Documentation
¶
Index ¶
- Constants
- func IsAnonymousSession(session samlsp.Session) bool
- func Start(ctx context.Context, logger *zap.Logger, cfg *Config) error
- type AnonymousSession
- type Config
- type CookieRequestTracker
- type InitAnonymousSessionProvider
- func (p *InitAnonymousSessionProvider) CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error
- func (p *InitAnonymousSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Request) error
- func (p *InitAnonymousSessionProvider) GetSession(r *http.Request) (samlsp.Session, error)
- type Proxy
Constants ¶
View Source
const ( HeaderAuthorizedUsing = "X-Authorized-Using" HeaderForwardedProto = "X-Forwarded-Proto" HeaderForwardedFor = "X-Forwarded-For" HeaderForwardedHost = "X-Forwarded-Host" HeaderForwardedURI = "X-Forwarded-Uri" )
Variables ¶
This section is empty.
Functions ¶
func IsAnonymousSession ¶
Types ¶
type AnonymousSession ¶
type AnonymousSession struct {
}
type Config ¶
type Config struct {
Version bool `usage:"show version and exit" env:""`
Bind string `default:":8080" usage:"[host:port] to bind for serving HTTP"`
BaseUrl string `usage:"External [URL] of this proxy"`
BackendUrl string `usage:"[URL] of the backend being proxied"`
EntityID string `usage:"Entity ID of this service provider"`
IdpMetadataUrl string `usage:"[URL] of the IdP's metadata XML, can be a local file by specifying the file:// scheme"`
IdpCaPath string `usage:"Optional [path] to a CA certificate PEM file for the IdP"`
NameIdFormat string `` /* 145-byte string literal not displayed */
SpKeyPath string `default:"saml-auth-proxy.key" usage:"The [path] to the X509 private key PEM file for this SP"`
SpCertPath string `default:"saml-auth-proxy.cert" usage:"The [path] to the X509 public certificate PEM file for this SP"`
NameIdMapping string `usage:"Name of the request [header] to convey the SAML nameID/subject"`
AttributeHeaderMappings map[string]string `usage:"Comma separated list of [attribute=header] pairs mapping SAML IdP response attributes to forwarded request header"`
AttributeHeaderWildcard string `usage:"Maps all SAML attributes with this option as a prefix, slashes in attribute names will be replaced by dashes"`
NewAuthWebhookUrl string `usage:"[URL] of webhook that will get POST'ed when a new authentication is processed"`
AuthorizeAttribute string `usage:"Enables authorization and specifies the [attribute] to check for authorized values"`
AuthorizeValues []string `usage:"If enabled, comma separated list of [values] that must be present in the authorize attribute"`
CookieName string `usage:"Name of the cookie that tracks session token" default:"token"`
CookieMaxAge time.Duration `usage:"Specifies the amount of time the authentication token will remain valid" default:"2h"`
CookieDomain string `usage:"Overrides the domain set on the session cookie. By default the BaseUrl host is used."`
AllowIdpInitiated bool `usage:"If set, allows for IdP initiated authentication flow"`
AuthVerify bool `usage:"Enables verify path endpoint for forward auth and trusts X-Forwarded headers"`
AuthVerifyPath string `default:"/_verify" usage:"Path under BaseUrl that will respond with a 200 when authenticated"`
Debug bool `usage:"Enable debug logs"`
StaticRelayState string `` /* 169-byte string literal not displayed */
InitiateSessionPath string `` /* 145-byte string literal not displayed */
}
type CookieRequestTracker ¶
type CookieRequestTracker struct {
samlsp.CookieRequestTracker
CookieDomain string
StaticRelayState string
TrustForwardedHeaders bool
}
Extends samlsp.CookieRequestTracker to add CookieDomain configuration.
func (CookieRequestTracker) TrackRequest ¶
func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Request, samlRequestID string) (string, error)
Source: https://github.com/crewjam/saml/blob/5e0ffd290abf0be7dfd4f8279e03a963071544eb/samlsp/request_tracker_cookie.go#L28-58 Changes: - Adds host in request URI - Adds CookieDomain config in http.SetCookie - Handles X-Forwarded headers
type InitAnonymousSessionProvider ¶
type InitAnonymousSessionProvider struct {
// contains filtered or unexported fields
}
InitAnonymousSessionProvider will initially provide AnonymousSession instances when requested; however, once the given initiateSessionPath is intercepted, then remaining session access is delegated to the given delegateSessionProvider.
func NewInitAnonymousSessionProvider ¶
func NewInitAnonymousSessionProvider(logger *zap.Logger, initiateSessionPath string, delegateSessionProvider samlsp.SessionProvider) *InitAnonymousSessionProvider
func (*InitAnonymousSessionProvider) CreateSession ¶
func (p *InitAnonymousSessionProvider) CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error
func (*InitAnonymousSessionProvider) DeleteSession ¶
func (p *InitAnonymousSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Request) error
func (*InitAnonymousSessionProvider) GetSession ¶
Source Files
Click to show internal directories.
Click to hide internal directories.