README
¶
go-saml
A just good enough SAML client library written in Go. This library is by no means complete and has been developed to solve several specific integration efforts. However, it's a start, and it would be great to see it evolve into a more fleshed out implemention.
Inspired by the early work of Matt Baird.
The library supports:
- generating signed/unsigned AuthnRequests
- validating signed AuthnRequests
- generating service provider metadata
- generating signed Responses
- validating signed Responses
Installation
$ go get github.com/RobotsAndPencils/go-saml
Here's a convenient way to generate a certificate:
curl -sSL https://raw.githubusercontent.com/frntn/x509-san/master/gencert.sh | CRT_CN="mycert" bash
Usage
Below are samples to show how you might use the library.
Generating Signed AuthnRequests
sp := saml.ServiceProviderSettings{
PublicCertPath: "../default.crt",
PrivateKeyPath: "../default.key",
IDPSSOURL: "http://idp/saml2",
IDPSSODescriptorURL: "http://idp/issuer",
IDPPublicCertPath: "idpcert.crt",
SPSignRequest: "true",
AssertionConsumerServiceURL: "http://localhost:8000/saml_consume",
}
sp.Init()
// generate the AuthnRequest and then get a base64 encoded string of the XML
authnRequest := sp.GetAuthnRequest()
b64XML, err := authnRequest.EncodedSignedString(sp.PrivateKeyPath)
if err != nil {
panic(err)
}
// for convenience, get a URL formed with the SAMLRequest parameter
url, err := saml.GetAuthnRequestURL(sp.IDPSSOURL, b64XML)
if err != nil {
panic(err)
}
// below is bonus for how you might respond to a request with a form that POSTs to the IdP
data := struct {
Base64AuthRequest string
URL string
}{
Base64AuthRequest: b64XML,
URL: url,
}
t := template.New("saml")
t, err = t.Parse("<html><body style=\"display: none\" onload=\"document.frm.submit()\"><form method=\"post\" name=\"frm\" action=\"{{.URL}}\"><input type=\"hidden\" name=\"SAMLRequest\" value=\"{{.Base64AuthRequest}}\" /><input type=\"submit\" value=\"Submit\" /></form></body></html>")
// how you might respond to a request with the templated form that will auto post
t.Execute(w, data)
Validating a received SAML Response
response = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
encodedXML := r.FormValue("SAMLResponse")
if encodedXML == "" {
httpcommon.SendBadRequest(w, "SAMLResponse form value missing")
return
}
response, err := saml.ParseEncodedResponse(encodedXML)
if err != nil {
httpcommon.SendBadRequest(w, "SAMLResponse parse: "+err.Error())
return
}
err = response.Validate(&sp)
if err != nil {
httpcommon.SendBadRequest(w, "SAMLResponse validation: "+err.Error())
return
}
samlID := response.GetAttribute("uid")
if samlID == "" {
httpcommon.SendBadRequest(w, "SAML attribute identifier uid missing")
return
}
//...
}
Service provider metadata
func samlMetadataHandler(sp *saml.ServiceProviderSettings) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
md, err := sp.GetEntityDescriptor()
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
w.Header().Set("Content-Type", "application/xml")
w.Write([]byte(md))
})
}
Receiving a authnRequest
b64Request := r.URL.Query().Get("SAMLRequest")
if b64Request == "" {
w.WriteHeader(400)
w.Write([]byte("SAMLRequest parameter missing"))
return
}
defated, err := base64.StdEncoding.DecodeString(b64Request)
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
// enflate and unmarshal
var buffer bytes.Buffer
rdr := flate.NewReader(bytes.NewReader(defated))
io.Copy(&buffer, rdr)
var authnRequest saml.AuthnRequest
err = xml.Unmarshal(buffer.Bytes(), &authnRequest)
if err != nil {
w.WriteHeader(500)
w.Write([]byte("Error: " + err.Error()))
return
}
if authnRequest.Issuer.Url != issuerURL {
w.WriteHeader(500)
w.Write([]byte("unauthorized issuer "+authnRequest.Issuer.Url))
return
}
Creating a SAML Response (if acting as an IdP)
issuer := "http://localhost:8000/saml"
authnResponse := saml.NewSignedResponse()
authnResponse.Issuer.Url = issuer
authnResponse.Assertion.Issuer.Url = issuer
authnResponse.Signature.KeyInfo.X509Data.X509Certificate.Cert = stringValueOfCert
authnResponse.Assertion.Subject.NameID.Value = userIdThatYouAuthenticated
authnResponse.AddAttribute("uid", userIdThatYouAuthenticated)
authnResponse.AddAttribute("email", "someone@domain")
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.InResponseTo = authnRequestIdRespondingTo
authnResponse.InResponseTo = authnRequestIdRespondingTo
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient = issuer
// signed XML string
signed, err := authnResponse.SignedString("/path/to/private.key")
// or signed base64 encoded XML string
b64XML, err := authnResponse.EncodedSignedString("/path/to/private.key")
Contributing
Would love any contributions you having including better documentation, tests, or more robust functionality.
