Documentation ¶
Overview ¶
Copyright © 2017 Sergiu Bodiu
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Index ¶
- Variables
- func AssignPrincipals(awsRoles []*AWSRole, awsAccount *AWSAccount)
- func GetCredentials(role *AWSRole, samlAssertion string) *sts.Credentials
- func SaveCredentials(id, secret, token, profile string) (string, error)
- type AWSAccount
- type AWSRole
- type Assertion
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- type AuthnStatement
- type Conditions
- type EncryptedAssertion
- type ErrMissingElement
- type Issuer
- type Method
- type NameID
- type NameIDPolicy
- type Response
- type Signature
- type SignatureX509Data
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type SubjectLocality
- type TimeInstant
Constants ¶
This section is empty.
Variables ¶
var (
ErrMissingAssertion = ErrMissingElement{Tag: assertionTag}
)
var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"
StatusSuccess is the value of a StatusCode element when the authentication succeeds. (nominally a constant, except for testing)
Functions ¶
func AssignPrincipals ¶
func AssignPrincipals(awsRoles []*AWSRole, awsAccount *AWSAccount)
func GetCredentials ¶
func GetCredentials(role *AWSRole, samlAssertion string) *sts.Credentials
func SaveCredentials ¶
Types ¶
type AWSAccount ¶
func ParseAWSAccounts ¶
func ParseAWSAccounts(samlAssertion string) ([]*AWSAccount, error)
ParseAWSAccounts extract the aws accounts from the saml assertion
type AWSRole ¶
AWSRole aws role attributes
func ExtractAwsRoles ¶
ExtractAwsRoles given an assertion document extract the aws roles
func LocateRole ¶
func LocateRole(awsAccount *AWSAccount, roleName string) (*AWSRole, error)
LocateRole locate role by name
type Assertion ¶
type Assertion struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"` ID string `xml:",attr"` IssueInstant time.Time `xml:",attr"` Version string `xml:",attr"` Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Signature *Signature Subject *Subject Conditions *Conditions AuthnStatement *AuthnStatement AttributeStatement *AttributeStatement }
Assertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Assertion) UnmarshalXML ¶
type Attribute ¶
type Attribute struct { FriendlyName string `xml:",attr"` Name string `xml:",attr"` NameFormat string `xml:",attr"` Values []AttributeValue `xml:"AttributeValue"` }
Attribute represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeStatement ¶
type AttributeStatement struct {
Attributes []Attribute `xml:"Attribute"`
}
AttributeStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeValue ¶
type AttributeValue struct { Type string `xml:"http://www.w3.org/2001/XMLSchema-instance type,attr"` Value string `xml:",chardata"` NameID *NameID }
AttributeValue represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Audience ¶
type Audience struct {
Value string `xml:",chardata"`
}
Audience represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AudienceRestriction ¶
type AudienceRestriction struct {
Audience *Audience
}
AudienceRestriction represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContext ¶
type AuthnContext struct {
AuthnContextClassRef *AuthnContextClassRef
}
AuthnContext represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContextClassRef ¶
type AuthnContextClassRef struct {
Value string `xml:",chardata"`
}
AuthnContextClassRef represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnRequest ¶
type AuthnRequest struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"` AssertionConsumerServiceURL string `xml:",attr"` Destination string `xml:",attr"` ID string `xml:",attr"` IssueInstant time.Time `xml:",attr"` // Protocol binding is a URI reference that identifies a SAML protocol binding to be used when returning // the <Response> message. See [SAMLBind] for more information about protocol bindings and URI references // defined for them. This attribute is mutually exclusive with the AssertionConsumerServiceIndex attribute // and is typically accompanied by the AssertionConsumerServiceURL attribute. ProtocolBinding string `xml:",attr"` Version string `xml:",attr"` Issuer Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Signature *Signature `xml:"http://www.w3.org/2000/09/xmldsig# Signature"` NameIDPolicy NameIDPolicy `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"` }
AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*AuthnRequest) UnmarshalXML ¶
func (a *AuthnRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type AuthnStatement ¶
