Documentation
¶
Overview ¶
Copyright © 2017 Sergiu Bodiu
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Copyright © 2017 Sergiu Bodiu ¶
Use of this source code is governed by and MIT license that can be found in the LICENSE file
Index ¶
- Variables
- func AssignPrincipals(awsRoles []*AWSRole, awsAccount *AWSAccount)
- func GetCredentials(role *AWSRole, samlAssertion string) *sts.Credentials
- func SaveCredentials(id, secret, token, profile string) (string, error)
- type AWSAccount
- type AWSRole
- type Assertion
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- type AuthnStatement
- type Conditions
- type EncryptedAssertion
- type ErrMissingElement
- type Issuer
- type Method
- type NameID
- type NameIDPolicy
- type Response
- type Signature
- type SignatureX509Data
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type SubjectLocality
- type TimeInstant
Constants ¶
This section is empty.
Variables ¶
var (
ErrMissingAssertion = ErrMissingElement{Tag: assertionTag}
)
var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"
StatusSuccess is the value of a StatusCode element when the authentication succeeds. (nominally a constant, except for testing)
Functions ¶
func AssignPrincipals ¶
func AssignPrincipals(awsRoles []*AWSRole, awsAccount *AWSAccount)
func GetCredentials ¶
func GetCredentials(role *AWSRole, samlAssertion string) *sts.Credentials
func SaveCredentials ¶
Types ¶
type AWSAccount ¶
func ParseAWSAccounts ¶
func ParseAWSAccounts(samlAssertion string) ([]*AWSAccount, error)
ParseAWSAccounts extract the aws accounts from the saml assertion
type AWSRole ¶
AWSRole aws role attributes
func ExtractAwsRoles ¶
ExtractAwsRoles given an assertion document extract the aws roles
func LocateRole ¶
func LocateRole(awsAccount *AWSAccount, roleName string) (*AWSRole, error)
LocateRole locate role by name
type Assertion ¶
type Assertion struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
ID string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
Version string `xml:",attr"`
Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Signature *Signature
Subject *Subject
Conditions *Conditions
AuthnStatement *AuthnStatement
AttributeStatement *AttributeStatement
}
Assertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Assertion) UnmarshalXML ¶
type Attribute ¶
type Attribute struct {
FriendlyName string `xml:",attr"`
Name string `xml:",attr"`
NameFormat string `xml:",attr"`
Values []AttributeValue `xml:"AttributeValue"`
}
Attribute represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeStatement ¶
type AttributeStatement struct {
Attributes []Attribute `xml:"Attribute"`
}
AttributeStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeValue ¶
type AttributeValue struct {
Type string `xml:"http://www.w3.org/2001/XMLSchema-instance type,attr"`
Value string `xml:",chardata"`
NameID *NameID
}
AttributeValue represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Audience ¶
type Audience struct {
Value string `xml:",chardata"`
}
Audience represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AudienceRestriction ¶
type AudienceRestriction struct {
Audience *Audience
}
AudienceRestriction represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContext ¶
type AuthnContext struct {
AuthnContextClassRef *AuthnContextClassRef
}
AuthnContext represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContextClassRef ¶
type AuthnContextClassRef struct {
Value string `xml:",chardata"`
}
AuthnContextClassRef represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"`
AssertionConsumerServiceURL string `xml:",attr"`
Destination string `xml:",attr"`
ID string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
// Protocol binding is a URI reference that identifies a SAML protocol binding to be used when returning
// the <Response> message. See [SAMLBind] for more information about protocol bindings and URI references
// defined for them. This attribute is mutually exclusive with the AssertionConsumerServiceIndex attribute
// and is typically accompanied by the AssertionConsumerServiceURL attribute.