git clone git@github.com:RobotsAndPencils/go-saml.git
make init
make test
Contact
Made with ❤ by Robots & Pencils (@robotsNpencils)
Maintainers
Documentation
¶
Index ¶
- func Decrypt(xml string, privateKeyPath string) ([]byte, error)
- func GetAuthnRequestURL(baseURL string, b64XML string, state string) (string, error)
- func SignLogoutRequest(xml string, privateKeyPath string) (string, error)
- func SignRequest(xml string, privateKeyPath string) (string, error)
- func SignResponse(xml string, privateKeyPath string) (string, error)
- func VerifyRequestSignature(xml string, publicCertPath string) error
- func VerifyResponseSignature(xml, publicCertPath, xmlNodeName string) error
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type AuthnContextClassRef
- type AuthnRequest
- func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) CompressedEncodedString() (string, error)
- func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) EncodedString() (string, error)
- func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) String() (string, error)
- func (r *AuthnRequest) Validate(publicCertPath string) error
- type AuthnStatement
- type CanonicalizationMethod
- type Conditions
- type DigestMethod
- type DigestValue
- type EncryptedAssertion
- type EncryptedData
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type IDPSSODescriptor
- type IdentityProviderSettings
- type Issuer
- type KeyDescriptor
- type KeyInfo
- type LogoutRequest
- func (r *LogoutRequest) CompressedEncodedString() (string, error)
- func (r *LogoutRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *LogoutRequest) EncodedString() (string, error)
- func (r *LogoutRequest) SignedString(privateKeyPath string) (string, error)
- func (r *LogoutRequest) String() (string, error)
- type LogoutResponse
- func (r *LogoutResponse) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *LogoutResponse) Decrypt(SPPrivateCertPath string) (*LogoutResponse, error)
- func (r *LogoutResponse) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *LogoutResponse) FindSignatureTagName() (string, error)
- func (r *LogoutResponse) SignedString(privateKeyPath string) (string, error)
- func (r *LogoutResponse) String() (string, error)
- func (r *LogoutResponse) Validate(s *ServiceProviderSettings) error
- func (r *LogoutResponse) VerifySignature(IDPPublicCertPath string) error
- type Metadata
- type NameID
- type NameIDPolicy
- type RelayState
- type RequestedAuthnContext
- type Response
- func (r *Response) AddAttribute(name, value string)
- func (r *Response) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) Decrypt(SPPrivateCertPath string) (*Response, error)
- func (r *Response) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) FindSignatureTagName() (string, error)
- func (r *Response) GetAttribute(name string) []string
- func (r *Response) SignedString(privateKeyPath string) (string, error)
- func (r *Response) String() (string, error)
- func (r *Response) Validate(s *ServiceProviderSettings) error
- func (r *Response) ValidateWithoutSP(signed bool, assertionConsumerService, publicCertPath string, ...) error
- func (r *Response) VerifySignature(IDPPublicCertPath string) error
- type RoleDescriptor
- type SPSSODescriptor
- type SSODescriptor
- type SamlsigReference
- type ServiceProviderSettings
- func (s *ServiceProviderSettings) GetAuthnRequest(redirect bool) *AuthnRequest
- func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
- func (s *ServiceProviderSettings) GetLogoutRequest(nameID string, sessionIds ...string) *LogoutRequest
- func (s *ServiceProviderSettings) IDPPublicCert() string
- func (s *ServiceProviderSettings) Init() (err error)
- func (s *ServiceProviderSettings) PrivateKey() string
- func (s *ServiceProviderSettings) PublicCert() string
- type SessionIndex
- type Signature
- type SignatureMethod
- type SignatureValue
- type SignedInfo
- type SingleLogoutService
- type SingleSignOnService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type Transform
- type Transforms
- type X509Certificate
- type X509Data
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthnRequestURL ¶
