth urn:oid:1.3.6.1.4.1.25178.1.0.2.3 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    1858
sn urn:oid:2.5.4.4 urn:oasis:names:tc:SAML:2.0:attrname-format:uri
    Petersen

func IDPSLOService added in v1.2.1 

func IDPSLOService(w http.ResponseWriter, r *http.Request) (err error)

IDPSLOService refers to idp single logout service. Takes request as a parameter and returns an error if any

func KribSLOService 

func KribSLOService(w http.ResponseWriter, r *http.Request) (err error)

KribSLOService refers to krib single logout service. Takes request as a parameter and returns an error if any

func MDQWeb added in v1.0.17 

func MDQWeb(w http.ResponseWriter, r *http.Request) (err error)

MDQWeb - thin MDQ web layer on top of lmdq

func Main 

func Main()

Main - start the hybrid

func OkService 

func OkService(w http.ResponseWriter, r *http.Request) (err error)

OkService - exits with eror of HSM is unavailable

func PProf added in v1.2.7 

func PProf(w http.ResponseWriter, r *http.Request) (err error)

func RequestHandler added in v1.0.17 

func RequestHandler(request, idpMd, spMd *goxml.Xp) (values map[string][]string, err error)

RequestHandler - runs attributeOpsHandler for requestAttributesBase and returns the result as values

func SLOInfoHandler 

func SLOInfoHandler(w http.ResponseWriter, r *http.Request, samlIn, idpMd, inMd, samlOut, outMd *goxml.Xp, role int, protocol string) (sil *gosaml.SLOInfoList, sloinfo *gosaml.SLOInfo, ok, sendResponse bool)

SLOInfoHandler Saves or retrieves the SLO info relevant to the contents of the samlMessage For now uses cookies to keep the SLOInfo

func SLOService 

func SLOService(w http.ResponseWriter, r *http.Request, issuerMdSet, destinationMdSet gosaml.Md, finalIssuerMdSets, finalDestinationMdSets []gosaml.Md, role int, tag string) (err error)

SLOService refers to single logout service. Takes request and issuer and destination metadata sets, role refers to if it as IDP or SP.

func SPSLOService 

func SPSLOService(w http.ResponseWriter, r *http.Request) (err error)

SPSLOService refers to SP single logout service. Takes request as a parameter and returns an error if any

func SSOService 

func SSOService(w http.ResponseWriter, r *http.Request) (err error)

SSOService handles single sign on requests

func VeryVeryPoorMansScopingService 

func VeryVeryPoorMansScopingService(w http.ResponseWriter, r *http.Request) (err error)

VeryVeryPoorMansScopingService handles poor man's scoping

Types

type AttributeReleaseData 

type AttributeReleaseData struct {
	Values             map[string][]string
	IDPDisplayName     map[string]string
	IDPEntityID        string
	SPDisplayName      map[string]string
	SPDescription      map[string]string
	SPEntityID         string
	Key                string
	Hash               string
	BypassConfirmation bool
	ForceConfirmation  bool
	ConsentAsAService  string
}

AttributeReleaseData - for the attributerelease template

type HybridSession 

type HybridSession interface {
	Set(http.ResponseWriter, *http.Request, string, []byte) error
	Get(http.ResponseWriter, *http.Request, string) ([]byte, error)
	Del(http.ResponseWriter, *http.Request, string) error
	GetDel(http.ResponseWriter, *http.Request, string) ([]byte, error)
}

HybridSession - for session handling - pt. only cookies

Source Files

View all Source files

Directories

Path Synopsis
cmd
hybrid

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.