provider

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2023 License: Apache-2.0 Imports: 34 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	AttributeEmail int = iota
	AttributeFullName
	AttributeGivenName
	AttributeSurname
	AttributeUsername
	AttributeUserID
)
View Source 
const (
	DefaultCertificateEndpoint  = "certificate"
	DefaultCallbackEndpoint     = "login"
	DefaultSingleSignOnEndpoint = "SSO"
	DefaultSingleLogOutEndpoint = "SLO"
	DefaultAttributeEndpoint    = "attribute"
)
View Source 
const (
	DefaultTimeFormat       = "2006-01-02T15:04:05.999999Z"
	PostBinding             = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
	RedirectBinding         = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	SOAPBinding             = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
	DefaultMetadataEndpoint = "/metadata"
)
View Source 
const (
	StatusCodeSuccess                = "urn:oasis:names:tc:SAML:2.0:status:Success"
	StatusCodeVersionMissmatch       = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
	StatusCodeAuthNFailed            = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"
	StatusCodeInvalidAttrNameOrValue = "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue"
	StatusCodeInvalidNameIDPolicy    = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"
	StatusCodeRequestDenied          = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied"
	StatusCodeRequestUnsupported     = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported"
	StatusCodeUnsupportedBinding     = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding"
	StatusCodeResponder              = "urn:oasis:names:tc:SAML:2.0:status:Responder"
	StatusCodePartialLogout          = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout"
)
View Source 
const (
	DefaultValidUntil = 5 * time.Minute
)

Variables

View Source 
var (
	ErrInvalidIssuerPath        = errors.New("no fragments or query allowed for issuer")
	ErrInvalidIssuerNoIssuer    = errors.New("missing issuer")
	ErrInvalidIssuerURL         = errors.New("invalid url for issuer")
	ErrInvalidIssuerMissingHost = errors.New("host for issuer missing")
	ErrInvalidIssuerHTTPS       = errors.New("scheme for issuer must be `https`")
)

Functions

func AuthCallbackURL added in v0.0.3 

func AuthCallbackURL(p *Provider) func(context.Context, string) string

AuthCallbackURL builds the url for the redirect (with the requestID) after a successful login

func CreateRouter 

func CreateRouter(p *Provider, interceptors ...HttpInterceptor) *mux.Router

func IssuerFromContext added in v0.0.3 

func IssuerFromContext(ctx context.Context) string

IssuerFromContext reads the issuer from the context (set by an IssuerInterceptor) it will return an empty string if not found

func IssuerFromHost added in v0.0.3 

func IssuerFromHost(path string) func(bool) (IssuerFromRequest, error)

func NewID 

func NewID() string

func Readiness 

func Readiness(w http.ResponseWriter, r *http.Request, probes ...ProbesFn)

func StaticIssuer added in v0.0.3 

func StaticIssuer(issuer string) func(bool) (IssuerFromRequest, error)

func ValidateIssuer added in v0.0.3 

func ValidateIssuer(issuer string, allowInsecure bool) error

func ValidateIssuerPath added in v0.0.3 

func ValidateIssuerPath(issuer *url.URL) error

Types

type Attributes 

type Attributes struct {
	// contains filtered or unexported fields
}

func (*Attributes) GetNameID 

func (a *Attributes) GetNameID() *saml.NameIDType

func (*Attributes) GetSAML 

func (a *Attributes) GetSAML() []*saml.AttributeType

func (*Attributes) SetCustomAttribute added in v0.1.0 

func (a *Attributes) SetCustomAttribute(name, friendlyName, nameFormat string, attributeValue []string)

func (*Attributes) SetEmail 

func (a *Attributes) SetEmail(value string)

func (*Attributes) SetFullName 

func (a *Attributes) SetFullName(value string)

func (*Attributes) SetGivenName 

func (a *Attributes) SetGivenName(value string)

func (*Attributes) SetSurname 

func (a *Attributes) SetSurname(value string)

func (*Attributes) SetUserID 

func (a *Attributes) SetUserID(value string)

func (*Attributes) SetUsername 

func (a *Attributes) SetUsername(value string)