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func SignRequest ¶
SignRequest sign a SAML 2.0 AuthnRequest `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func SignResponse ¶
SignResponse sign a SAML 2.0 Response `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyRequestSignature ¶
VerifyRequestSignature verify signature of a SAML 2.0 AuthnRequest document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyResponseSignature ¶
VerifyResponseSignature verify signature of a SAML 2.0 Response document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
Types ¶
type Assertion ¶
type Assertion struct {
XMLName xml.Name
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
XS string `xml:"xmlns:xs,attr"`
XSI string `xml:"xmlns:xsi,attr"`
SAML string `xml:"saml,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
Issuer Issuer `xml:"Issuer"`
Signature Signature `xml:"Signature"`
Subject Subject
Conditions Conditions
AttributeStatement AttributeStatement
AuthnStatement AuthnStatement
}
type AttributeStatement ¶
type AttributeValue ¶
type AuthnContextClassRef ¶
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
ProtocolBinding string `xml:"ProtocolBinding,attr,omitempty"`
AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
Destination string `xml:"Destination,attr,omitempty"`
AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr,omitempty"`
AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr,omitempty"`
ForceAuthn string `xml:"ForceAuthn,attr,omitempty"`
Issuer Issuer `xml:"Issuer"`
Signature []Signature `xml:"Signature,omitempty"`
NameIDPolicy *NameIDPolicy `xml:"NameIDPolicy,omitempty"`
RequestedAuthnContext *RequestedAuthnContext `xml:"RequestedAuthnContext,omitempty"`
// contains filtered or unexported fields
}
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
func NewAuthnRequestCustom ¶
func NewAuthnRequestCustom(sign bool) *AuthnRequest
func ParseCompressedEncodedRequest ¶
func ParseCompressedEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func ParseEncodedRequest ¶
func ParseEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) CompressedEncodedString ¶
func (r *AuthnRequest) CompressedEncodedString() (string, error)
func (*AuthnRequest) EncodedSignedString ¶
func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func (*AuthnRequest) EncodedString ¶
func (r *AuthnRequest) EncodedString() (string, error)
func (*AuthnRequest) SignedString ¶
func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) String ¶
func (r *AuthnRequest) String() (string, error)
func (*AuthnRequest) Validate ¶
func (r *AuthnRequest) Validate(publicCertPath string) error
type AuthnStatement ¶
type AuthnStatement struct {
SessionIndex string `xml:"SessionIndex,attr"`
}
type CanonicalizationMethod ¶
type Conditions ¶
type DigestMethod ¶
type DigestValue ¶
type EncryptedAssertion ¶
type EncryptedAssertion struct {
XMLName xml.Name
EncryptedData *EncryptedData `xml:"EncryptedData"`
// "Assertion" nodes are not valid here according to the SAML assertion schema, but they are implied by the
// XMLEnc standard as an intermediate form, and therefore in the files that 'xmlsec1 --decrypt' returns.
Assertion *Assertion `xml:"Assertion"`
}
type EncryptedData ¶
type EntityAttributes ¶
type EntityDescriptor ¶
type EntityDescriptor struct {
XMLName xml.Name
DS string `xml:"xmlns:ds,attr"`
XMLNS string `xml:"xmlns,attr"`
MD string `xml:"xmlns:md,attr"`
EntityId string `xml:"entityID,attr"`
Extensions *Extensions `xml:"Extensions,omitempty"`
SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"`
}
type Extensions ¶
type IDPSSODescriptor ¶
type IDPSSODescriptor struct {
XMLName xml.Name
ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"`
SSODescriptor
KeyDescriptors []KeyDescriptor
SingleSignOnService []SingleSignOnService `xml:"SingleSignOnService"`
Attributes []Attribute
}
type IdentityProviderSettings ¶
type IdentityProviderSettings struct {
}
type KeyDescriptor ¶
type LogoutRequest ¶
type LogoutRequest struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
Destination string `xml:"Destination,attr,omitempty"`
Issuer Issuer `xml:"Issuer"`
