Documentation
¶
Index ¶
- Constants
- Variables
- type RegisteredClaims
- type RequestOption
- type SaveToken
- type Subject
- type Token
- type TokenAudience
- type TokenClockSkew
- type TokenParseOption
- type TokenValidateExpiresAt
- type TokenValidateIssuedAt
- type TokenValidateIssuer
- type TokenValidateNotBefore
- type WithRequestWreply
- type WsFederation
- func (p *WsFederation) AddTrustedSigningCertificate(cert *x509.Certificate)
- func (p *WsFederation) ClearCertificateStore()
- func (p *WsFederation) IsSignoutResponse(ctx *azugo.Context) bool
- func (s *WsFederation) Parse(token []byte, opt ...TokenParseOption) (*Token, error)
- func (p *WsFederation) ReadResponse(ctx *azugo.Context, opt ...TokenParseOption) (*Token, error)
- func (p *WsFederation) Ready() bool
- func (p *WsFederation) RefreshMetadata() error
- func (p *WsFederation) SigninURL(ctx context.Context, realm string, options ...RequestOption) (string, error)
- func (p *WsFederation) SignoutURL(realm string, options ...RequestOption) (string, error)
Constants ¶
View Source
const ( // HTTPPostBinding is the official URN for the HTTP-POST binding (transport) HTTPPostBinding string = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" // HTTPRedirectBinding is the official URN for the HTTP-Redirect binding (transport) HTTPRedirectBinding string = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" // SecurityTokenServiceType is the official WS-Federation type for the Security Token Service (STS) SecurityTokenServiceType string = "SecurityTokenServiceType" // KeyDescriptorUseSigning is the official use for a key descriptor that is used for signing. KeyDescriptorUseSigning string = "signing" // KeyDescriptorUseEncryption is the official use for a key descriptor that is used for encryption. KeyDescriptorUseEncryption string = "encryption" )
View Source
const ( ClaimTypeName string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ClaimTypeGivenName string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" ClaimTypeSurname string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" ClaimTypeEmail string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ClaimTypeNameIdentifier string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" ClaimTypePrivatePersonalIdentifier string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" ClaimTypeSID string = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid" ClaimTypePrimarySID string = "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" ClaimTypeRole string = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" ClaimTypeAction string = "http://docs.oasis-open.org/wsfed/authorization/200706/claims/action" )
Common claim types.
View Source
const ( // Cache key to store nonce in cache. WsFederationNonceCacheKey string = "wsfed-nonce" )
Variables ¶
View Source
var ( ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") ErrTokenSignatureInvalid = errors.New("token signature is invalid") ErrTokenNonceInvalid = errors.New("token nonce is invalid") ErrTokenInvalidAudience = errors.New("token has invalid audience") ErrTokenExpired = errors.New("token is expired") ErrTokenUsedBeforeIssued = errors.New("token used before issued") ErrTokenInvalidIssuer = errors.New("token has invalid issuer") ErrTokenNotValidYet = errors.New("token is not valid yet") )
Token parser and validation errors.
Functions ¶
This section is empty.
Types ¶
type RegisteredClaims ¶
type RegisteredClaims struct {
// Security token issuer
Issuer string
// Security token subject
Subject Subject
// Audience restrictions
Audience []string
// Not on or after restriction
ExpiresAt *time.Time
// Not before restriction
NotBefore *time.Time
// Issue instant
IssuedAt *time.Time
// Assertion ID
ID string
// Attribute Statements
Attributes map[string][]string
}
RegisteredClaims are a structured version of the Security Token
type RequestOption ¶
type RequestOption interface {
// contains filtered or unexported methods
}
RequestOption is an optional parameters for the request.
func WithRequestParam ¶ added in v0.10.0
func WithRequestParam(name, value string) RequestOption
WithRequestParam is an optional custom parameter for request.
type SaveToken ¶
type SaveToken bool
SaveToken is an option to save the token raw and validated XML.
type Token ¶
type Token struct {
Raw string
Validated string
Claims *RegisteredClaims
Signature string
Valid bool
}
Token represents a WS-Federation token.
func (*Token) ClaimValue ¶
ClaimValue returns the value of the given claim.
func (*Token) ClaimValues ¶
ClaimValues returns the values of the given claim.
type TokenAudience ¶
type TokenAudience string
TokenAudience is an option to set the audience to validate against.
type TokenClockSkew ¶
TokenClockSkew is an option to set the clock skew.
type TokenParseOption ¶
type TokenParseOption interface {
// contains filtered or unexported methods
}
type TokenValidateExpiresAt ¶
type TokenValidateExpiresAt bool
TokenValidateExpiresAt is an option to validate expires at time.
type TokenValidateIssuedAt ¶
type TokenValidateIssuedAt bool
TokenValidateIssuedAt is an option to validate issued at time.
type TokenValidateIssuer ¶
type TokenValidateIssuer bool
TokenValidateIssuer is an option to validate the issuer.
type TokenValidateNotBefore ¶
type TokenValidateNotBefore bool
TokenValidateNotBefore is an option to validate not before time.
type WithRequestWreply ¶
type WithRequestWreply string
WithRequestWreply is an optional reply URL parameter for request.
type WsFederation ¶
type WsFederation struct {
// MetadataURL is the URL to the WS-Federation metadata.
MetadataURL *url.URL
// InsecureSkipVerify skips the verification of the IDP HTTPS certificate.
InsecureSkipVerify bool
// IDPEndpoint is the URL to the IDP endpoint for passive authentication.
IDPEndpoint *url.URL
// Issuer of the token
Issuer string
// ClockSkew is the maximum allowed clock skew.
ClockSkew time.Duration
// NonceStore is the nonce store.
NonceStore nonce.Store
// contains filtered or unexported fields
}
WsFederation is a WS-Federation service to communicate with IDP.
func New ¶
func New(app *azugo.App, metadataURL string) (*WsFederation, error)
New creates a new WS-Federation service instance.
func (*WsFederation) AddTrustedSigningCertificate ¶
func (p *WsFederation) AddTrustedSigningCertificate(cert *x509.Certificate)
AddTrustedSigningCertificate adds a trusted certificate to the certificate store.
func (*WsFederation) ClearCertificateStore ¶
func (p *WsFederation) ClearCertificateStore()
ClearCertificateStore clears the certificate store.
func (*WsFederation) IsSignoutResponse ¶
func (p *WsFederation) IsSignoutResponse(ctx *azugo.Context) bool
IsSignoutResponse checks if the request is a signout response.
func (*WsFederation) Parse ¶
func (s *WsFederation) Parse(token []byte, opt ...TokenParseOption) (*Token, error)
Parse parses and validates a WS-Federation token.
func (*WsFederation) ReadResponse ¶
func (p *WsFederation) ReadResponse(ctx *azugo.Context, opt ...TokenParseOption) (*Token, error)
ReadResponse reads the IDP response from the request.
func (*WsFederation) Ready ¶
func (p *WsFederation) Ready() bool
Ready returns true if the service is ready.
func (*WsFederation) RefreshMetadata ¶
func (p *WsFederation) RefreshMetadata() error
RefreshMetadata updates the metadata.
func (*WsFederation) SigninURL ¶
func (p *WsFederation) SigninURL(ctx context.Context, realm string, options ...RequestOption) (string, error)
SigninURL returns the signin URL.
func (*WsFederation) SignoutURL ¶
func (p *WsFederation) SignoutURL(realm string, options ...RequestOption) (string, error)
SignoutURL returns the signout URL.
Source Files
Click to show internal directories.
Click to hide internal directories.