type AuthRequestForm 

type AuthRequestForm struct {
	AuthRequest string
	Encoding    string
	RelayState  string
	SigAlg      string
	Sig         string
	Binding     string
}

type AuthResponseForm 

type AuthResponseForm struct {
	RelayState                  string
	SAMLResponse                string
	AssertionConsumerServiceURL string
}

type AuthStorage 

type AuthStorage interface {
	CreateAuthRequest(context.Context, *samlp.AuthnRequestType, string, string, string, string) (models.AuthRequestInt, error)
	AuthRequestByID(context.Context, string) (models.AuthRequestInt, error)
}

type Certificate 

type Certificate struct {
	Path           string
	PrivateKeyPath string
	CaPath         string
}

type Config 

type Config struct {
	MetadataConfig *MetadataConfig
	IDPConfig      *IdentityProviderConfig
	Metadata       *Endpoint `yaml:"Metadata"`

	Organisation  *Organisation
	ContactPerson *ContactPerson
}

type ContactPerson 

type ContactPerson struct {
	ContactType     md.ContactTypeType
	Company         string
	GivenName       string
	SurName         string
	EmailAddress    string
	TelephoneNumber string
}

type CustomAttribute added in v0.1.0 

type CustomAttribute struct {
	FriendlyName   string
	NameFormat     string
	AttributeValue []string
}

type Endpoint 

type Endpoint struct {
	// contains filtered or unexported fields
}

func NewEndpoint added in v0.0.3 

func NewEndpoint(path string) Endpoint

func NewEndpointWithURL added in v0.0.3 

func NewEndpointWithURL(path, url string) Endpoint

func (Endpoint) Absolute added in v0.0.3 

func (e Endpoint) Absolute(host string) string

func (Endpoint) Relative added in v0.0.3 

func (e Endpoint) Relative() string

type EndpointConfig 

type EndpointConfig struct {
	Certificate  *Endpoint `yaml:"Certificate"`
	Callback     *Endpoint `yaml:"Callback"`
	SingleSignOn *Endpoint `yaml:"SingleSignOn"`
	SingleLogOut *Endpoint `yaml:"SingleLogOut"`
	Attribute    *Endpoint `yaml:"Attribute"`
}

type Endpoints added in v0.0.3 

type Endpoints struct {
	// contains filtered or unexported fields
}

type EntityStorage 

type EntityStorage interface {
	GetCA(context.Context) (*key.CertificateAndKey, error)
	GetMetadataSigningKey(context.Context) (*key.CertificateAndKey, error)
}

type HttpInterceptor 

type HttpInterceptor func(http.Handler) http.Handler

type IDPStorage 

type IDPStorage interface {
	AuthStorage
	IdentityProviderStorage
	UserStorage
	Health(context.Context) error
}

type IdentityProvider 

type IdentityProvider struct {
	// contains filtered or unexported fields
}

func NewIdentityProvider 

func NewIdentityProvider(metadata Endpoint, conf *IdentityProviderConfig, storage IDPStorage) (*IdentityProvider, error)

func (*IdentityProvider) GetEntityID added in v0.0.3 

func (p *IdentityProvider) GetEntityID(ctx context.Context) string

func (*IdentityProvider) GetMetadata added in v0.0.3 

func (p *IdentityProvider) GetMetadata(ctx context.Context) (*md.IDPSSODescriptorType, *md.AttributeAuthorityDescriptorType, error)

func (*IdentityProvider) GetRoutes 

func (p *IdentityProvider) GetRoutes() []*Route

func (*IdentityProvider) GetServiceProvider 

func (p *IdentityProvider) GetServiceProvider(ctx context.Context, entityID string) (*serviceprovider.ServiceProvider, error)

type IdentityProviderConfig 

type IdentityProviderConfig struct {
	MetadataIDPConfig *MetadataIDPConfig

	SignatureAlgorithm  string
	DigestAlgorithm     string
	EncryptionAlgorithm string