Signature *Signature `xml:"Signature,omitempty"`
NameID NameID `xml:"NameID"`
SessionIndex []SessionIndex `xml:"SessionIndex"`
}
func NewLogoutRequest ¶
func NewLogoutRequest(sign bool) *LogoutRequest
func (*LogoutRequest) CompressedEncodedString ¶
func (r *LogoutRequest) CompressedEncodedString() (string, error)
func (*LogoutRequest) EncodedSignedString ¶
func (r *LogoutRequest) EncodedSignedString(privateKeyPath string) (string, error)
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func (*LogoutRequest) EncodedString ¶
func (r *LogoutRequest) EncodedString() (string, error)
func (*LogoutRequest) SignedString ¶
func (r *LogoutRequest) SignedString(privateKeyPath string) (string, error)
func (*LogoutRequest) String ¶
func (r *LogoutRequest) String() (string, error)
type LogoutResponse ¶
type LogoutResponse struct {
XMLName xml.Name
Destination string `xml:"Destination,attr"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
InResponseTo string `xml:"InResponseTo,attr"`
Signature Signature `xml:"Signature"`
Issuer Issuer `xml:"Issuer"`
Status Status `xml:"Status"`
// contains filtered or unexported fields
}
func NewSignedlogoutResponse ¶
func NewSignedlogoutResponse() *LogoutResponse
func ParseCompressedEncodedLogoutResponse ¶
func ParseCompressedEncodedLogoutResponse(b64ResponseXML string) (*LogoutResponse, error)
func ParseDecodedLogoutResponse ¶
func ParseDecodedLogoutResponse(responseXML []byte) (*LogoutResponse, error)
func ParseEncodedLogoutResponse ¶
func ParseEncodedLogoutResponse(b64ResponseXML string) (*LogoutResponse, error)
func (*LogoutResponse) CompressedEncodedSignedString ¶
func (r *LogoutResponse) CompressedEncodedSignedString(privateKeyPath string) (string, error)
func (*LogoutResponse) Decrypt ¶
func (r *LogoutResponse) Decrypt(SPPrivateCertPath string) (*LogoutResponse, error)
func (*LogoutResponse) EncodedSignedString ¶
func (r *LogoutResponse) EncodedSignedString(privateKeyPath string) (string, error)
func (*LogoutResponse) FindSignatureTagName ¶
func (r *LogoutResponse) FindSignatureTagName() (string, error)
func (*LogoutResponse) SignedString ¶
func (r *LogoutResponse) SignedString(privateKeyPath string) (string, error)
func (*LogoutResponse) String ¶
func (r *LogoutResponse) String() (string, error)
func (*LogoutResponse) Validate ¶
func (r *LogoutResponse) Validate(s *ServiceProviderSettings) error
func (*LogoutResponse) VerifySignature ¶
func (r *LogoutResponse) VerifySignature(IDPPublicCertPath string) error
type Metadata ¶
type Metadata struct {
XMLName xml.Name // urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor
ID string `xml:"ID,attr,omitempty"`
EntityId string `xml:"entityID,attr"`
ValidUntil string `xml:"validUntil,attr,omitempty"`
CacheDuration string `xml:"cacheDuration,attr,omitempty"`
Signature *Signature `xml:"Signature,omitempty"`
// note: the schema permits these elements to appear in any order an unlimited number of times
RoleDescriptor []RoleDescriptor `xml:"RoleDescriptor,omitempty"`
SPSSODescriptor *SPSSODescriptor `xml:"SPSSODescriptor,omitempty"`
IDPSSODescriptor *IDPSSODescriptor `xml:"IDPSSODescriptor,omitempty"`
}
type NameIDPolicy ¶
type RelayState ¶
type RequestedAuthnContext ¶
type RequestedAuthnContext struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr,omitempty"`
Comparison string `xml:"Comparison,attr"`
AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"`
}
type Response ¶
type Response struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr"`
Destination string `xml:"Destination,attr"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
InResponseTo string `xml:"InResponseTo,attr"`
Assertion Assertion `xml:"Assertion"`
EncryptedAssertion EncryptedAssertion `xml:"EncryptedAssertion"`
Signature Signature `xml:"Signature"`
Issuer Issuer `xml:"Issuer"`
Status Status `xml:"Status"`
// contains filtered or unexported fields
}
func NewSignedResponse ¶
func NewSignedResponse() *Response
func ParseDecodedResponse ¶
func ParseEncodedResponse ¶
func (*Response) AddAttribute ¶
AddAttribute add strong attribute to the Response
func (*Response) CompressedEncodedSignedString ¶
func (*Response) EncodedSignedString ¶