type AuthnStatement struct { AuthnInstant time.Time `xml:",attr"` SessionNotOnOrAfter time.Time `xml:",attr"` SessionIndex string `xml:",attr"` SubjectLocality SubjectLocality AuthnContext AuthnContext }
AuthnStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*AuthnStatement) UnmarshalXML ¶
func (a *AuthnStatement) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Conditions ¶
type Conditions struct { NotBefore time.Time `xml:",attr"` NotOnOrAfter time.Time `xml:",attr"` AudienceRestriction *AudienceRestriction }
Conditions represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Conditions) UnmarshalXML ¶
func (c *Conditions) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type EncryptedAssertion ¶
EncryptedAssertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type ErrMissingElement ¶
type ErrMissingElement struct {
Tag, Attribute string
}
func (ErrMissingElement) Error ¶
func (e ErrMissingElement) Error() string
type Issuer ¶
type Issuer struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Format string `xml:",attr"` Value string `xml:",chardata"` }
Issuer represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameID ¶
type NameID struct { Format string `xml:",attr"` NameQualifier string `xml:",attr"` SPNameQualifier string `xml:",attr"` Value string `xml:",chardata"` }
NameID represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameIDPolicy ¶
type NameIDPolicy struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"` AllowCreate bool `xml:",attr"` Format string `xml:",chardata"` }
NameIDPolicy represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Response ¶
type Response struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"` Destination string `xml:",attr"` ID string `xml:",attr"` InResponseTo string `xml:",attr"` IssueInstant time.Time `xml:",attr"` Version string `xml:",attr"` Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Status *Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"` EncryptedAssertion *EncryptedAssertion Assertion *Assertion `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"` }
Response represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Response) UnmarshalXML ¶
type Signature ¶
type Signature struct { XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"` CanonicalizationMethod Method `xml:"SignedInfo>CanonicalizationMethod"` SignatureMethod Method `xml:"SignedInfo>SignatureMethod"` ReferenceTransforms []Method `xml:"SignedInfo>Reference>Transforms>Transform"` DigestMethod Method `xml:"SignedInfo>Reference>DigestMethod"` DigestValue string `xml:"SignedInfo>Reference>DigestValue"` SignatureValue string `xml:"SignatureValue"` KeyName string `xml:"KeyInfo>KeyName,omitempty"` X509Certificate *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"` }
Signature is a model for the Signature object specified by XMLDSIG. This is convenience object when constructing XML that you'd like to sign. For example:
type Foo struct { Stuff string Signature Signature } f := Foo{Suff: "hello"} f.Signature = DefaultSignature() buf, _ := xml.Marshal(f) buf, _ = Sign(key, buf)
type SignatureX509Data ¶
type SignatureX509Data struct {
X509Certificate string `xml:"X509Certificate,omitempty"`
}
SignatureX509Data represents the <X509Data> element of <Signature>
type Status ¶
type Status struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"` StatusCode StatusCode }
Status represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type StatusCode ¶
type StatusCode struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"` Value string `xml:",attr"` }
StatusCode represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Subject ¶
type Subject struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"` NameID *NameID SubjectConfirmation *SubjectConfirmation }
Subject represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmation ¶
type SubjectConfirmation struct { Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
SubjectConfirmation represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmationData ¶
type SubjectConfirmationData struct { Address string `xml:",attr"` InResponseTo string `xml:",attr"` NotOnOrAfter time.Time `xml:",attr"` Recipient string `xml:",attr"` }
SubjectConfirmationData represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*SubjectConfirmationData) UnmarshalXML ¶
func (s *SubjectConfirmationData) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type SubjectLocality ¶
type SubjectLocality struct {
Address string `xml:",attr"`
}
SubjectLocality represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type TimeInstant ¶
func (*TimeInstant) UnmarshalText ¶
func (m *TimeInstant) UnmarshalText(text []byte) error