	WantAuthRequestsSigned string
	Insecure               bool

	Endpoints *EndpointConfig `yaml:"Endpoints"`
}

type IdentityProviderStorage 

type IdentityProviderStorage interface {
	GetEntityByID(ctx context.Context, entityID string) (*serviceprovider.ServiceProvider, error)
	GetEntityIDByAppID(ctx context.Context, entityID string) (string, error)
	GetResponseSigningKey(context.Context) (*key.CertificateAndKey, error)
}

type IssuerFromRequest added in v0.0.3 

type IssuerFromRequest func(r *http.Request) string

type IssuerInterceptor added in v0.0.3 

type IssuerInterceptor struct {
	// contains filtered or unexported fields
}

func NewIssuerInterceptor added in v0.0.3 

func NewIssuerInterceptor(issuerFromRequest IssuerFromRequest) *IssuerInterceptor

NewIssuerInterceptor will set the issuer into the context by the provided IssuerFromRequest (e.g. returned from StaticIssuer or IssuerFromHost)

func (*IssuerInterceptor) Handler added in v0.0.3 

func (i *IssuerInterceptor) Handler(next http.Handler) http.Handler

func (*IssuerInterceptor) HandlerFunc added in v0.0.3 

func (i *IssuerInterceptor) HandlerFunc(next http.HandlerFunc) http.HandlerFunc

type LogoutRequestForm 

type LogoutRequestForm struct {
	LogoutRequest string
	Encoding      string
	RelayState    string
}

type LogoutResponse 

type LogoutResponse struct {
	LogoutTemplate *template.Template
	RelayState     string
	SAMLResponse   string
	LogoutURL      string

	RequestID string
	Issuer    string
	ErrorFunc func(err error)
}

type LogoutResponseForm 

type LogoutResponseForm struct {
	RelayState   string
	SAMLResponse string
	LogoutURL    string
}

type MetadataConfig 

type MetadataConfig struct {
	Path               string
	SignatureAlgorithm string
}

type MetadataIDPConfig 

type MetadataIDPConfig struct {
	ValidUntil    time.Duration
	CacheDuration string
	ErrorURL      string
}

type Option 

type Option func(o *Provider) error

func WithAllowInsecure added in v0.0.3 

func WithAllowInsecure() Option

WithAllowInsecure allows the use of http (instead of https) for issuers this is not recommended for production use and violates the SAML specification

func WithCustomTimeFormat added in v0.0.11 

func WithCustomTimeFormat(timeFormat string) Option

WithCustomTimeFormat allows the use of a custom timeformat instead of the default

func WithHttpInterceptors 

func WithHttpInterceptors(interceptors ...HttpInterceptor) Option

type Organisation 

type Organisation struct {
	Name        string
	DisplayName string
	URL         string
}

type ProbesFn 

type ProbesFn func(context.Context) error

func ReadyStorage 

func ReadyStorage(s Storage) ProbesFn

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

func NewProvider 

func NewProvider(
	storage Storage,
	path string,
	conf *Config,
	providerOpts ...Option,
) (*Provider, error)

func (*Provider) GetMetadata 

func (p *Provider) GetMetadata(ctx context.Context) (*md.EntityDescriptorType, error)

func (*Provider) Health 

func (p *Provider) Health(ctx context.Context) error

func (*Provider) HttpHandler 

func (p *Provider) HttpHandler() http.Handler

func (*Provider) IssuerFromRequest added in v0.0.3 

func (p *Provider) IssuerFromRequest(r *http.Request) string

func (*Provider) Probes 

func (p *Provider) Probes() []ProbesFn

type Response 

type Response struct {
	PostTemplate    *template.Template
	ProtocolBinding string
	RelayState      string
	AcsUrl          string
	Signature       string
	SigAlg          string
	ErrorFunc       func(err error)

	RequestID string
	Issuer    string
	Audience  string
	SendIP    string
}

type Route 

type Route struct {
	Endpoint   string
	HandleFunc http.HandlerFunc
}

type Storage 

type Storage interface {
	EntityStorage
	AuthStorage
	IdentityProviderStorage
	UserStorage
	Health(context.Context) error
}

type UserStorage 

type UserStorage interface {
	SetUserinfoWithUserID(ctx context.Context, applicationID string, userinfo models.AttributeSetter, userID string, attributes []int) (err error)
	SetUserinfoWithLoginName(ctx context.Context, userinfo models.AttributeSetter, loginName string, attributes []int) (err error)
}

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
xml
md
saml
samlp
soap
xenc
xml_dsig

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.