func (*Response) FindSignatureTagName ¶
func (*Response) GetAttribute ¶
GetAttribute by Name or by FriendlyName. Return blank string if not found
func (*Response) SignedString ¶
func (*Response) Validate ¶
func (r *Response) Validate(s *ServiceProviderSettings) error
func (*Response) ValidateWithoutSP ¶
func (*Response) VerifySignature ¶
type RoleDescriptor ¶
type RoleDescriptor struct {
ValidUntil string `xml:"validUntil,attr,omitempty"`
CacheDuration string `xml:"cacheDuration,attr,omitempty"`
ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"`
Signature *Signature `xml:"Signature,omitempty"`
KeyDescriptors []KeyDescriptor `xml:"KeyDescriptor,omitempty"`
}
type SPSSODescriptor ¶
type SPSSODescriptor struct {
XMLName xml.Name
ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"`
SSODescriptor
SigningKeyDescriptor KeyDescriptor
EncryptionKeyDescriptor KeyDescriptor
SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"`
AssertionConsumerServices []AssertionConsumerService
}
type SSODescriptor ¶
type SSODescriptor struct {
//ArtifactResolutionServices []ArtifactResolutionServices `xml:"ArtifactResolutionService"`
SingleLogoutService []SingleLogoutService `xml:"SingleLogoutService"`
}
type SamlsigReference ¶
type SamlsigReference struct {
XMLName xml.Name
URI string `xml:"URI,attr"`
Transforms Transforms `xml:",innerxml"`
DigestMethod DigestMethod `xml:",innerxml"`
DigestValue DigestValue `xml:",innerxml"`
}
type ServiceProviderSettings ¶
type ServiceProviderSettings struct {
PublicCertPath string
PrivateKeyPath string
IDPSSOURL string
IDPSSOLogoutURL string
IDPSSODescriptorURL string
IDPPublicCertPath string
AssertionConsumerServiceURL string
SPLogoutServiceUrl string
SPSignRequest bool
// contains filtered or unexported fields
}
ServiceProviderSettings provides settings to configure server acting as a SAML Service Provider. Expect only one IDP per SP in this configuration. If you need to configure multipe IDPs for an SP then configure multiple instances of this module
func (*ServiceProviderSettings) GetAuthnRequest ¶
func (s *ServiceProviderSettings) GetAuthnRequest(redirect bool) *AuthnRequest
GetSignedAuthnRequest returns a singed XML document that represents a AuthnRequest SAML document
func (*ServiceProviderSettings) GetEntityDescriptor ¶
func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
func (*ServiceProviderSettings) GetLogoutRequest ¶
func (s *ServiceProviderSettings) GetLogoutRequest(nameID string, sessionIds ...string) *LogoutRequest
GetSignedAuthnRequest returns a singed XML document that represents a AuthnRequest SAML document
func (*ServiceProviderSettings) IDPPublicCert ¶
func (s *ServiceProviderSettings) IDPPublicCert() string
func (*ServiceProviderSettings) Init ¶
func (s *ServiceProviderSettings) Init() (err error)
func (*ServiceProviderSettings) PrivateKey ¶
func (s *ServiceProviderSettings) PrivateKey() string
func (*ServiceProviderSettings) PublicCert ¶
func (s *ServiceProviderSettings) PublicCert() string
type SessionIndex ¶
type Signature ¶
type Signature struct {
XMLName xml.Name
Id string `xml:"Id,attr"`
SignedInfo SignedInfo
SignatureValue SignatureValue
KeyInfo KeyInfo
}
type SignatureMethod ¶
type SignatureValue ¶
type SignedInfo ¶
type SignedInfo struct {
XMLName xml.Name
CanonicalizationMethod CanonicalizationMethod `xml:"CanonicalizationMethod"`
SignatureMethod SignatureMethod `xml:"SignatureMethod"`
SamlsigReference SamlsigReference `xml:"Reference"`
}
type SingleLogoutService ¶
type SingleSignOnService ¶
type Status ¶
type Status struct {
XMLName xml.Name
StatusCode StatusCode `xml:"StatusCode"`
}
type StatusCode ¶
type Subject ¶
type Subject struct {
XMLName xml.Name
NameID NameID
SubjectConfirmation SubjectConfirmation
}
type SubjectConfirmation ¶
type SubjectConfirmation struct {
XMLName xml.Name
Method string `xml:",attr"`
SubjectConfirmationData SubjectConfirmationData
}
type SubjectConfirmationData ¶
type Transforms ¶
type X509Certificate ¶
type X509Data ¶
type X509Data struct {
XMLName xml.Name
X509Certificate X509Certificate `xml:"X509Certificate"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.