ProtocolBinding string `xml:",attr"`
Version string `xml:",attr"`
Issuer Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Signature *Signature `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
NameIDPolicy NameIDPolicy `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
}
AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*AuthnRequest) UnmarshalXML ¶
func (a *AuthnRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type AuthnStatement ¶
type AuthnStatement struct {
AuthnInstant time.Time `xml:",attr"`
SessionNotOnOrAfter time.Time `xml:",attr"`
SessionIndex string `xml:",attr"`
SubjectLocality SubjectLocality
AuthnContext AuthnContext
}
AuthnStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*AuthnStatement) UnmarshalXML ¶
func (a *AuthnStatement) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Conditions ¶
type Conditions struct {
NotBefore time.Time `xml:",attr"`
NotOnOrAfter time.Time `xml:",attr"`
AudienceRestriction *AudienceRestriction
}
Conditions represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Conditions) UnmarshalXML ¶
func (c *Conditions) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type EncryptedAssertion ¶
EncryptedAssertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type ErrMissingElement ¶
type ErrMissingElement struct {
Tag, Attribute string
}
func (ErrMissingElement) Error ¶
func (e ErrMissingElement) Error() string
type Issuer ¶
type Issuer struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Format string `xml:",attr"`
Value string `xml:",chardata"`
}
Issuer represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameID ¶
type NameID struct {
Format string `xml:",attr"`
NameQualifier string `xml:",attr"`
SPNameQualifier string `xml:",attr"`
Value string `xml:",chardata"`
}
NameID represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameIDPolicy ¶
type NameIDPolicy struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
AllowCreate bool `xml:",attr"`
Format string `xml:",chardata"`
}
NameIDPolicy represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Response ¶
type Response struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"`
Destination string `xml:",attr"`
ID string `xml:",attr"`
InResponseTo string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
Version string `xml:",attr"`
Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Status *Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
EncryptedAssertion *EncryptedAssertion
Assertion *Assertion `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
}
Response represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*Response) UnmarshalXML ¶
type Signature ¶
type Signature struct {
XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
CanonicalizationMethod Method `xml:"SignedInfo>CanonicalizationMethod"`
SignatureMethod Method `xml:"SignedInfo>SignatureMethod"`
ReferenceTransforms []Method `xml:"SignedInfo>Reference>Transforms>Transform"`
DigestMethod Method `xml:"SignedInfo>Reference>DigestMethod"`
DigestValue string `xml:"SignedInfo>Reference>DigestValue"`
SignatureValue string `xml:"SignatureValue"`
KeyName string `xml:"KeyInfo>KeyName,omitempty"`
X509Certificate *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"`
}
Signature is a model for the Signature object specified by XMLDSIG. This is convenience object when constructing XML that you'd like to sign. For example:
type Foo struct {
Stuff string
Signature Signature
}
f := Foo{Suff: "hello"}
f.Signature = DefaultSignature()
buf, _ := xml.Marshal(f)
buf, _ = Sign(key, buf)
type SignatureX509Data ¶
type SignatureX509Data struct {
X509Certificate string `xml:"X509Certificate,omitempty"`
}
SignatureX509Data represents the <X509Data> element of <Signature>
type Status ¶
type Status struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
StatusCode StatusCode
}
Status represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type StatusCode ¶
type StatusCode struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"`
Value string `xml:",attr"`
}
StatusCode represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Subject ¶
type Subject struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"`
NameID *NameID
SubjectConfirmation *SubjectConfirmation
}
Subject represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmation ¶
type SubjectConfirmation struct {
Method string `xml:",attr"`
SubjectConfirmationData SubjectConfirmationData
}
SubjectConfirmation represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmationData ¶
type SubjectConfirmationData struct {
Address string `xml:",attr"`
InResponseTo string `xml:",attr"`
NotOnOrAfter time.Time `xml:",attr"`
Recipient string `xml:",attr"`
}
SubjectConfirmationData represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
func (*SubjectConfirmationData) UnmarshalXML ¶
func (s *SubjectConfirmationData) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type SubjectLocality ¶
type SubjectLocality struct {
Address string `xml:",attr"`
}
SubjectLocality represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type TimeInstant ¶
func (*TimeInstant) UnmarshalText ¶
func (m *TimeInstant) UnmarshalText(text []byte) error
Source Files